Today we are announcing the release of SecureDrop 0.12.1. This point release is mainly focused on providing a smoother upgrade experience from Ubuntu 14.04 (Trusty) to Ubuntu 16.04 (Xenial). A complete list of changes can be found on GitHub.
Reminder: If you have not done so already, you must manually upgrade your SecureDrop servers to Ubuntu 16.04 before April 30.
What’s new for administrators
- Bugfix: You can now more reliably resume an interrupted terminal session during the upgrade from Ubuntu 14.04 to Ubuntu 16.04. Previously, the installation of a new version of the terminal multiplexer
tmux
as part of the upgrade sometimes caused attempts to resume an interrupted session to fail. (Issue, Pull Request) - Bugfix: The
./securedrop-admin install
command no longer fails if you have configured your Application or Monitor Servers to show terminal output in a language other than English. (Issue, Pull Request) - Bugfix: The graphical workstation updater now handles the download of the release key used for verification purposes more reliably. Note that this will only apply to workstation updates subsequent to this one. (Issue, Pull Request)
- Security: As a precaution, the
securedrop-admin install
command now ensures that software packages for wireless network support are not installed on your servers. Because the SecureDrop kernel does not include wireless network drivers, these packages were harmless but unnecessary. (Issue, Pull Request) - Upgrade: On servers running Ubuntu 16.04, Tor has been upgraded from version 0.3.5.7 to version 0.3.5.8 on Application and Monitor Servers. See the Tor changelog for details. (Issue)
What administrators need to do
Existing SecureDrop installations will be automatically updated to this point release. Your Admin and Journalist Workstations should alert you to the availability of workstation updates, which you can perform by clicking “Update Now”. If the graphical updater fails, please see our instructions.
Questions and comments
If you have any questions, please don’t hesitate to reach out:
- via our Support Portal, if you are a member (membership is approved on a case-by-case basis);
- via securedrop@freedom.press (GPG encrypted);
- via our community forums.