We are pleased to announce the release of SecureDrop 0.8.0. This release includes a kernel update, the removal of two-factor authentication for console logins, and smaller user interface changes and bugfixes.
Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s new in SecureDrop 0.8.0?
For sources
- UI change: The "screensaver" that hides the source interface after two minutes for security reasons now shows an explanatory text instead of only fading out the screen. (Issue, Pull Request)
For journalists
- UI change: The button label "Delete Collection" has been be changed to "Delete Source and Submissions" for clarity. (Issue, Pull Request)
- Bugfix: The daily email notification for new SecureDrop submissions (introduced in SecureDrop 0.7.0) is now more tolerant of variance in the reboot time of the server. This fixes a bug where a notification email was sometimes not sent due to timing issues. (Issue, Pull Request)
For administrators
- Upgrade: SecureDrop instances running kernel version 4.4.115 have been automatically upgraded to version 4.4.135 with expanded hardware support as part of this release. If you have previously downgraded your kernel to the 3.14.x series, the upgrade has preserved the rolled back setting. However, support for the 3.14.x series will be removed in a future release of SecureDrop; please see below for further details. (Pull Request)
- Upgrade: Tor has been upgraded to version 0.3.3.7 on the Application and Monitor Servers. See the Tor changelog for details. (Issue)
- Behavior change: Logging into your SecureDrop server with an attached physical keyboard no longer requires two-factor authentication. This feature provided no real security benefit as administrators could log in via single-user mode, so it was removed, as previously announced. (Issue, Pull Request)
- Behavior change: When you configure SecureDrop using the
securedrop-admin
tool, you are no longer asked questions that are not relevant for your SecureDrop instance. (Issue, Pull Request) - New language: SecureDrop is now available in Swedish. You can enable this language or any other supported languages by following our documentation.
- Security: The graphical workstation updater now performs stricter verification of the release tag, to avoid accidental or deliberate misuse of a branch which takes precedence over a tag. Due to the previous behavior, we recommend that you perform workstation updates for this release manually instead of using the graphical updater; see instructions below. (Issue, Pull Request)
- Security: Login failures on the Journalist Interface are now throttled on a per-user basis instead of potentially denying access to all users. The Journalist Interface uses an Authenticated Tor Hidden Service, providing defense in depth against this type of denial service attack. (Issue, Pull Request)
- Bugfix: You will no longer receive periodic alerts from your Monitor Server asking you to upgrade to a new version of Ubuntu. While we are planning an operating system upgrade in coming months, we strongly advise you not to attempt to perform this upgrade manually, as doing so will likely result in a broken SecureDrop instance. (Issue, Pull Request)
- Bugfix: You can now install SecureDrop in network configurations where IP addresses of your Application and Monitor Servers are assigned individually (with a network mask of 255.255.255.255, i.e. /32) instead of being part of an allocated subnet. The
securedrop-admin install
command previously failed with an error message under this configuration. (Issue, Pull Request)
What administrators need to do
(You can also find this information in the upgrade guide section of the documentation.)
We recommend that you update all Tails drives to version 3.8, which was released concurrently with SecureDrop 0.8.0 on June 26, 2018. Follow the graphical prompts on your workstations to perform this upgrade.
SecureDrop Application and Monitor Server code will be updated automatically. That includes the kernel update from version 4.4.115 to 4.4.135 if you have not changed your default kernel. If you experience issues with this kernel update, please follow our kernel troubleshooting guide.
If you have installed the workstation updates that shipped with SecureDrop 0.7.0, on a subsequent boot of your SecureDrop Journalist and Admin Workstations, the graphical updater will alert you to workstation updates:
Due to bug 3567, when this update is performed, a branch containing unsigned code could take precedence over a release tag, if they have the same name. The likelihood of an exploit is low, as it would require accidental or deliberate branch creation, or a compromise of GitHub and/or the communication flow between the workstation and Github.
