Hello. Homebrew maintainer here.
When 1.8.22 was initially released, the https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.8/hdf5-1.8.22/src/hdf5-1.8.22.tar.bz2 file had a sha256 of: 0ac77e1c22bce5bbbdb337bd7f97aeb5ef43c727a84ccb6d683d092eb57ebd8e
The file’s sha256 is now 689b88c6a5577b05d603541ce900545779c96d62b6f83d3f23f46559b48893a4.
This means that the initial file on you FTP was replaced.
I did not find how to contact you about this potential security issue, I tried https://github.com/HDFGroup/hdf5/pull/279#issuecomment-787058349 but I got no answer. We are concerned that maybe something malicious happened with our FTP server.
Related issue on our side: https://github.com/Homebrew/homebrew-core/pull/72250