There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
android-textinputedittext
caemitterlayer
ispeech
java.util.date
pane
mkreversegeocoder
google-docs
get
reviver-function
android-studio-3.1.3
iformfile
freerdp
smtpclient
file-type-associations
entity-framework-4
blackberry-10
gallery
astrofarm
jsviews
fitted-box
dhis-2
tc39
silverlight-4.0
stream-cipher
intellij-2020
cdktf
git-daemon
mongodb-authentication
scrollbars
get-cli
