There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
azure-devops-pipelines
qtwebengine
pre-commit.com
rspec-api-documentation
espeak
template-inheritance
qchart
formik-material-ui
angular4-httpclient
flickable
removeeventlistener
llvm-ir
scala-ide
sframe
parquet.net
xetex
iowait
redeploy
dput
linaria
in-app-billing
solr.net
tonic
skstorereviewcontroller
yii2-validation
apptrackingtransparency
datefilter
uiactivitycontroller
configurationproperty
ignition
