...
Critical vulnerability in Apache Log4j (Log4Shell, CVE-2021-44228, CVE-2021-45046)
The PlantUML for Confluence app was not affected by the Log4Shell vulnerability https://nvd.nist.gov/vuln/detail/CVE-2021-44228 and https://nvd.nist.gov/vuln/detail/CVE-2021-45046.
The plugin is not using log4j2 for logging nor it bundles the log4j library.
Critical vulnerability in Spring Framework (Spring4Shell, CVE-2022-22965)
The PlantUML for Confluence app use the spring components provided by Confluence and may be affected by https://nvd.nist.gov/vuln/detail/CVE-2022-xxx 22965 if your Confluence instance itself meets the criteria outlined by Atlassian in https://confluence.atlassian.com//… kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html . You should follow the guide provided by Atlassian to check and fix your Confluence Server, a separate action for our apps is not needed
...