Apache Commons Text Version seems to have an upgrade soon.

The set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers.

These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used

Would it be a threat to Altassian cloud product? 

Any Compensation Control applied for Internet facing system (e.g. Target Signature (IPS or WAF) update)? If so, any target Mitigation Date (Upgrade to Apache Commons Text Version 1.10 or later)?