There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website:y
atmosphere
grasshopper
django-rest-swagger
jta
rancher-rke
cryptsharp
hessian-matrix
tidygraph
vs-community-edition
go-xorm
gs-conditional-formatting
zipoutputstream
vue-component
jsblocks
patroni
exasol
nsstatusitem
bluehost
mtproto
accessibility-insights
sql-types
color-blindness
uiculture
rippledrawable
checkout
appcompatdelegate
scale-color-manual
angular-routing-parameter
notion-js
libreoffice-base
