The release of the next version of SecureDrop, 0.12.0, is scheduled for February 26, 2019. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s coming in SecureDrop 0.12.0?
- Behavior change: Due to a bug in Firefox in combination with the NoScript extension used by the Tor browser, this release will instruct sources to disable NoScript's “cross-site request sanitization” feature. This feature, which is turned on by default, sometimes causes uploads to fail. We will remove these instructions once the Firefox bug is resolved. (Issue, Pull Request)
- New feature: You will be able to tick a “show password” checkbox on the login screen to show your password while you are typing. (Issue, Pull Request)
- Support for Ubuntu 16.04 (Xenial): SecureDrop 0.12.0 will be the first version to support Ubuntu 16.04 (Xenial) as the base operating system for the Application Server and the Monitor Server. Because Ubuntu 14.04 (Trusty) will stop receiving security updates after April 30, it is of critical importance for the security of your SecureDrop instance to manually update the servers before then; see details below. (Tracking issue)
- Security: As a precaution to reduce the amount of metadata stored about sources, GPG key pairs generated for new sources for replies will no longer have an expiration date, and they will always use the same creation date. This will have no visible user impact. (Issue, Pull Request)
- New feature: The
securedrop-admin logscommand will include information about installed packages to aid with debugging. (Issue, Pull Request)
- Kernel upgrade / security: The Linux kernel on SecureDrop servers will be upgraded from version 4.4.162 to version 4.4.167. For security reasons, wireless support will be completely removed (rather than blacklisted) in this kernel release. (Issue, Pull Request)
- Behavior change: The order of operations during nightly SecureDrop package updates will be changed to make the servers more resilient against package update failures. Note that if your SecureDrop instance failed to upgrade from 0.10.0 to 0.11.0, manual action is still required. (Issue, Pull Request)
- Upgrade: On servers running Ubuntu 16.04, Tor will be upgraded from version 0.3.4.9 to version 0.3.5.7 on Application and Monitor Servers. See the Tor changelog for details. (Issue)
- Journalist Interface API changes:
- New feature: API consumers will be able to specify a reply UUID when posting a reply. (Issue, Pull Request)
- New feature: The API will return the filenames of replies created through the API, to enable consumers to correctly order replies. (Issue, Pull Request)
- New feature: The API will return the UUID of the signed in journalist together with an authorization token, to avoid the need for a a separate API request for user data. (Issue, Pull Request)
- Bugfix: The API will no longer set unnecessary session cookie headers. (Issue, Pull Request)
- Bugfix: The API will correctly return the public key of the specified source, instead of sometimes returning the public keys of all sources. (Issue, Pull Request)
- Bugfix: The API will correctly return a 403 error when receiving malformed authorization tokens, instead of an internal server error due to an uncaught exception. (Issue, Pull Request)
Metadata endpoint update: The publicly accessible SecureDrop metadata endpoint at yoursourceinterfaceaddress.onion/metadata will include an operating system version string, e.g., “14.04” or “16.04”. (Issue, Pull Request)
What administrators will need to do
SecureDrop Application and Monitor Server code will be updated to SecureDrop 0.12.0 automatically. As with previous releases, you should be able to update your workstations using the graphical updater; we will include instructions for performing the workstation update manually in case of issues.
As noted above, SecureDrop 0.12.0 will be the first release to support Ubuntu 16.04 as the base operating system for your Application and Monitor Servers. The 0.12.x series will also be the last SecureDrop release series to support Ubuntu 14.04.
Ubuntu 14.04 will reach end-of-life for security updates on April 30, 2019, so it is of critical importance for the security of your SecureDrop installation that you upgrade to or reinstall on Ubuntu 16.04 before that date.
If you haven’t already done so, we strongly recommend following the preparatory steps for the Xenial upgrade as soon as possible, to ensure a smooth upgrade experience. We recommend setting up a 2 day maintenance window no earlier than March 6.
As part of SecureDrop 0.12.0, we will provide detailed instructions for:
- Upgrading the base operating system from Ubuntu 14.04 to Ubuntu 16.04 in-place (requires downtime);
- Installing SecureDrop 0.12.0 with Ubuntu 16.04 on additional hardware, and recovering data and configuration from servers running Ubuntu 14.04, using the backup/recovery tools (minimizes downtime).
Questions and comments
If you have questions or comments regarding this release or the operating system upgrade, please don't hesitate to reach out:
- Via our Support Portal, if you are a member (membership is approved on a case-by-case basis);
- Via firstname.lastname@example.org (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!