Please see this GitHub Discussion for the latest information regarding whether GoCD is vulnerable to CVE-2021-44228.