Java: add change note for additional framework support

Author: yh-semmle

change-notes/1.20/analysis-java.md

@@ -28,5 +28,9 @@
 * Taint tracking now includes additional default data-flow steps through
   collections, maps, and iterators. This affects all security queries, which
   can report more results based on such paths.
+* The `FlowSources` and `TaintTracking` libraries are extended to cover additional remote user
+  input and taint steps from the Apache Thrift, Apache Struts, Guice and Protobuf frameworks.
+  This affects all security queries, which may yield additional results on projects
+  that use these frameworks.