Why do plugins become pinned?
CloudBees Jenkins Enterprise
Cloubees CloudBees Jenkins Operations Center
The notion of pinned plugins applies to plugins that are bundled with Jenkins, such as the Matrix Authorization plugin.
If you do nothing special, whenever Jenkins is upgraded, its bundled plugins overwrite whatever versions of the plugins are currently installed in $JENKINS_HOME.
However, when a bundled plugin has been manually updated, Jenkins will mark that plugin as pinned to the particular version. On the file system, Jenkins creates an empty file called $JENKINS_HOME/plugins/plugin_name.jpi.pinned to indicate the pinning. Pinned plugins will never be overwritten by bundled plugins during Jenkins startup. (Newer versions of Jenkins do warn you if a pinned plugin is older than what is currently bundled.)
It is safe to update a bundled plugin to a version offered by the update center. This is often necessary to pick up the newest features and fixes. The bundled version is occasionally updated, but not consistently.
The plugin manager in Jenkins allows plugins to be explicitly unpinned. The $JENKINS_HOME/plugins/plugin_name.jpi.pinned file can also be manually created/deleted to control the pinning behavior. If it is present, Jenkins will use whatever version the user has specified. If it is absent, Jenkins will restore the plugin to the default version on startup.
Note that over time, functionality gets split out of Jenkins core into (bundled) plugins, for better manageability. These will start out unpinned.
Please note: Unpinning a plugin will cause it to be rolled back to the bundled version upon the next start or re-start of
your Jenkins instance.