This page lists all the security vulnerabilities fixed in released versions of the Read Confirmations for Confluence app.
If you have encountered an unlisted security vulnerability or other unexpected behavior that has security impact, please report them privately to the avono App Developer Team. Thank you.
Critical vulnerability in Apache Log4j (Log4Shell, CVE-2021-44228, CVE-2021-45046)
The Read Confirmations for Confluence app was not affected by the Log4Shell vulnerability https://nvd.nist.gov/vuln/detail/CVE-2021-44228 and https://nvd.nist.gov/vuln/detail/CVE-2021-45046.
The app is not using log4j2 for logging nor it bundles the log4j library.
Critical vulnerability in Spring Framework (Spring4Shell, CVE-2022-22965)
The Read Confirmations for Confluence app use the spring components provided by Confluence and may be affected by https://nvd.nist.gov/vuln/detail/CVE-2022-22965 if your Confluence instance itself meets the criteria outlined by Atlassian in https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html. You should follow the guide provided by Atlassian to check and fix your Confluence Server, a separate action for our apps is not needed