To completely eliminate this risk, we recommend that you select “Update Later” and perform the update manually by issuing the following commands on each workstation:
cd ~/Persistent/securedrop
git fetch --tags
gpg --recv-key "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77"
git tag -v 0.8.0
The output should include the following two lines:
gpg: using RSA key 22245C81E3BAEB4138B36061310F561200F4AD77
gpg: Good signature from "SecureDrop Release Signing Key"
Please verify that each character of the fingerprint above matches what you see on the screen of your workstation. If it does, you can check out the new release:
git checkout 0.8.0
Importantly, please verify that the output of this command does not contain the text "warning: refname '0.8.0' is ambiguous". If you do see this warning, we recommend that you contact us immediately at securedrop@freedom.press (GPG encrypted).
Finally, run the following command:
./securedrop-admin setup
Please note that this only updates the SecureDrop code on the workstation. Tails upgrades still have to be performed separately.
Resetting SecureDrop admin user passwords
As noted above and as previously announced, this release disables two-factor authentication for logging into the SecureDrop servers using an attached physical keyboard. Since single user mode can be used to bypass this security measure, it is ineffective and unnecessary.
However, to ensure you can securely login using a physical keyboard, you may wish to use this opportunity to cycle the administrator password on your SecureDrop servers, and store it in your password vault.
To do so, log into each SecureDrop server via SSH using your Admin Workstation. Become the root user by typing sudo su
, then change the password for the admin user by typing passwd <username>
. Enter a secure password and store it in the KeePassX password manager on your Admin Workstation.
Action required for instances with downgraded kernels
If you have not taken any action to modify the Linux kernel on your SecureDrop instance, you can ignore this section, as your kernel is automatically updated to the new version as part of the release.
If you have previously downgraded your Linux kernel to the 3.14.x series due to compatibility issues with the 4.4.115 kernel, we request that you test kernel version 4.4.135 once it becomes available on your system as part of this release. The new kernel significantly expands hardware support, and we have tested it against additional servers beyond our official recommendations.
The 3.14.x-series of the Linux kernel has reached end-of-life. While the SecureDrop kernel has been significantly hardened, migrating to the new kernel is of high importance for the security of your instance. For this reason, we will remove support for the 3.14.x-series in a future release, once we are satisfied that any significant remaining compatibility issues have been resolved.
To test and potentially enable the new kernel, please follow our detailed instructions.
Questions and comments
If you have questions or comments regarding this release, please don't hesitate to reach out:
- Via our Support Portal, if you are a member (membership is approved on a case-by-case basis);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!
Acknowledgments
This release was made possible thanks to volunteer code contributions from by Anton Sarukhanov, Loïc Dachary, heartsucker, pierwill, and Paul Kehrer.
The translations for all supported languages were updated thanks to the work of many volunteers:
- Arabic: Ouss, Ahmad Gharbeia, Gabriele Kahlout, kwadronaut, Erin McConnell, Scharik Yousif, Ali Boshanab, Jennifer Helsby, ButterflyOfFire, Eric H., Thalia Rahme, Ramy Raoof, Jasmine Khalil, Yarno Ritzen
- Chinese: foolfitz, H.-L. Lee, Jin Lin Wright, Shih-Chieh Ilya Li, Cheng-Chia Tseng, Chi-Hsun Tsai
- Dutch: Thom, Anne M, kwadronaut, Yarno Ritzen
- French: Alain-Olivier, Jean-Marc Manach, Michal Čihař, David, Loïc Dachary
- German: Anna Skaja, kwadronaut, Ettore Atalan, Eric H.
- Hindi: Abhishek Jaiswal, Drashti, Subham Banga, Muhammad Usman, Dev Singh
- Italian: Manuel D’Orso, Claudio Arseni, Beatrice Martini
- Norwegian: Øyvind Bye Skille, Allan Nordhøy
- Portuguese: communiaa, Cecília do Lago, Bernardo Tonasse, Jonas B. R
- Russian: Andrey, Eric H., Maria Ovsyannikova, Adham Kurbanov
- Spanish: Jose, Pablo Di Noto, Allan Nordhøy, Freddy Martinez, Daniel Arauz, Camille Fassett, Anatoli
- Turkish: Volkan, tekrei, Orhan, T. E. Kalaycı
One new language is now officially supported:
- Swedish: Jenny Dybedahl, Magdalena Stenius, Jonas Franzén, Allan Nordhøy