What are the most important security-issues for Wikimedia-servers to use librsvg 2.40.21
As far as I know svg can lead to security-issues in common browsers, do an outdated librsvg-version (e.g. librsvg 2.40) contain security-issues which are fixed later? The Changelog seems to be outdated.
Edit more precisely: What are most important arguments, in terms of security, for Wikimedia to update librsvg (they are using 2.40)? All issues relating to rust are not existing, because Wikimedia-servers do not have any rust installed. Wikimedia has a time-out-limit, so I expect processes with too much CPU-time and/or too much memory and/or rsvg-convert with too much wall-clock-time will be killed anyway. (If at least one of them is fulfilled.) If their server freezes/shot down, delete/encrypt data, kill processes,... that are issues which might be more more dangerous.
Side-note: Wikimedia blocks several patterns (external content, unknown namspaces,..) on upload, but there still exist old svgs containing such illegal links to external content. Everybody, without logging in can force a purge of the renderings (so several sizes needs to be redered) or force a additional rendering at any arbitrary width.