...
Currently, with the information available on Spring4Shell, we do not believe the Dashboard will be vulnerable. This is because of the following reasons:
The requirement for JDK9+ which we do not yet support
...
We do not directly use Spring and investigation by Grails, which we do use, has determined they are not affected because they have their own implementation of the affected area
We will be shortly making available the very latest release of Tomcat which contains additional fixes which would provide a further layer of protection. In addition to this, we are continually working on dependency upgrades to ensure the latest fixes are in place
...