Previously add ons created via the API would correctly show up in MRR but would not be reflected in charges created when auto-charging is enabled. The charges now will reflect the MRR with the included add-ons.
Rest assured, Baremetrics is not vulnerable to CVE-2021-44228 the log4 remote code execution vulnerability. If you have additional question, please reach out to our team. You and your data are in safe hands.