SecureDrop 0.5 Released
Today we are announcing the release of SecureDrop 0.5. This release adds support for six additional languages. The important changes in this release are summarized below:
The source and journalist interfaces are localized in Dutch, French, German, Norwegian, Portuguese and Spanish. Administrators are able to enable any or all of these languages via securedrop-admin in their Admin Workstation. Arabic was delayed until a future release in the SecureDrop 0.5.x series. If you’re interested in contributing translations in additional languages to SecureDrop, please read our translator documentation to get started.
Source codenames will only be displayed to sources during their first session. On subsequent logins, source codenames will not be shown in the interface.
Source and journalist sessions will now expire after 120 minutes and require a source or journalist to log in again.
The currently logged in journalist will be displayed on the journalist interface.
The entry of old credentials will be required when cycling credentials of SecureDrop user accounts.
Fixes a bug producing an extra source codename folder in downloaded zip files.
What Administrators Need To Do
The update will be automatic on the Application and Monitor Servers. This release does not require you to run the Ansible playbooks again from the Admin Workstation. Administrators should upgrade all Tails drives to Tails 3.3 following the instructions below.
How to Enable Non-English Languages for your SecureDrop
Follow the 0.5 upgrade guide to select which languages in addition to English you would like to display on your SecureDrop source and journalist interfaces. After following this documentation, a language selection dropdown will appear on both interfaces:
Tails 3.3 Upgrade
At this time we recommend all administrators to upgrade all journalist and administrator drives to Tails 3.3. Tails 3.3 will by default mark .desktop files that can potentially execute malicious code as untrusted and require a warning to execute:
Journalists and editors should be discouraged from clicking through these warnings.
In order to mark the SecureDrop desktop icons as trusted, administrators must run securedrop-admin tailsconfig after updating to SecureDrop 0.5 on each Journalist and Admin workstation running Tails 3.3:
git fetch --tags
git checkout 0.5
gpg --recv-key "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77”
git tag -v 0.5 # Output should include “Good Signature”
And then reboot your workstation. After reboot, these shortcuts should be displayed properly. Until this procedure is done, the journalist and source interface desktop shortcuts will trigger warnings and icons will not display properly:
Once the network is active, you will see a notification indicating that SecureDrop is configured and the logos will be displayed:
As always, please submit suggestions and issues you have with the SecureDrop platform to us via the Freedom of the Press Foundation SecureDrop support portal, the support area of the SecureDrop community forum, or SecureDrop's GitHub issue tracker. Be aware that GitHub and the community forum are both public channels, and sensitive details of sources or submissions should not be shared over these channels.
The following individuals all contributed translations to SecureDrop:
Alain-Olivier, Ali Boshanab, Allan Nordhøy, Anatoli, Anna Skaja, Anne M, A. Nonymous, Beatrice Martini, Benny Daon, Bernardo Tonasse, Camille Fassett, Chi-Hsun Tsai, communiaa, Daniel Arauz, Eric H., Erin McConnell, Ettore Atalan, Freddy Martinez, Gabriele Kahlout, H.-L. Lee, Jasmine Khalil, Jean-Marc Manach, Jennifer Helsby, Jin Lin Wright, Jose, kwadronaut, Loïc Dachary, Magdalena Stenius, Maria Ovsyannikova, Michal Čihař, Øyvind Bye Skille, Ramy Raoof, Scharik Yousif, Shih-Chieh Ilya Li, Thalia Rahme, Tiago Manuel Ventura Loureiro, Yarno Ritzen
A huge thanks to the excellent work of the SecureDrop contributors, translators, and translation reviewers who worked on this release. We would especially like to thank the contributors to SecureDrop’s internationalization process. Contributors and maintainers Loïc Dachary and heartsucker provided major code contributions to internationalize the SecureDrop web interfaces. Localization Lab provided invaluable support to the localization effort. SecureDrop translators B_meson, Atalanttore, AnneM, kwadronaut, Alain Olivier, Comradekingu, and communiaa were the translation reviewers for the 0.5 release.