SecureDrop has completed its sixth security audit, conducted by 7ASecurity and sponsored by the Open Technology Fund. The audit surfaced one medium-severity and two low-severity issues, which were all fixed in SecureDrop 2.10.0. The auditors also examined the SecureDrop supply chain, build processes, and threat model, making recommendations that will inform future development. Read More

We’re pleased to announce that SecureDrop 2.10.1 has been released. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub. Read More

A recent audit of SecureDrop by 7ASecurity found one medium-severity and several low-severity security issues. This audit is part of our commitment to routinely audit and harden the system.Fixes for the following issues are in SecureDrop 2.10.0, released today; SecureDrop Application and Monitor Servers will be updated automatically within 24 … Read More

We’re pleased to announce that SecureDrop Client 0.13.2, part of the SecureDrop Workstation, has been released. This is a bug-fix release that addresses an issue where a failed download would prevent additional downloads from completing until the client is restarted.The technical list of changes made is below and can also … Read More

We’re pleased to announce that SecureDrop Client 0.13.1, part of the SecureDrop Workstation, has been released. Changes that users should be aware of are below; a complete list of changes can be found on GitHub.Note: Due to a bug found during QA, the package version will be 0.13.1.What’s new in … Read More

We’re pleased to announce that SecureDrop Client 0.12.0, part of the SecureDrop Workstation, has been released. Changes that users should be aware of are below; a complete list of changes can be found on GitHub.What’s new in SecureDrop Client 0.12.0?This release includes includes the following changes:Support viewing .heic and .avif … Read More

SecureDrop Workstation instances using Qubes 4.1 have reached end-of-life, and will not receive security updates after July 31, 2024.SecureDrop Workstation 1.0.0 is based on Qubes 4.2; users should migrate to it as soon as possible. Our backup and restore documentation covers the steps that are required to migrate to SecureDrop … Read More

The SecureDrop team is planning to shut down the SecureDrop forum at https://forum.securedrop.org/ on July 30, 2024. Read More