Is Log4r impacted by latest Log4j security vulnerability?

[lohithmv019]

This issue is regarding https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 security vulnerability

1. Is there any way the log4r library has the same issue as log4j?

2. Log4r is directly not using the Java Log4j library but it follows a very similar architecture, is this library also impacted by the same vulnerability vector(lookup eval)?

[colbygk]

It should not have have the same issue. log4r does not interpret untrusted user supplied input (i.e. ${jndi...}). None of the code in log4r was written based directly from log4j source code.