The relevant bug was 11158 and the fix was r25742. There is,
however, more at play here than just a simple jsonfm formatting problem;
in particular, this bug presented a potentially serious security
vulnerability that prompted a security release. As such, we need to find
a way to fix the link formatting without reintroducing the
vulnerability, which I will be working on.
For the time being, please just hold tight, and do note that after
following a bad link, you can usually just replace "&" with "&" in
the URL to get a working link.