There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
testcafe
ballerina
alfa
python-responses
to-json
abstract-machine
spring-xd
cpu
createmlui
type-theory
toolbox
gpudirect
odesensitivity
magicline
azure-custom-providers
swirl
quick-install-package
caching
information-hiding
constraintset
flipper
automic
matblazor
array-unique
pysimplegui
aws-copilot
wikitude-sdk
share-open-graph
argo-workflows
handlebarshelper
