Vulnerabilities to the Log4J library have been reported recently that may be exploited by attackers to get full control over the affected system.
The projectdoc Toolbox has no direct dependency to Log4J and does not add any configuration that would make the Confluence system vulnerable. It uses the logging service provided by Confluence through the SLF4J interface.
Summary
The projectdoc Toolbox is not vulnerable to the following CVEs: