Today we are announcing the release of SecureDrop 0.13.1. This point release fixes a problem with the download link to the SecureDrop instance’s Submission Public Key. Instead of the public key, sources would see a “Page not found” error. The problem was caused by changes introduced in SecureDrop 0.13.0. (Issue, Pull Request)
Using the Submission Public Key, users can optionally encrypt documents or messages prior to submitting them. Pre-encryption is not required to use SecureDrop, because submissions are automatically encrypted by the server. More technical users may wish to pre-encrypt their submissions to ensure that the SecureDrop server never sees documents or messages in unencrypted form.
We regret the error, and we have implemented automated tests to prevent a similar error making it into a future release.
What administrators need to do
Existing SecureDrop installations will be automatically updated to this point release. Your Admin and Journalist Workstations should alert you to the availability of workstation updates, which you can perform by clicking “Update Now” (you must have set a Tails administration password). If the graphical updater fails, please see our instructions.
Questions and comments
If you have any questions, please don’t hesitate to reach out:
- via our Support Portal, if you are a member (membership is approved on a case-by-case basis);
- via securedrop@freedom.press (GPG encrypted);
- via our community forums.