Today we are announcing the release of SecureDrop 0.4.3. This release:
- Makes diceware passphrase generation automatic for new administrator and journalist SecureDrop accounts. Note that any non-diceware passphrases currently in use will continue to work.
- Improves monitoring and alerting: more OSSEC false positives will be suppressed.
- Enforces a minimum username length of 3 characters.
- Progress towards internationalizing SecureDrop.
What Administrators Need To Do
Make sure you have read our recent security advisory and shared it with all editors and journalists onboarded to SecureDrop.
The update will be automatic on the Application and Monitor servers. This release does not require you to run the Ansible playbooks again from the Admin Workstation.