We are pleased to announce the release of SecureDrop 0.9.0. This release includes a kernel update, a new feature to enable journalists to download their replies to sources, an API for the Journalist Interface, and an upgraded version of Tor.
Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s new in SecureDrop 0.9.0?
For journalists
- Behavior change: Journalists can now download each other’s replies to sources from the Journalist Interface and decrypt them on the Secure Viewing Station, even after a source has deleted them from the source inbox in the Source Interface. (Issue)
For administrators
- Upgrade: SecureDrop instances running kernel version 4.4.135 have been automatically upgraded to version 4.4.144, which includes important security fixes. If you have previously downgraded your kernel to the 3.14.x series, this release will be the last one to preserve the rolled back setting, and we urge you to test a more recent kernel release to avoid outages (see details below). (Issue, Pull Request)
- Upgrade: Tor has been upgraded to version 0.3.3.9 on the Application and Monitor Servers. See the Tor changelog for details. (Issue)
- Upgrade: The
securedrop-keyringpackage has been updated because the SecureDrop signing key expiry date has been moved forward. The key fingerprint has not changed. (Issue) - Bugfix: When a source visits the Source Interface using Tor browser 8.0 or later, they no longer see a warning message recommending they use Tor. This bug only appeared on production instances for a short period of time, because Tor 8.0 was released on the same day as SecureDrop 0.9.0. (Issue, Pull Request)
- New feature: The Journalist Interface is now accessible via an API, with the same authentication requirements as the web interface (documentation). This may be relevant if your organization wants to develop alternative interfaces for managing SecureDrop submissions, and it will be used by the upcoming SecureDrop Workstation. We will also release an SDK for Python developers in the near future. (Issue, Pull Request)
- Security: A stronger algorithm is now used to hash journalist passwords (argon2 instead of scrypt). Existing users’ password hashes will automatically be updated to the new hashing algorithm after they log in. (Issue, Pull Request)
- Security: The cryptography library used on the Admin Workstation has been updated to a more recent version as a precaution. The previous version has a vulnerability in the implementation of a cryptographic primitive which does not affect SecureDrop. (Issue, Pull Request)
- Security: Flask, the web development framework used by SecureDrop, has been updated to a more recent version as a precaution. The previous version has a denial of service vulnerability which does not directly affect SecureDrop. (Issue, Pull Request)
What administrators need to do
SecureDrop Application and Monitor Server code will be updated automatically. Due to a database migration, this update may take longer than usual to complete, especially for instances with a large number of sources and submissions. In case of a service outage of more than one hour, please do not hesitate to reach out for assistance.
The automatic update includes the kernel update from version 4.4.135 to 4.4.144 if you have not changed your default kernel. If you experience issues with this kernel update, please follow our kernel troubleshooting guide.
On a subsequent boot of your SecureDrop Journalist and Admin Workstations, the SecureDrop Workstation Updater will alert you to workstation updates. Choose "Update Now" on each of the workstations:
Please note that this only updates the SecureDrop code on the workstation. Tails upgrades must be performed separately.
Action required for instances with outdated workstation code
If the graphical updater appears when you boot into your Journalist and Admin Workstations, you can ignore these instructions. If the graphical updater does not appear, you probably have not updated your workstations since SecureDrop 0.7.0 (May 15, 2018). You can do so manually by running the following commands on each workstation:
cd ~/Persistent/securedrop
git fetch --tags
gpg --recv-key "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77"
git tag -v 0.9.0
The output should include the following two lines:
gpg: using RSA key 22245C81E3BAEB4138B36061310F561200F4AD77
gpg: Good signature from "SecureDrop Release Signing Key"
Please verify that each character of the fingerprint above matches what you see on the screen of your workstation. If it does, you can check out the new release:
git checkout 0.9.0
Important: Please verify that the output of this command does not contain the text "warning: refname '0.9.0' is ambiguous". If you do see this warning, we recommend that you contact us immediately at securedrop@freedom.press (GPG encrypted).
Finally, run the following command:
./securedrop-admin setup
Action required for instances with downgraded kernels
If you have not taken any action to modify the Linux kernel on your SecureDrop instance, you can ignore this section, as your kernel will be automatically updated to the new version.
If you have previously downgraded your Linux kernel to the 3.14.x series due to compatibility issues with previous kernels, we request that you test kernel version 4.4.144 by following our detailed instructions, once the new kernel becomes available on your system as part of this release.
The 3.14.x-series of the Linux kernel has reached end-of-life. While the SecureDrop kernel has been significantly hardened, migrating to the new kernel is of high importance for the security of your instance. For this reason, SecureDrop 0.9.0 will be the last release to preserve a preference for a 3.14.x series kernel.
Questions and comments
If you have questions or comments regarding this release, please don't hesitate to reach out:
- Via our Support Portal, if you are a member (membership is approved on a case-by-case basis);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!
Acknowledgments
This release was made possible thanks to volunteer code and documentation contributions by heartsucker, Kate Stohr, Loïc Dachary and pierwill.
The translations for all supported languages were updated thanks to the work of many volunteers:
- Arabic: Ali Boshanab, Ahmad Gharbeia, ButterflyOfFire, Erin McConnell, kwadronaut, Loïc Dachary
- Chinese: Chi-Hsun Tsai
- Dutch: kwadronaut
- French: kwadronaut
- German: kwadronaut
- Hindi: Drashti
- Italian: kwadronaut, Claudio Arseni
- Norwegian: Øyvind Bye Skille, Allan Nordhøy
- Portuguese: Bernardo Tonasse
- Russian: Andrey, kwadronaut
- Spanish: Pablo Di Noto
- Swedish: Jonas Franzén
- Turkish: tekrei
Kushal Das acted as the internationalization coordinator for this release.