CVE Notice from Atlassian
...
Information about
...
Mirrorlake Apps
...
Mirrorlake Apps are not affected by CVE-2022-22956 as apps are bundled in .jar packages, not in .war packages. See also the section “Am I Impacted” here: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#am-i-impacted
...