There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
tree-shaking
dynamic-data-display
maven-repository
restrictedpython
djoser
newrelic
cesiumjs
search-engine-api
nsurlrequest
telerik
array-algorithms
title
longhorn
ora-17004
packager
quarkus-native
twitch
mvc-editor-templates
azure-arc
django-viewflow
iso-639
amazon-sns
prefix
web-manifest
c++builder-10.4-sydney
client-side
sjcl
illegal-instruction
private-members
flutter-ios-build
