Since log4r is based off log4j, I wanted to confirm if it is prone to the log4j vulnerability described here: [(https://nvd.nist.gov/vuln/detail/CVE-2021-44228)]

Any inputs would be appreciated?

I had the same concern but based on this link, that doesn't appear to be the case because ports, like those used in R, don't use the JVM as far as I am aware.

Nonetheless, it would be good to get confirmation on whether the same design flaw exists if possible (cc @johnmyleswhite, @atheriel)

We are in no way affected by that CVE, nor is there an analogous design flaw in this package.