Today we are announcing the release of SecureDrop 0.3.11. This release adds some improvements to SecureDrop’s source interface. The most important change is to provide clear instructions for sources to use Tor Browser’s Security Slider at the highest setting. Read More

Today we are announcing the release of SecureDrop 0.3.10. This release adds a new package, securedrop-keyring, to manage the public keys used to verify packages provided by the Freedom of the Press Foundation's apt package server. Read More

Today we are announcing the release of SecureDrop 0.3.9. This release fixes several minor issues; for details, see the changelog. . Read More

Today we are announcing the release of SecureDrop 0.3.8, to fix a regression in 0.3.7 where a dependency of SecureDrop's Python web application was mistakenly removed from the list of dependencies.  Read More

Today we are announcing the release of SecureDrop 0.3.7. Read More

Today we are announcing the release of SecureDrop 0.3.6. If you are a SecureDrop administrator, please check your instance to ensure that you are running the latest version; if not, follow the instructions below to upgrade your system. Read More

Today the Tow Center for Digital Journalism at Columbia Journalism School has published a first-of-its-kind study on how newsrooms are using SecureDrop, our open-source whistleblower submission system that is now in-use at over thirty news organizations worldwide. Read More

In July, we announced the release of SecureDrop 0.3.4 and published the accompanying security audit by iSEC partners (now NCC Group). The audit found 10 issues, one of which – issue 7, Finding ID iSEC-15FTC-4 – was redacted. It was redacted because it was not an issue in SecureDrop itself, but in one of its dependencies. At the time, NCC Group and Freedom of the Press Foundation agreed that NCC Group should responsibly disclose the issue to the affected project's team, and that we would wait until the project team had had time to develop a fix before publicizing the issue. Read More