We tried to upgrade from 1.509.2 to 1.520. The new version didn't startup but gave exceptions. It was unable to deserialize the fingerprint XML files because they contained the ampersand (&) character that wasn't escaped (not an entity).
Here is a sample line from /opt/jenkins/fingerprints/ea/43/3cb05760977ff8a04743f411ebc2.xml
<string>servlettest-jetty7e/label_exp=jetty-test && ubuntu,pack=exploded,server=jetty7e,suites=suiteQaSpringMisc</string>