This release fixes a Server-Side Request Forgery vulnerability that could be used to send a request to an internal hostname (see GHSA-r5hc-wm3g-hjw6).
Part of the fix requires applying a patch to youtube-dl to prevent it from following HTTP redirects. If you are using the version of youtube-dl bundled with 3.0.2, it is already patched.
However, if you are using your own unpatched version of youtube-dl you might still be vulnerable.