Thank you for reviewing our code!
As the lead developer of PlantUML, I'd like to provide you with some insights.
Regarding MD5:
In fact, the use of MD5 hashing in our system is not for cryptographic purposes, but rather for generating internal identifiers. For instance, we use it to create the ETag signature of a diagram. Even in the event of a hash collision, the only consequence would be cache invalidation, which is not a significant issue.
Regarding ServerSocket:
The core PlantUML library encompasses a wide range of features to facilitate seamless integration with other products. For example, it includes a simulated FTP server (https://plantuml.com/ftp) that, while mimicking a real server, actually generates diagrams. It also supports Telnet connections and even has a micro web server (https://plantuml.com/picoweb). These connection methods are intended for local use and are therefore not secured. However, it's important to note that this code is not utilized in the Atlassian context.
Please let us know if your security team requires any further information.