There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
launching-application
oculus
react-forwardref
microsoft.extensions.configuration
renovate
oracle-rdb
line-count
selenium2library
bluez
black-box-testing
jboss-logging
unsigned-char
screen-off
django-mysql
line-by-line
frame
kie
apache-unomi
vue-router4
httpwatch
rootkit
finance
ccache
pssnapin
libjpeg
sonar-maven-plugin
rattle
hotplugging
polymorphic-associations
maven-install-plugin
