Jenkins Token Macro vulnerabilities

CVE-2019-10337 [HIGH] CWE-611 CVE-2019-10337: An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed a An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.

CVE-2019-1003011 [HIGH] CWE-674 CVE-2019-1003011: An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkins