I'm extracting the latest build number of a job in a brute force way. Jobs using this functionality are failing after upgrading Jenkins from version 1.480.2 to 1.480.3. My problem occurs specifically when I use the XML API (https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API) and XPath expressions containing the function text().
Compare the following request:
Request 1) $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild/
Response 1) <concurrentBuild>false</concurrentBuild>
w
Request 2) $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild/text()
Response 2)
The latter yields 403 Forbidden with no result when i try to fetch response with wget:

[user@host ~]$ wget $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild/text%28%29 -O wgetresponse
-2013-02-19 12:54:23- $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild/text%28%29
Resolving <host> <ip>
Connecting to <host>|<ip>|<port>... connected.
HTTP request sent, awaiting response... 403 Forbidden
2013-02-19 12:54:23 ERROR 403: Forbidden.

[user@host ~]$ ls -s wgetresponse
0 wgetresponse

The output file is empty.

The problem occurs for the request $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=sum(//build/number)
When I append &wrapper=list a java.lang.ClassCastException: java.lang.Double cannot be cast to org.dom4j.Node occurs.

On the other hand, when text() is used inside the contains()-function, a correct response is given.
$HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild[contains%28text%28%29,%27false%27%29]