https://bugzilla.redhat.com/show_bug.cgi?id=1942558
--- Comment #2 from Przemyslaw Roguski proguski@redhat.com --- Statement:
OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP jenkins package is not affected by this flaw.
[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc [2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security