Zach Olbrys thank very much. From what I can understand by speaking to the Jenkins security team this is to be expected. I am supposed to advise people that because the credentials were stored in plain text at some time in the past that they should be considered compromised. With this patch they should be fine going forward but there is no way in Jenkins to uncompromise something that was already compromised. So I have been told to advise users to update their credentials and re save them using the new plugin.
Now.... I've also been told that this security hole requires admin access to your Jenkins server where you can read the secrets so I would leave it up to you as to whether you want to rush to change the token.
Can I double check how your job runs? Is it via the a pipeline or is it freestyle? I'll prep some release notes and issue this later today.
Many many thanks again