Security Advisory is your friend
wiki.jenkins-ci.org/display/JENKINS/Security+Advisories
Running Jenkins on an internet-facing machine? You should pay attention to our security advisories