...
Critical vulnerability in Apache Log4j (Log4Shell, CVE-2021-44228, CVE-2021-45046)
The PlantUML for Confluence app was not affected by the Log4Shell vulnerability https://nvd.nist.gov/vuln/detail/CVE-2021-44228 and https://nvd.nist.gov/vuln/detail/CVE-2021-45046.
The plugin is not using log4j2 for logging nor it bundles the log4j library.
The PlantUML for Confluence app use the spring components provided by Confluence and may be affected by CVE-xxx if your Confluence instance itself meets the criteria outlined by Atlassian in https://… You should follow the guide provided by Atlassian to check and fix your Confluence Server, a separate action for our apps is not needed
The PlantUML for Confluence app is using the following third party components:
...