We are pleased to announce the release of SecureDrop 0.6. This release includes a major kernel upgrade. Please find background on this and other highlights from the release below, and see the complete list of changes for additional technical details.
The release of the next version of SecureDrop, 0.6, is scheduled for March 13, 2018. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
We are annoucing the release of SecureDrop 0.5.2. The important changes in this release are summarized below:
Today we are announcing the release of SecureDrop 0.5.1. The important changes in this release are summarized below:
SecureDrop servers will now use an apt server run by Freedom of the Press Foundation for future Tor package updates.
Based on publicly available information and our current understanding of the Meltdown and Spectre vulnerabilities, both vulnerabilities require an adversary to have arbitrary code execution capabilities on the host. Given that SecureDrop’s Application and Monitor servers do not allow arbitrary code execution, these vulnerabilities appear not to be directly exploitable on running SecureDrop instances.
Today we are announcing the release of SecureDrop 0.5. This release adds support for six additional languages. The important changes in this release are summarized below:
The release of the next version of SecureDrop, 0.5, is scheduled for December 5th, 2017. We will send out another notification through our blog on securedrop.org, Twitter, and the support portal when the release is live. User-facing changes that administrators should be aware of are summarized in this blog post.
Come work on SecureDrop at the Electronic Frontier Foundation at 815 Eddy St in San Francisco on Thursday December 7th at 6-9pm!
On the evening of Monday October 16th, just as the SecureDrop team was about to head home for the day, two of our engineers, while doing some testing for a new version of SecureDrop expected to be released the following week, discovered a serious vulnerability in the SecureDrop code.