GuySartorelli
commented
3 months ago @G-Rath Hiya. As per the major release policy only high and critical severity security patches are released for a major release line in "security fixes only" support, which is where CMS 4 is right now.
In other words this patch will not be backported to CMS 4.
@GuySartorelli @emteknetnz is there any plan to backport this to v4? Not sure if this is covered by the security support period, but having it (and the other recent framework vulns) backported would take some pressure off us while we get through the major upgrade