Since the vulnerability involves deserialization of untrusted data via config.xml, the primary mitigation beyond patching is ensuring strict input validation on file uploads and restricting write permissions to the Jenkins home directory to prevent arbitrary file creation. Have you verified that your Jenkins controller does not inadvertently expose sensitive artifacts through Stapler’s file serving mechanisms?