The Jenkins project will publish a security advisory for Jenkins plugins on Tuesday, December 17. The highest severity is 'High'. The most popular included plugin has between 10,000 and 25,000 reported installations. The advisory includes issues that will be published without a fix as outlined at
https://jenkins.io/security/#vulnerabilities-in-plugins
This affects only Jenkins plugins, there will be no corresponding security update for Jenkins itself.