There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
pickle
adehabitathr
mobile-robots
password-recovery
visitors
asp.net-core-razor-pages
pardiso
google-play-core
matplotlib-table
tymon-jwt
redis-py
appcmd
apache-camel
amp-html
jjaql
avassetresourceloaderdelegate
one-time-pad
gdk
halide
melpa
nexus-7
drawbitmap
data-gateway
qt-necessitas
matlab-cvst
share-extension
runtime
ghci
npm-build
share-open-graph
