Now that jenkins 2.60.1 has been released, it includes improvements to security including support for hmac-sha2-256 and even edca :) T103351
This also bumps the required java version to 8. All slaves and the master server have to have at least java 8+ now. You can't have the master server as java 8 and the slaves as java 7. So this is blocked on T162828 (only the trusty instances need updating to java 8 which will require either a ppa or we back port it from xenial (if that will work). Jessie+ can be upgraded when ever as java 8 is in the debian repo.
Also a new lts release was released 2.73.1
Changelog at https://jenkins.io/changelog-stable/
We use the upstream Debian package, which can be updated using reprepro as described on https://wikitech.wikimedia.org/wiki/Jenkins#Updating