...
Critical vulnerability in Spring Framework (Spring4Shell, CVE-2022-22965)
The Read Confirmations for Confluence app use the spring components provided by Confluence and may be affected by https://nvd.nist.gov/vuln/detail/CVE-2022-22965 if your Confluence instance itself meets the criteria outlined by Atlassian in https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html. You should follow the guide provided by Atlassian to check and fix your Confluence Server, a separate action for our apps is not needed.