Release version 2.4.1

This release fixes a security vulnerability caused by the CORS
implementation. Origins allowed for CORS can now be set in the
configuration via `security.cors.origins`. (Reported by Rainer Rillke at
Wikimedia)

Additionally, authentication via disabled services is now entirely
blocked to fix a security vulnerability allowing guest access despite
the setting `security.guest.enabled=false`. (Reported by Rainer Rillke
at Wikimedia)

Additional changes:
* Libraries have been upgraded to fix potential bugs
This tag has no release notes.