The release of the next version of SecureDrop, 0.5, is scheduled for December 5th, 2017. We will send out another notification through our blog on securedrop.org, Twitter, and the support portal when the release is live. User-facing changes that administrators should be aware of are summarized in this blog post.
What’s Coming in SecureDrop 0.5
Source and journalist interfaces will be internationalized. The SecureDrop web interfaces have been translated into Arabic, Dutch, French, German, Norwegian, Portuguese and Spanish. Administrators will be able to enable any or all of these languages via securedrop-admin in their Admin Workstation and the default language will continue to be English. Documentation will accompany the 0.5 release describing how to do this from your Admin Workstation.
Source codenames will only be displayed to sources during their first session. On subsequent logins, source codenames will not be shown in the interface.
Source and journalist sessions will now expire after 120 minutes and require a source or journalist to log in again.
The currently logged in journalist will be displayed on the journalist interface.
Require entry of old credentials when cycling credentials of SecureDrop user accounts.
Fixes a bug producing an extra source codename folder in downloaded zip files.
Smaller UX improvements on both web interfaces.
What Administrators Will Need To Do
The server update will be automatic for both the Application and Monitor Servers. This release does not require you to run securedrop-admin install again from the Admin Workstation.
Tails 3.3 Upgrade
Administrators are recommended to upgrade all journalist and administrator drives to Tails 3.3 upon release of SecureDrop 0.5. Tails 3.3 will by default mark .desktop files that can potentially execute malicious code as untrusted and require a warning to execute:
Journalists and editors should be discouraged from clicking through these warnings.
In order to mark the SecureDrop desktop icons as trusted, administrators must run securedrop-admin tailsconfig after updating to SecureDrop 0.5 on each Journalist and Admin workstation running Tails 3.3:
cd ~/Persistent/securedrop
git checkout 0.5
gpg --recv-key "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77"
git tag -v 0.5 # Output should include "Good signature"
./securedrop-admin tailsconfig
Until this procedure is done, the journalist and source interface desktop shortcuts will trigger warnings and icons will not display properly:
Please submit suggestions and issues you have with the SecureDrop platform to us via the SecureDrop support portal: https://support.freedom.press/ or GitHub: https://github.com/freedomofpress/securedrop/issues/new. If you’re interested in contributing translations to SecureDrop, please read our translator documentation to get started.