The fix in T4611 is incomplete in that networks are still not permitted to be configured in UPnP ACLs. Only IPv4 addresses are permitted. This makes the changes done in T4611 unusable.
Adding ipv4-prefix validator to templates/service/upnp/rule/node.tag/ip/node.def fixes the issue. The config file is written out correctly after the changes in T4611, the validator just doesn't allow configuring it that way.
This is a significant limitation since you need to use 0.0.0.0/0 or some other network prefix to allow or deny >1 IP.