Oct 24 2016 - 1:52pm

Today we are announcing the release of SecureDrop 0.3.10. This release adds a new package, securedrop-keyring, to manage the public keys used to verify packages provided by the Freedom of the Press Foundation's apt package server.

Sep 13 2016 - 5:03pm

Today we are announcing the release of SecureDrop 0.3.9. This release fixes several minor issues; for details, see the changelog.

Existing installations should upgrade automatically within the next 24 hours. If you have any questions, or experience difficulties with this upgrade, please create an issue on our support site.

Jun 23 2016 - 6:13pm

Today we are announcing the release of SecureDrop 0.3.8, to fix a regression in 0.3.7 where a dependency of SecureDrop's Python web application was mistakenly removed from the list of dependencies. This regression did not impact already running production instances, but it prevented the successful installation of new SecureDrop 0.3.7 instances. The issue is fixed in 0.3.8 and new installations are working again.

Jun 8 2016 - 10:41am

Today we are announcing the release of SecureDrop 0.3.7. The important changes in this release are:

Jun 2 2016 - 5:06pm

Today we are announcing the release of SecureDrop 0.3.6. If you are a SecureDrop administrator, please check your instance to ensure that you are running the latest version; if not, follow the instructions below to upgrade your system.

You can easily determine your SecureDrop version by visiting either of the web interfaces and looking for the "Powered by SecureDrop x.y.z" string at the bottom of the page. If your site reports 0.3.6, you do not need to take any further action for this release.

May 12 2016 - 3:56pm

Today the Tow Center for Digital Journalism at Columbia Journalism School has published a first-of-its-kind study on how newsrooms are using SecureDrop, our open-source whistleblower submission system that is now in-use at over thirty news organizations worldwide.

Dec 11 2015 - 10:32am

In July, we announced the release of SecureDrop 0.3.4 and published the accompanying security audit by iSEC partners (now NCC Group). The audit found 10 issues, one of which – issue 7, Finding ID iSEC-15FTC-4 – was redacted. It was redacted because it was not an issue in SecureDrop itself, but in one of its dependencies.

Jul 10 2015 - 12:39pm

Today we’re announcing SecureDrop 0.3.4, the latest release of SecureDrop, and publishing the results of the accompanying security audit by iSEC Partners. This is our fourth audit of SecureDrop and you can read the results of the previous three audits here.

Mar 22 2015 - 10:05pm

SecureDrop 0.3.1

Today, we’re announcing the latest major release of SecureDrop, our open-source whistleblower submission system. SecureDrop 0.3 uses the same basic architecture found in 0.2, but contains numerous improvements focused on better usability for both journalists and sources, a radically simplified installation process, and an auto-updating procedure that allows us to deliver important fixes to all SecureDrop installations in a timely manner.

Jul 30 2014 - 5:36am

On Wednesday morning, the Tor Project published a security advisory detailing an attack against the Tor network that appears to have been trying to deanonymize users. SecureDrop, our open-source whistleblower submission system, is heavily reliant on Tor and uses the anonymity network to facilitate communication between whistleblowers, journalists, and news organizations.

Pages