Yes, it does. It's the third preinstalled WAF Blacklist rule. You don't need to do anything, it is already activated as long as you have installed the latest version and not disabled any WAF Blacklist rules manually. When there is a zero day or high risk vulnerability we are almost always involved in fixing it through the Joomla Security Strike Team and coordinate with them for the simultaneous release of Joomla and Admin Tools, making sure that no site is put or left at risk.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!