Apache Calcite Avatica 1.22.0 is a maintenance release to resolve CVE-2022-36364: Apache Calcite Avatica JDBC driver httpclient_impl connection property can be used as an RCE vector. Users of previous versions of Avatica MUST upgrade to mitigate this vulnerability. For more info please see the entry in the CVE database: CVE-2022-36364.

See the list of bug fixes and new features for more information.

See the release notes; download the release.