Thanks for the report. I agree that is a bug. The JSON specification for strings states that:

All Unicode characters may be placed within the quotation marks, except for the characters that MUST be escaped: quotation mark, reverse solidus, and the control characters (U+0000 through U+001F).

The example you provided shows a "control-A" character that should be escaped but is not escaped. I believe that character should have been represented as \u0001 instead.

I believe this is an issue in Jenkins core rather than a specific issue in the git plugin.

markewaite assign the ticket please.

I confirm this is an issue in the Jenkins core, likely even in the Stapler framework:

•  There is no special filtering in the constructor or getter of https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/scm/ChangeLogSet.java . Since the class does not control export formats on its own, I believe this is a right behavior (though a risky one)
• JSON serialization is a maze, but I believe that the data escaping is done here: https://github.com/stapler/stapler/blob/master/core/src/main/java/org/kohsuke/stapler/export/JSONDataWriter.java#L103-L138
• The escaping code does not seem to be sufficient for the reported issue

covid19 Jenkins is a contributor-driven project, everybody is welcome to submit pull requests or to facilitate issue resolution in any other ways (visibility, reviews, etc.). There is no default assignee in the Jenkins core by default, and there is no ETA for the fix. If you are interested to submit a fix, please see the guidelines here: https://github.com/jenkinsci/jenkins/blob/master/CONTRIBUTING.md