Removing Blue Ocean credentials security vulnerability

Hi Guys, this is my first post.

Today I updated Jenkins (Docker version) for my company as usual by the plugins update control panel.

Unfortunately it broke my system due to the not announced (by the control panel itself) issue .

My comment on the above article is pending for approval, but I wish to share it here to get additional help from this community.

Here is the comment text:

Hi, we use Jenkins for complex company development processes.

We keep it updated regularly. Unfortunately this upgrade broke our systems, so we had to restore it by the most recent backup.

Our pipelines use SSH generated keys, by the builtin credential folder “BlueOcean Folder Credentials”.

After upgrading Jenkins that folder disappeared, and we could not select anything else.

In order to let us, and I suppose many other companies, to upgrade Jenkins, we kindly ask you to consider one of the following proposals:

Don’t remove the plugin in the future and let it enabled by default. Unfortunately we cannot recreate the Jenkins container in order to pass the option to enable again the provider. This is the reason why we keep it upgraded by the upgrade Jenkins menù option.
Provide a way to migrate automagically the pipelines to the new security model without any production breaking.

In the meanwhile we don’t go further with next upgrades! :frowning:

1 Like

Cloudbees is an independent vendor and we have no say in what gets approved or not or how thier website works.

I think @MarkEWaite gave you (or someone asking a similar question) some tips on gitter. Mark says

In addition, blueocean has been pretty much abandoned for many years now. Only security updates really get updated. (and some random things cloudbees pushes for thier customers). I recommend strongly moving away from blue ocean. There’s a couple replacement plugins that bring in some of the functionality into classic view. I know the pipeline generator and thus credentials are not migrated and afaik no intention to be migrated.

Thank you so much for your support.

At the moment we cannot move away from BlueOcean, and we don’t want to keep our Jenkins outdated.

Could you tell us how to migrate credentials as introduced by the official Cloudbees link?