We just released security updates to Jenkins, versions 2.121 and 2.107.3, that fix multiple security vulnerabilities.
Additionally, we announce previously published security issues and corresponding fixes in these plugins:
Gitlab Hook (fix unreleased)
For an overview of what was fixed, see the security advisory. For an overview on the possible impact of these changes on upgrading Jenkins LTS, see our LTS upgrade guide.
Subscribe to the jenkinsci-advisories mailing list to receive important notifications related to Jenkins security.