There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
merge-base
preloader
data-security
polymerfire
binding
git-track
github-secret
snowfall
mean-shift
google-forms
spritefont
traceroute
nix-shell
react-native-tools
sharedb
cider
datacontract
yearmonth
swscale
red-hat-amq-6
hypothesis-test
jqbargraph
craftcms
type-safety
wix-extension
meta-learning
discrete-space
snomed-ct
mysql-connect
ibm-cloud-code-engine
