On Friday, April 1, 2022 - we were made aware of the Vulnerability CVE-2022-22965 in Spring Framework.
The results of our investigation is that Exalate is NOT affected by this vulnerability as Exalate is using Play Framework which is not based on Spring MVC/Spring Framework.
The impact is only limited to the Atlassian codebase.
Please reach out to our Support in case of questions.