I have upgraded to ssh-credentials version 1.14 which fixes SECURITY-440 / CVE-2018-1000601.
After upgrading from version 1.13, no job could authenticate to Github, since the credentials was using a "private key file on master".
According to the announcment:
> Existing SSH credentials of these kinds are migrated to "directly entered" SSH credentials.
This seems not to work for me. I do not see `SECURITY-440: Migrating FileOnMasterPrivateKeySource to DirectEntryPrivateKeySource` message in the logs and the "private key" input box of the credentials is just empty.