Deserialization

Jenkins weekly release jenkins-2.568 shipped on June 10, 2026 as a security focused update. The headline fix is a high severity deserialization flaw in config.xml handling that could let authenticated users impersonate others or read controller files. Operators on weekly 2.567 or earlier should plan an upgrade before the next maintenance window.