There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
microsoft-information-protection
response.redirect
leaflet.markercluster
gremlin
ask-cli
internet-connection
yad
pptp
symmetric-key
repeating-linear-gradient
gocardless
qstandarditemmodel
irvine32
samd51
kibana-6
print-width
xattr
tag-helpers
breakiterator
addressing
jump-table
android-ble-library
twind
require
git-index
sonata-user-bundle
sql-calc-found-rows
android-toolbar
bluetooth-5
r-base-graphics
