There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
uca
jackson-modules
pivotal-web-services
thunar
ue5
language-detection
use-deep-compare-effect
mbf
android-checkbox
tycho
gomail
adsmanager
coil
intellij-datagrip
ajax4jsf
scalable
rounding
entity-framework-core-6.0
yaml-cpp
sap-business-application-studio
clear-cache
http-patch
yo
centering
simplex
simple-form
shoulda
r-plotly
wpbakery
ssis-projects
