Security Advisory is your friend
wiki.jenkins-ci.org/display/JENKINS/Security+Advisories
Running Jenkins on the internet facing machine? You should pay attention to our security advisories