We are pleased to announce the release of SecureDrop 0.8.0. This release includes a kernel update, the removal of two-factor authentication for console logins, and smaller user interface changes and bugfixes. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of … Read More

We are pleased to announce the release of SecureDrop 0.7.0. This release includes support for administering SecureDrop servers over the local network (as opposed to using Tor), and for enabling a minimalist daily email notification about new submissions. These and other changes that journalists and administrators should be aware of … Read More

We are pleased to announce the release of SecureDrop 0.6. This release includes a major kernel upgrade. Please find background on this and other highlights from the release below, and see the complete list of changes for additional technical details. Read More

We are annoucing the release of SecureDrop 0.5.2. The important changes in this release are summarized below:Updates Tor to 0.3.2.9-1~trusty+1 on all SecureDrop serversResolves a bug in the registration of OSSEC agents during securedrop-admin-installFor full details, see the changelog. Development for this releasw as tracked in the 0.5.2 milestone on … Read More

Today we are announcing the release of SecureDrop 0.5.1. The important changes in this release are summarized below: SecureDrop servers will now use an apt server run by Freedom of the Press Foundation for future Tor package updates.The source and journalist interfaces are localized in four additional languages: Arabic, Chinese, … Read More

Today we are announcing the release of SecureDrop 0.5. This release adds support for six additional languages. The important changes in this release are summarized below:  The source and journalist interfaces are localized in Dutch, French, German, Norwegian, Portuguese and Spanish. Administrators are able to enable any or all of … Read More

Today we are announcing the release of SecureDrop 0.4.4. This is a hotfix release to fix a security vulnerability where during initial provisioning of the SecureDrop servers, three packages - tor, ntp, and the Tor keyring are installed without verifying cryptographic signatures. As these packages are fetched over HTTP, an attacker with network access could gain remote code execution on the SecureDrop servers if they are able to man-in-the-middle (MitM) the connection to the apt server. This vulnerability was found during internal code review and there are no signs of active exploitation. Read More

Today we are announcing the release of SecureDrop 0.4.3. Read More