News

Interest Article

We're making SecureDrop.org open source

Today we’re making public on GitHub the code that powers the SecureDrop.org website. SecureDrop has been open source since its inception. Starting today, its website is as well, under the same GNU Affero General Public License (AGPL). Read More

Release Announcement

SecureDrop 0.12.1 Released

Today we are announcing the release of SecureDrop 0.12.1. This point release is mainly focused on providing a smoother upgrade experience from Ubuntu 14.04 (Trusty) to Ubuntu 16.04 (Xenial). A complete list of changes can be found on GitHub. Reminder: If you have not done so ... Read More

Interest Article

Advisory: Why you must manually upgrade your SecureDrop servers before April 30

SecureDrop installations set up before version 0.12.0 (released on February 26, 2019) that have not been upgraded yet are using Ubuntu 14.04 LTS (Trusty) as the server operating system. On April 30 2019, Trusty will reach End of Life, and will no longer receive security updates. If ... Read More

Release Announcement

SecureDrop 0.12.0 Released

We are pleased to announce the release of SecureDrop 0.12.0. Changes that sources, journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub. Important: This release is the first to support Ubuntu 16.04 (Xenial ... Read More

Pre-Release Announcement

SecureDrop 0.12.0: Pre-Release Announcement

The release of the next version of SecureDrop, 0.12.0, is scheduled for February 26, 2019. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog ... Read More

Interest Article

Security at every step: how we’re checking SecureDrop landing pages

How do whistleblowers find out about a news organization’s SecureDrop? The most common answer is a landing page, an ordinary web page hosted by the organization operating a SecureDrop. It explains how sources can download the Tor browser, and how they can safely connect to the onion address of ... Read More

Release Announcement

SecureDrop 0.11.1 Released

Today we are announcing the release of SecureDrop 0.11.1. This release includes a security fix (Issue, Pull Request) for a vulnerability in the APT package manager (USN-3863-1 / CVE-2019-3462). On a vulnerable system, an attacker in a privileged network position who is able to perform a man-in-the-middle attack could ... Read More

Interest Article

Advisory: Preparing for the server upgrade from Ubuntu 14.04 to 16.04

On 30 April 2019, Ubuntu 14.04 LTS (Long Term Support) will reach End of Life. After this date, no new security updates to the base operating system will be provided. It is therefore of critical importance for the security of all SecureDrop instances to upgrade to the next version ... Read More