The FORCERENEW reqest was not authenticated (because neither rfc3118 nor rfc6704) is implemented. That is a potential security issue.
As workaround, patch the source to ignore those requests. Note that also nettools implementation ignores FORCERENEW requests, so if there would be a need to handle them, then it would be important to improve the nettools code (which is the main implementation).
The systemd DHCP plugin is no longer used by default. The user explicitly has to enable it via the undocumented "[main].dhcp=systemd" option in NetworkManager.conf. Hence, this change is probably not very important either way.