The release of the next version of SecureDrop, 1.1.0, is scheduled for Monday, October 21, 2019. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
This release will be the first to support using Tails 4 (scheduled to be released on October 22) on the Admin Workstation, the Journalist Workstation, and the Secure Viewing Station. We recommend updating your workstations to Tails 4 soon after the Tails release; see details below.
What’s coming in SecureDrop 1.1.0?
For journalists and administrators
Tails upgrade: This release will be the first to support using Tails 4.0 on all workstations. Tails 4.0 is scheduled to be released on October 22. Because the 3.x series of Tails will not receive security updates after the release of Tails 4.0, we recommend updating to Tails 4 as soon as possible (see below). (Issue, PRs: 1, 2, 3)
- Most users should not notice major changes in behavior. See the release notes for Tails 4.0 beta 1 and Tails 4.0 release candidate 1 for a detailed summary of changes in Tails 4. Notably, Tails 4 ships with KeePassXC instead of KeePassX as its password manager. (The two are very similar, and password databases created in KeePassX can be opened in KeePassXC.) Tails 4 also includes a new version of the Metadata Anonymization Toolkit.
UI fix: When you click the icons for the Journalist Interface or the Source Interface on the Tails desktop, you will now see an activity indicator, so you are less likely to launch them multiple times by accident. (Issue, Pull Request)
Bugfix: The graphical SecureDrop updater running on workstations will now show an error message if you attempt to update without having set a Tails administrator password, instead of causing subsequent update attempts to fail. This fix will only take effect after you have updated your workstation to SecureDrop 1.1.0. (Issue, Pull Request)
Dependency update: The
securedrop-admincommand on your workstations will be updated to use Python 3, which requires updating the Python environment on your workstations (see below). (Issue, Pull Request)
- New language: SecureDrop will now be available in Czech. You can enable it or any other supported languages by following our documentation.
securedrop-app-codeDebian package will now fully specify its dependencies. This fixes a problem where an underspecified dependency on
libpython3.5could cause problems when other non-SecureDrop packages were removed from the system. (Issues: 1, 2; Pull Request)
What administrators will need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.1.0 automatically.
This release will be the first one to support Tails 4, which is scheduled to be released on October 22. In order to ensure that your workstations will continue to receive Tails security updates, we recommend updating your workstations to Tails 4 soon after the release. Because this is a major upgrade, you will need to perform it manually on each workstation.
This release will also migrate the
securedrop-admin command to Python 3, as the Python 2 series reaches end-of-life on January 1, 2020. To complete this migration, you will need to update the Python environment on your Journalist and Admin Workstations.
As part of the release, we will provide instructions for performing workstation updates of the SecureDrop code, the
securedrop-admin command, and the Tails operating system.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via firstname.lastname@example.org (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!