Hi!
Yes there are a lot of commits regarding that case to allow disabling of IPv6 when VPN is connected. Most of the VPN plugins in ConnMan do support only IPv4 (OpenConnect supports both whereas the most used OpenVPN does only IPv4 networking). This is not a system forced feature but comes from an option in the advanced settings of VPNs.
Unfortunately the options in the UI come in 4.3.0 whereas the implementation to ConnMan comes in 4.2.0. Each VPN has a type specific setting as most of the VPNs do support disabling of IPv6 (OpenVPN in 2.5.x, which is coming also in 4.3.0). Therefore the feature is implemented to support these options to inform ConnMan about IPv6 use properly.
The actual cause here was that when IPv4 only VPN was enabled over a IPv6 supporting transport and being how the networks and ConnMan operate the DNS query was also sent to the DNS of the transport medium, which in this case can respond back with an IPv6 address for an hostname. If there is an IPv6 address available for the hostname it will get preferred over IPv4 thus, data is leaked bypassing VPN connection. There was an attempt to fix this by filtering DNS queries (there is a WIP branch in git) but this deemed to be more feasible approach as of now. If you have a IPV4 only VPN then the traffic should not be let to traverse to other networks if the VPN is set as a default route in the settings.
This is a difficult issue as people may have different needs and quite personal setups so we decided to have that option as user selectable one. Maybe it could be considered as enabled for all VPNs by default when it has been given some more testing with 4.3.0 and changed to utilize undefined routes to IPv6 when the feature is enabled instead of relying on disabling IPv6 (disable_ipv6 = 1 and autoconf = 0 in /proc/sys/net/ipv6/conf) for the connected networking interfaces.