The release of the next version of SecureDrop, 1.0.0, is scheduled for September 17, 2019. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
This release will add support for v3 onion services. For security reasons, we recommend transitioning your SecureDrop to v3 soon after the release. See details below.
What’s coming in SecureDrop 1.0.0?
For all users
- UI update: SecureDrop 1.0.0 will include significant updates to SecureDrop’s web-based Source Interface and Journalist/Admin Interface. This includes a cleaned up index page in the Source Interface, a new logo and color palette, and tweaks to positioning, ordering, and spacing throughout. (Issues: 1, 2, 3, 4, 5, 6, 7, Pull Requests: 1, 2, 3, 4)
The new look and feel of the Source Interface in SecureDrop 1.0.0. We recommend customizing the instance logo, as shown in this screenshot, to clearly identify your news organization. See our SecureDrop 1.0.0 brand refresh guide (PDF) for example uses of the new SecureDrop logo.
For journalists
- Bugfix: The “Select unread” button in the Journalist Interface will now correctly select unread submissions, instead of selecting all submissions. (Issue, Pull Request)
For administrators
New feature: This release will add support for enabling v3 onion services for the Source Interface, the Journalist Interface, and SSH access. v3 services provide additional security/anonymity benefits and are recognizable by their 56 character address (e.g.,
kldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion). They can be enabled alongside or instead of v2 services. We recommend transitioning your SecureDrop to v3 in the near future; see below for more information. (Issues: 1, 2, 3, 4, 5, 6, Pull Requests: 1, 2, 3, 4, 5, 6)Bugfix / behavior change: This release will resolve a number of longstanding issues with deleting encrypted submissions from the server effectively and securely (Issues: 1, 2, 3; Pull Requests: 1, 2):
- As part of the update, SecureDrop will delete “orphaned submissions”: messages or documents that have an entry in the database, but no corresponding source. This will resolve a bug that may impact some long-running SecureDrop instances that have operated since before SecureDrop 0.4 (released in July 2017) without a full reinstall.
- Encrypted submission stored on the server will now be deleted using the GNU
shredutility instead ofsrm, with a much smaller number of overwrite operations. The previous behavior had very limited security benefits and caused deletion operations to sometimes take several hours. - If a deletion operation is interrupted by a crash or reboot, SecureDrop will now detect the incomplete operation, and re-enqueue it.
- SecureDrop will now perform a nightly check for submissions which have a copy on the filesystem but no corresponding record in the database, or vice versa. If this check finds a problem, you will be notified via an OSSEC alert, and you will be able to use a maintenance tool to prune data that may not have been properly deleted.
- As part of the update, SecureDrop will delete “orphaned submissions”: messages or documents that have an entry in the database, but no corresponding source. This will resolve a bug that may impact some long-running SecureDrop instances that have operated since before SecureDrop 0.4 (released in July 2017) without a full reinstall.
Security: When an administrator changes the password of a Journalist Interface user, the user will now be logged out of any existing sessions until they re-authenticate. (Issue, Pull Request)
Dependency update: This release will transition all dependencies of the SecureDrop application code to Python 3, as part of a full transition of SecureDrop to Python 3 before the end-of-life date for Python 2 (January 1, 2020). (Issue, Pull Request)
Dependency update: This release will switch SecureDrop to the 0.4.x stable release series of Tor. (Issue, Pull Request)
Documentation update: This release will include many updates to the documentation, including clearer guidance for transferring files from the Secure Viewing Station to a journalist’s everyday workstation, and instructions for upgrading the Secure Viewing Station.
What administrators will need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.0.0 automatically. As with previous releases, we will provide instructions for performing the workstation updates at the time of the release.
v3 support
As noted above, SecureDrop 1.0.0 will be the first release to include support for v3 onion services, recognizable by their longer, 56 character addresses.
Because of the stronger cryptography of v3 services and other improvements to the protocol, we recommend enabling v3 onion services in the near future. Once you enable v3, your SecureDrop will have a new .onion address you can advertise on your landing page.
You will be able to remain on v2, switch to v3, or run v2/v3 alongside each other. We will provide detailed documentation for administrators.
Logo and UI refresh
SecureDrop 1.0.0 will include a logo and design refresh, with the goal to give the project a more consistent and modern appearance that builds trust and credibility. The changes are largely cosmetic (updates to the color palette, spacing, etc.). Users familiar with the old design should have no difficulty navigating the new one.
If you're currently using the SecureDrop logo or SecureDrop screenshots in your landing page or other materials, we encourage you to update them. Please review the SecureDrop 1.0.0 brand guidelines (PDF), which include design assets you can use to plan a logo update on or near the SecureDrop 1.0.0 release date (September 17, 2019).
If you need help updating screenshots, please don't hesitate to reach out.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!