There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
browser-api
google-apps-script-api
continuous-fourier
nested-resources
ospf
google-earth-plugin
palantir-foundry
gridex
fiware-orion
communicationexception
magento2.2
nsnumber
jit
kubernetes-jenkins-plugin
amplify
ldapjs
linux-kernel-headers
hover
global-variables
computercraft
pycryptodome
drjava
box-shadow
google-sheets-query
httpruntime
elastix
devspace
mini-httpd
third-party-cookies
torchscript
