The Jenkins project will publish a security advisory for Jenkins plugins on Thursday, May 2. The highest severity is 'High'. The most popular included plugin is installed on more than 75% of known instances. The advisory includes issues that will be published without a fix as outlined at
https://www.jenkins.io/security/plugins/This affects only Jenkins plugins, there will be no corresponding security update for Jenkins itself.