The release of the next version of SecureDrop, 0.12.0, is scheduled for February 26, 2019. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog ... Read More

How do whistleblowers find out about a news organization’s SecureDrop? The most common answer is a landing page, an ordinary web page hosted by the organization operating a SecureDrop. It explains how sources can download the Tor browser, and how they can safely connect to the onion address of ... Read More

Today we are announcing the release of SecureDrop 0.11.1. This release includes a security fix (Issue, Pull Request) for a vulnerability in the APT package manager (USN-3863-1 / CVE-2019-3462). On a vulnerable system, an attacker in a privileged network position who is able to perform a man-in-the-middle attack could ... Read More

On 30 April 2019, Ubuntu 14.04 LTS (Long Term Support) will reach End of Life. After this date, no new security updates to the base operating system will be provided. It is therefore of critical importance for the security of all SecureDrop instances to upgrade to the next version ... Read More

The SecureDrop team is currently working on an integrated SecureDrop Workstation that combines the previously separate Journalist Workstation and Secure Viewing Station into a single device, based on Qubes OS. This represents a potential major change to the SecureDrop architecture and threat model, which is why we have sought independent ... Read More

Ordinarily, updates to the SecureDrop servers are performed automatically within 24 hours of a release. After the release of SecureDrop 0.11.0 on December 11, our monitoring service indicated that some SecureDrop instances were not updated as expected. Instances known to be impacted were set up before SecureDrop version 0.4 (released July 25, 2017). Read More

We are pleased to announce the release of SecureDrop 0.11.0. This release includes a fix for a low severity security regression concerning SSH logins, a kernel update, user interface improvements, a new version of Tor, a new version of Ansible, and more. A complete list of changes can ... Read More

The release of the next version of SecureDrop, 0.11.0, is scheduled for December 11, 2018. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog ... Read More