We’re pleased to announce that SecureDrop 2.0.1 has been released. This is a maintenance release that updates dependencies and signs the SecureDrop release tag with our updated signing key. A complete list of changes can be found on Github.What’s new in SecureDrop 2.0.1?For developersMaintenance: The SecureDrop release tag is now … Read More

SecureDrop releases are digitally signed using a release key. This allows anyone to verify the integrity of a SecureDrop release, to mitigate the risk of tampering by third parties. After nearly 5 years in use, as a purely precautionary measure, we are rotating the release key. Read More

We’re pleased to announce that SecureDrop 2.0.0 has been released. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.Important: All Tails Workstations should run the SecureDrop graphical updater before June 29, 2021, to ensure … Read More

The release of the next version of SecureDrop, 2.0.0, is scheduled for June 22, 2021. We will send out another notification through this blog, Twitter, Mastodon, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. … Read More

On May 10, 2021, the Tenable team informed us of a CSRF vulnerability on SecureDrop’s Journalist Interface. Details are now available on their advisories page. Read More

We’re pleased to announce that SecureDrop 1.8.2 has been released. This is a bugfix release only issued for servers running Ubuntu 20.04. A complete list of changes can be found on GitHub. Read More

We’re pleased to announce that SecureDrop 1.8.1 has been released. This is a bugfix release to provide a smoother migration experience from Ubuntu 16.04 (Xenial) to Ubuntu 20.04 (Focal). A complete list of changes can be found on GitHub. Read More

We are pleased to announce that Trail of Bits has completed the second independent audit of the SecureDrop Workstation, directly funded by The New York Times. This audit, which took place in December 2020 and January 2021, is the result of a two-engineer, six person-weeks effort. The SecureDrop Workstation, based on Qubes OS, is our next-generation platform which allows journalists to safely retrieve, decrypt, open and export anonymous submissions. It is currently being used in a limited pilot, and the first audit of the SecureDrop Workstation was completed in late 2018. Read More