The release of the next version of SecureDrop, 0.9.0, is scheduled for September 5, 2018. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s coming in SecureDrop 0.9.0?
- Behavior change: Journalists will be able to download each other’s replies to sources from the Journalist Interface and decrypt them on the Secure Viewing Station, even after a source has deleted them from the source inbox in the Source Interface. (Issue)
- Upgrade: SecureDrop instances running kernel version 4.4.135 will be automatically upgraded to version 4.4.144, which includes important security fixes. If you have previously downgraded your kernel to the 3.14.x series, this release will be the last one to preserve the rolled back setting, and we urge you to test a more recent kernel release to avoid outages (see details below). (Issue, Pull Request)
- Upgrade: Tor will be upgraded to version 0.3.3.9 on the Application and Monitor Servers. See the Tor changelog for details. (Issue)
- Upgrade: The
securedrop-keyringpackage will be updated because the SecureDrop signing key expiry date has been moved forward. The key fingerprint has not changed. (Issue)
- New feature: The Journalist Interface will be accessible via an API, with the same authentication requirements as the web interface (documentation). This may be relevant if your organization wants to develop alternative interfaces for managing SecureDrop submissions, and it will be used by the upcoming SecureDrop Workstation. We will also release an SDK for Python developers in the near future. (Issue, Pull Request)
- Security: A stronger algorithm will be used to hash journalist passwords (argon2 instead of scrypt). Existing users’ password hashes will automatically be updated to the new hashing algorithm after they log in. (Issue, Pull Request)
- Security: The cryptography library used on the Admin Workstation will be updated to a more recent version as a precaution. The previous version has a vulnerability in the implementation of a cryptographic primitive which does not affect SecureDrop. (Issue, Pull Request)
- Security: Flask, the web development framework used by SecureDrop, will be updated to a more recent version as a precaution. The previous version has a denial of service vulnerability which does not directly affect SecureDrop. (Issue, Pull Request)
What administrators will need to do
SecureDrop Application and Monitor Server code will be updated automatically. That includes the kernel update from version 4.4.135 to 4.4.144 if you have not changed your default kernel. If you experience issues with this kernel update, please follow our kernel troubleshooting guide.
On a subsequent boot of your SecureDrop Journalist and Admin Workstations, the SecureDrop Workstation Updater will alert you to workstation updates. Choose "Update Now" on each of the workstations:
Please note that this only updates the SecureDrop code on the workstation. Tails upgrades must be performed separately.
If you have not yet updated to the graphical updater, you can update as follows:
git fetch --tags
gpg --recv-key "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77"
git tag -v 0.9.0
The output should include the following two lines:
gpg: using RSA key 22245C81E3BAEB4138B36061310F561200F4AD77
gpg: Good signature from "SecureDrop Release Signing Key"
Please verify that each character of the fingerprint above matches what you see on the screen of your workstation. If it does, you can check out the new release:
git checkout 0.9.0
Important: Please verify that the output of this command does not contain the text "warning: refname '0.9.0' is ambiguous". If you do see this warning, we recommend that you contact us immediately at email@example.com (GPG encrypted).
Finally, run the following command:
Action required for instances with downgraded kernels
If you have not taken any action to modify the Linux kernel on your SecureDrop instance, you can ignore this section, as your kernel will be automatically updated to the new version.
If you have previously downgraded your Linux kernel to the 3.14.x series due to compatibility issues with previous kernels, we request that you test kernel version 4.4.144 by following our detailed instructions, once the new kernel becomes available on your system as part of this release.
The 3.14.x-series of the Linux kernel has reached end-of-life. While the SecureDrop kernel has been significantly hardened, migrating to the new kernel is of high importance for the security of your instance. For this reason, SecureDrop 0.9.0 will be the last release to preserve a preference for a 3.14.x series kernel.
Questions and comments
If you have questions or comments regarding this release, please don't hesitate to reach out:
- Via our Support Portal, if you are a member (membership is approved on a case-by-case basis);
- Via firstname.lastname@example.org (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!