There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
extensibility
type-systems
spark-ec2
showdown
self-attention
brace-expansion
axios-mock-adapter
nito.asyncex
file-comparison
cblas
android-sdk-2.1
ibm-data-replication
css-tables
select-into
relational-algebra
material-components-web
simplewifi
freestanding
stack-overflow-jobs
modulenotfounderror
managed-c++
pentaho-spoon
getuikit
image-masking
ng-repeat
swt
jekyll-theme
cyclic-dependency
core-location
software-product-lines
