Will there be a fix for that vulnerability or is development of 2.4 dead?

I found that news
http://www.coresecurity.com/index.php5?action=item&id=2249
and although CFP 3.0 is not vulnerable, 2.4 is. And as there is only an English version of CFP3 lots of people stay with 2.4.

Will there be a fix for that vulnerability? Or will there at least be localized versions of CFP3 soon?

Is there no official statement about that?