The release of the next version of SecureDrop, 2.0.0, is scheduled for June 22, 2021. We will send out another notification through this blog, Twitter, Mastodon, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. … Read More

On May 10, 2021, the Tenable team informed us of a CSRF vulnerability on SecureDrop’s Journalist Interface. Details are now available on their advisories page. Read More

We’re pleased to announce that SecureDrop 1.8.2 has been released. This is a bugfix release only issued for servers running Ubuntu 20.04. A complete list of changes can be found on GitHub. Read More

We’re pleased to announce that SecureDrop 1.8.1 has been released. This is a bugfix release to provide a smoother migration experience from Ubuntu 16.04 (Xenial) to Ubuntu 20.04 (Focal). A complete list of changes can be found on GitHub. Read More

We are pleased to announce that Trail of Bits has completed the second independent audit of the SecureDrop Workstation, directly funded by The New York Times. This audit, which took place in December 2020 and January 2021, is the result of a two-engineer, six person-weeks effort. The SecureDrop Workstation, based on Qubes OS, is our next-generation platform which allows journalists to safely retrieve, decrypt, open and export anonymous submissions. It is currently being used in a limited pilot, and the first audit of the SecureDrop Workstation was completed in late 2018. Read More

We’re pleased to announce that SecureDrop 1.8.0 has been released. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.Important: This is the first release to provide support for Ubuntu 20.04 (Focal). All administrators must … Read More

The release of the next version of SecureDrop, 1.8.0, is scheduled for March 9, 2021. We will send out another notification through this blog, Twitter, Mastodon, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. … Read More

SecureDrop 1.7.1 has been released, which addresses the issues described in our advisory from earlier today, restoring the availability of all instances. Read More