Apache Calcite Avatica 1.20.0 upgrades Log4j2 to version 2.15.0 to address CVE-2021-44228, and makes the SPNEGO protocol much more efficient. See the list of [bug fixes and new features]({{ site.baseurl }}/docs/history.html#v1-20-0) for more information.