If you have some pinned plugins, and start running a new WAR file with different set/versions of bundled plugins, the current behavior of Jenkins is to unconditionally trust your pinned plugins and never use the bundled versions. But this can be very bad, if you have pinned an old version of a plugin and some other bundled plugins depend on a newer version. So Jenkins should prefer a bundled plugin (removing the pin) if it is newer than the pinned version.