Today we are announcing the release of SecureDrop 0.4.3. This release:

• Makes diceware passphrase generation automatic for new administrator and journalist SecureDrop accounts. Note that any non-diceware passphrases currently in use will continue to work.
• Improves monitoring and alerting: more OSSEC false positives will be suppressed.
• Enforces a minimum username length of 3 characters.
• Progress towards internationalizing SecureDrop.

For full details, see the changelog. Development for this release was tracked in the 0.4.3 milestone on GitHub.

What Administrators Need To Do

Make sure you have read our recent security advisory and shared it with all editors and journalists onboarded to SecureDrop.

The update will be automatic on the Application and Monitor servers. This release does not require you to run the Ansible playbooks again from the Admin Workstation.

As always, please submit suggestions and issues you have with the SecureDrop platform to us via the SecureDrop support portal or GitHub.