Small update:
We have now also published an official security advisory.
As you can see in it, we have also published the new patch releases 3.0.4 and 3.1.1 for all openHAB users that are on versions 3.0 or 3.1 and that don’t want to apply the manual fix mentioned above.