There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
fuzzing
launch-agent
ora-00933
stackdriver
fileshare
redirect-loop
office365-exchange
modal-sheet
braintree-javascript
weechat
browsefragment
translate
visual-studio-shell
databricks-repos
stipple
system.componentmodel
pyrocms
camunda-modeler
dynamic-rdlc-generation
rich-snippets
node-addon-api
anti-bot
content-script
arm7
terminate
kerning
tablecolumn
retrofit2
mix-and-match
lotusscript
