We just released security updates to Jenkins, versions 2.138 and 2.121.3, that fix multiple security vulnerabilities.
For an overview of what was fixed, see the security advisory. For an overview on the possible impact of these changes on upgrading Jenkins LTS, see our LTS upgrade guide.
Subscribe to the jenkinsci-advisories mailing list to receive important notifications related to Jenkins security.