Removing Blue Ocean credentials security vulnerability

• 

  Antonio Petricca

  • May 26, 2022 09:40

  Hi, we use Jenkins for complex company development processes.

  We keep it updated regularly. Unfortunately this upgrade broke our systems, so we had to restore it by the most recent backup.

  Our pipelines use SSH generated keys, by the builtin credential folder "BlueOcean Folder Credentials".

  After upgrading Jenkins that folder disappeared, and we could not select anything else.

  In order to let us, and I suppose many other companies, to upgrade Jenkins, we kindly ask you to consider one of the following proposals:

  1. Don't remove the plugin in the future and let it enabled by default. Unfortunately we cannot recreate the Jenkins container in order to pass the option to enable again the provider. This is the reason why we keep it upgraded by the upgrade Jenkins menù option.
  2. Provide a way to migrate automagically the pipelines to the new security model without any production breaking.

  In the meanwhile we don't go further with next upgrades! :(
  
  Best regards,
  Antonio Petricca

  1

Please sign in to leave a comment.