Today we are announcing the release of SecureDrop 0.4.2. This is a bugfix release to fix an issue with the AppArmor profile for Apache, which caused the Source and Journalist Interface web applications to fail. The root of the problem was an implicit dependency on upstream AppArmor abstractions from the Tor package, which has been resolved.

As with the 0.4.1 release, special thanks to Simon Loffler for providing a detailed report of the problem.

What Administrators should do

The upgrade will be applied automatically overnight, during the daily upgrade logic. After the machines reboot as scheduled, the access to the web applications (both Source and Journalist Interfaces) will be restored. No manual action is required. If you wish to apply the fix immediately, you can do so by running the following commands from an interactive session on the Application Server: `sudo cron-apt -i -s`

Please let know via the GitHub issue tracker or the support portalif you have any further issues with SecureDrop 0.4.2.