diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index dc176c8e89ce..8b4f4746f61d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -35,3 +35,5 @@ updates:
       - dependency-name: "javax.servlet:javax.servlet-api"
       # log4j 1.2.17 is the final 1.x release
       - dependency-name: "log4j:log4j"
+      # using a newer version clashes in RequireUpperBoundDeps with plugins using a valid script-security dependency
+      - dependency-name: "org.jenkins-ci:symbol-annotation"
diff --git a/core/pom.xml b/core/pom.xml
index 6aa0cd6b32a1..c13d95d8c8f7 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -518,7 +518,7 @@ THE SOFTWARE.
     <dependency> <!-- Not included into BOM, plugins should use one from structs-plugin -->
       <groupId>org.jenkins-ci</groupId>
       <artifactId>symbol-annotation</artifactId>
-      <version>1.21</version>
+      <version>1.1</version>
     </dependency>
 
     <dependency>