Hi Coen,
Thank you for asking this question and bringing attention to the matter on our community forum!
RStudio has confirmed that CVE-2021-44228 (Log4j vulnerability) is not present in the currently supported versions of RStudio Professional software applications. For a list of our currently supported versions of RStudio Professional software applications, please see RStudio Support - RStudio.
In regards to
We found it is also present in Shiny, e.g. within /shiny-server/node_modules/log4js
Log4j is a logging framework for Java, where as Log4js is a logging framework for JavaScript. As far as I'm aware Log4js does not have the security vulnerability that Log4j does.
Hope this helps ease any concerns you may have!
-Kyle