Welcome to JavaRanch.
JForum 2.1.9 is obsolete, the chances of it being fixed are just about zero, IMO. The fix mentioned probably made it into the development version of JForum 3, which has at present no projected release date.
Instead of JForum 2.1.9,
you should be using the fork at
https://code.google.com/p/jforum2/ (to which I happen to be a committer). I'm not sure if that is still vulnerable; I'll try to find out.