News

Release Announcement

SecureDrop 0.12.0 Released

We are pleased to announce the release of SecureDrop 0.12.0. Changes that sources, journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub. Important: This release is the first to support Ubuntu 16.04 (Xenial ... Read More

Pre-Release Announcement

SecureDrop 0.12.0: Pre-Release Announcement

The release of the next version of SecureDrop, 0.12.0, is scheduled for February 26, 2019. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog ... Read More

Interest Article

Security at every step: how we’re checking SecureDrop landing pages

How do whistleblowers find out about a news organization’s SecureDrop? The most common answer is a landing page, an ordinary web page hosted by the organization operating a SecureDrop. It explains how sources can download the Tor browser, and how they can safely connect to the onion address of ... Read More

Release Announcement

SecureDrop 0.11.1 Released

Today we are announcing the release of SecureDrop 0.11.1. This release includes a security fix (Issue, Pull Request) for a vulnerability in the APT package manager (USN-3863-1 / CVE-2019-3462). On a vulnerable system, an attacker in a privileged network position who is able to perform a man-in-the-middle attack could ... Read More

Interest Article

Advisory: Preparing for the server upgrade from Ubuntu 14.04 to 16.04

On 30 April 2019, Ubuntu 14.04 LTS (Long Term Support) will reach End of Life. After this date, no new security updates to the base operating system will be provided. It is therefore of critical importance for the security of all SecureDrop instances to upgrade to the next version ... Read More

Interest Article

Third party audit of integrated SecureDrop Workstation completed

The SecureDrop team is currently working on an integrated SecureDrop Workstation that combines the previously separate Journalist Workstation and Secure Viewing Station into a single device, based on Qubes OS. This represents a potential major change to the SecureDrop architecture and threat model, which is why we have sought independent ... Read More

Interest Article

Advisory: Automatic Update Failure from Version 0.10.0 to 0.11.0 on Some SecureDrop Instances

Ordinarily, updates to the SecureDrop servers are performed automatically within 24 hours of a release. After the release of SecureDrop 0.11.0 on December 11, our monitoring service indicated that some SecureDrop instances were not updated as expected. Instances known to be impacted were set up before SecureDrop version 0.4 (released July 25, 2017). Read More

Release Announcement

SecureDrop 0.11.0 Released

We are pleased to announce the release of SecureDrop 0.11.0. This release includes a fix for a low severity security regression concerning SSH logins, a kernel update, user interface improvements, a new version of Tor, a new version of Ansible, and more. A complete list of changes can ... Read More