I cannot run JNLP slaves from the web browser on default Java security setup. Seems remoting-2.53 has been release by Kohsuke Kawaguchi with the outdated certificate
Jenkins core build should verify Remoting code signing during the release
I think the easier way to prevent this is to make sure the build process fails if it tries to sign with an outdated certificate.
Hijacked this ticket accordingly.
I have added certificate verification to the Remoting release profile: https://github.com/jenkinsci/remoting/pull/190.
It does not fully close the issue though
Now Remoting has a full verification on its side in PR builders.
Core patches would be still useful, but I do not think it's critical
Detached core side to JENKINS-49905