...
Critical vulnerability in Spring Framework (Spring4Shell, CVE-2022-22965)
The PlantUML for Confluence app use the spring components provided by Confluence and may be affected by https://nvd.nist.gov/vuln/detail/CVE-2022-22965 if your Confluence instance itself meets the criteria outlined by Atlassian in https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html. You should follow the guide provided by Atlassian to check and fix your Confluence Server, a separate action for our apps is not needed
Critical vulnerability in Apache Commons Text (CVE-2022-42889)
The PlantUML for Confluence app was not affected by the Apache Commons Text variable interpolation CVE-2022-42889.
The plugin is not using Apache Commons Text variable interpolation. It has only a transitive dependency to the library because of Confluence (com.atlassian.confluence:confluence:jar
).
The PlantUML for Confluence app is using the following third party components:
...