Apache Calcite Avatica 1.20.0 upgrades Log4j2 to version 2.15.0 to address CVE-2021-44228, and makes the SPNEGO protocol much more efficient. See the list of bug fixes and new features for more information.
See the release notes; download the release.