...
This page contains information for Refined Server and Data Center apps as well as Refined cloud apps regarding CVE-2021-44228 related to the remote code execution (RCE) vulnerability affecting Log4j.
Refined Server and Data Center
...
apps
When using Refined, the Refined apps in turn are using log4j via the bundled version included in Jira/Confluence. This means that Refined can’t impact what is being used as Refined accesses it via Atlassian.
...
Follow the development on the resources above, and reach out should you have any further questions.
...
Refined Cloud
...
apps
Refined for Confluence, Jira, JSM on cloud or Refined Toolkit for Confluence Cloud are not affected by this issue.
...