Based on Jenkins
Always reject System.exit (NGPIPELINE-341)
System.exit(int) and similar methods could still be approved in Script Approval, but there’s never a good reason for them to be usable in Pipeline scripts. These methods are now blocked permanently from all sandboxed Groovy execution in Jenkins.
Git plugin’s mergeStrategy case issue resolved (NGPIPELINE-305)
Uses of the Git plugin’s mergeStrategy option in Pipeline started failing in Git 3.9.0 if the specified value was not uppercase. The value of the mergeStrategy option may now be specified in any case in a Pipeline.
Git plugin fetch issue resolved (NGPIPELINE-16)
The git plugin fetched to the local cache before checking remote references for updates causing MissingObjectException if references got updated between these operations. The problem is more notable on large repositories where the fetch operation can take a long time. The fix changes the order of the operations making the issue less likely to occur since listing references is fairly quick.
Script security rejection issue resolved (NGPIPELINE-14)
Certain sandboxed Groovy script idioms, including but not limited to Pipeline, could result in a build failure with a RejectedAccessException without Jenkins offering the corresponding signature as a pending approval. Script Security rejections will now be reported properly in all contexts.
Password updates issues resolved (JENSEC-414)
When users of the EC2, docker-commons, and SSH credentials plugins updated passwords, the original passwords were not hidden nor were previous values encrypted. With this fix, when users of the EC2, docker-commons, and SSH credentials plugins update passwords, the original passwords are hidden and previous values encrypted.