The release of the next version of SecureDrop, 0.8.0, is scheduled for June 26, 2018. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s coming in SecureDrop 0.8.0?
For sources
- UI change: The "screensaver" that hides the source interface after two minutes for security reasons will show an explanatory text instead of only fading out the screen. (Issue, Pull Request)
For journalists
- UI change: The button label "Delete Collection" will be changed to "Delete Source and Submissions" for clarity. (Issue, Pull Request)
- Bugfix: The daily email notification for new SecureDrop submissions (introduced in SecureDrop 0.7.0) will be more tolerant of variance in the reboot time of the server. This fixes a bug where a notification email was sometimes not sent due to timing issues. (Issue, Pull Request)
For administrators
- Upgrade: SecureDrop instances running kernel version 4.4.115 will be automatically upgraded to version 4.4.135 with expanded hardware support. If you have previously downgraded your kernel to the 3.14.x series, the upgrade will preserve the rolled back setting. However, support for the 3.14.x series will be removed in a future release of SecureDrop; please see below for further details. (Pull Request)
- Upgrade: Tor will be upgraded to version 0.3.3.7 on the Application and Monitor Servers. See the Tor changelog for details. (Issue)
- Behavior change: Logging into your SecureDrop server with an attached physical keyboard will no longer require two-factor authentication. This feature provided no real security benefit as administrators could log in via single-user mode, so it was removed, as previously announced. (Issue, Pull Request)
- Behavior change: When you configure SecureDrop using the
securedrop-admintool, you will no longer be asked questions that are not relevant for your SecureDrop instance. (Issue, Pull Request) - New language: SecureDrop will be available in Swedish. You can enable this language or any other supported languages by following our documentation.
- Bugfix: You will be able to install SecureDrop in network configurations where IP addresses of your Application and Monitor Servers are assigned individually (with a network mask of 255.255.255.255, i.e. /32) instead of being part of an allocated subnet. The
securedrop-admin installcommand previously failed with an error message under this configuration. (Issue, Pull Request)
What administrators will need to do
SecureDrop Application and Monitor Server code will be updated automatically. That includes the kernel update from version 4.4.115 to 4.4.135 if you have not changed your default kernel. If you experience issues with this kernel update, please follow our kernel troubleshooting guide.
On a subsequent boot of your SecureDrop Journalist and Admin Workstations, the SecureDrop Workstation Updater will alert you to workstation updates. Choose "Update Now" on each of the workstations:
Please note that this only updates the SecureDrop code on the workstation. Tails upgrades still have to be performed separately.
Resetting SecureDrop admin user passwords
As noted above and as previously announced, this release will disable two-factor authentication for logging into the SecureDrop servers using an attached physical keyboard. Since single user mode can be used to bypass this security measure, it is ineffective and unnecessary.
However, to ensure you can securely login using a physical keyboard, you may wish to use this opportunity to cycle the administrator password on your SecureDrop servers, and store it in your password vault.
To do so, log into each SecureDrop server via SSH using your Admin Workstation. Become the root user by typing sudo su, then change the password for the admin user by typing passwd <username>. Enter a secure password and store it in the KeePassX password manager on your Admin Workstation.
Action required for instances with downgraded kernels
If you have not taken any action to modify the Linux kernel on your SecureDrop instance, you can ignore this section, as your kernel will be automatically updated to the new version.
If you have previously downgraded your Linux kernel to the 3.14.x series due to compatibility issues with the 4.4.115 kernel, we request that you test kernel version 4.4.135 once it becomes available on your system as part of this release. The new kernel significantly expands hardware support, and we have tested it against additional servers beyond our official recommendations.
The 3.14.x-series of the Linux kernel has reached end-of-life. While the SecureDrop kernel has been significantly hardened, migrating to the new kernel is of high importance for the security of your instance. For this reason, we will remove support for the 3.14.x-series in a future release, once we are satisfied that any significant remaining compatibility issues have been resolved.
We will include detailed testing instructions with the release. In short, after SecureDrop 0.8.0 is released, you will need to attach a physical keyboard to the server (you can start with the Monitor server to avoid downtime), enter the GRUB bootloader, and select kernel version 4.4.135 under "Advanced Options". If the kernel boots without problems and you have network access, you can edit /etc/default/grub and set GRUB_DEFAULT=0 to make the new kernel the default (remember to run sudo update-grub, or the change will not take effect).
Questions and comments
If you have questions or comments regarding this release, please don't hesitate to reach out:
- Via our Support Portal, if you are a member (membership is approved on a case-by-case basis);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!