I've been using the REST API exposed by JENKINS-36210, but since the SECURITY-595 fix was applied (I think in Jenkins version 2.154), that API has stopped working. The widgets API link now returns a 404 error, and I see the following warning in the logs:

WARNING: New Stapler routing rules result in the URL "/view/all/widgets/2/api/json" no longer being allowed. If you consider it safe to use, add the following to the whitelist: "method hudson.model.View getWidgets". Learn more: [https://jenkins.io/redirect/stapler-routing]

I can get the API working again by adding that method to the whitelist, but the documentation here suggests that it would be preferable if the component could be changed to prevent the problem in the first place.