There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
pydub
newline
highstock
graphic
archiva
huggingface-tokenizers
typeid
objectify
node-sqlserver
sql-truncate
aasa
homekit
fetch-api
dumpbin
android-savedstate
viber-bot-python
incremental-build
category-abstractions
widdershins
grpc-c#
packet-injection
guvnor
anpr
coldfusion-8
rematch
lucee
mixed
datamart
strongly-typed-enum
movefile
