As mentioned in https://code.wildfiregames.com/D679?id=2703#inline-12860 there are four exploitable vulnerabilities in 2.9.4 that most likely are not applicable to 0AD,
but could be fixed preemptively by using a developmental snapshot instead of the latest release.
Afaics, these two commits fix those 4 CVEs CVE-2017-9050 CVE-2017-9049 CVE-2017-9048 CVE-2017-9047
Since 932cc9896ab41475d4aa429c27d9afd175959d74 is the more recent commit, so that snapshot contains both fixes. Confirm by checking for the presence of a new file added by both commits.