...
Critical vulnerability in Apache Commons Text (CVE-2022-42889)
The PlantUML for Confluence app was not affected by the Apache Commons Text variable interpolation CVE-2022-42889.
The plugin is not using Apache Commons Text variable interpolation. It has only a transitive dependency to the library because of Confluence (com.atlassian.confluence:confluence:jar).
Critical vulnerability in Apache Struts 2 Vulnerability (CVE-2023-50164)
The PlantUML for Confluence app was not affected by the Apache Struts 2 Vulnerability CVE-2023-50164 because the app do not support any file upload.
...