There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
docker-buildkit
missing-template
laravel-spark
apk-signing
comet
google-cloud-bigtable
iphone-xs-max
maxima
uiswipegesturerecognizer
extract-method
shiny-reactivity
flask-reuploaded
python-cffi
google-fitness-api
sequel
odata4j
shop
passport-jwt
credssp
qgroundcontrol
model-view-controller
type-switch
try-catch
tether
nano
warden
heremaps
sorteddictionary
django-1.5
system.json
