There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
discovery
fileapi
directx-11
uno-platform
web-development-server
robustness
steam
driver
trace
flashlight
jelastic
figma-api
symbolicc++
java-9
gamma-correction
sec-fetch-site
keras-rl
copyonwritearraylist
pandas-styles
ant-design-pro
nsvalue
actionmailer
express-http-proxy
frontpage
boost-asio
openfire
faces-flow
metasploit
inria-spoon
aws-sdk-cpp
