There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
circular-list
neuraxle
toplevel
outputstream
exit
apache-sentry
django-1.4
simd
oracle-apex-18.2
angular-ui-bootstrap
.x
scrapy-splash
lightningchart
retry-logic
peer-connection
mo-cap
wns
rust-chrono
deepsecurity
cypress-jquery
filehandler
augmentedimage
sfdc-migration-tool
4g
facebook-conversions-api
visualvm
rasterio
rabin-karp
onscrolllistener
geom
