Will there be a fix for that vulnerability or is development of 2.4 dead?

I found that news
and although CFP 3.0 is not vulnerable, 2.4 is. And as there is only an English version of CFP3 lots of people stay with 2.4.

Will there be a fix for that vulnerability? Or will there at least be localized versions of CFP3 soon?

Is there no official statement about that?