...
This zero day exploit affects log4j 2.x+ which Jira, confluence and by extension, our apps do not use.
Default Jira/Confluence are not vulnerable
...
As JEMH specifically processes user generated content we have also verified that the exploit doesn’t work from email content with default configurations of log4j.
Related links: