We are pleased to announce the release of SecureDrop 1.1.0. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s new in SecureDrop 1.1.0?
For journalists and administrators
Tails upgrade: This release is the first to support using Tails 4.0 on all workstations. Tails 4.0 is scheduled to be released on October 22. Because the 3.x series of Tails will not receive security updates after the release of Tails 4.0, we recommend updating to Tails 4 as soon as possible (see below). SecureDrop 1.1.x will be the last release series to support Tails 3.x. (Issue, PRs: 1, 2)
- Most users should not notice major changes in behavior. See the release notes for the beta and the release candidate for a detailed summary of changes in Tails 4. Notably, Tails 4 ships with KeePassXC instead of KeePassX. (Password databases created in KeePassX can be opened in KeePassXC.) Tails 4 also includes a new version of the Metadata Anonymization Toolkit. There is no longer a “Home” shortcut on the desktop; use the “Places” menu at the top to quickly navigate folders.
Bugfix: The graphical SecureDrop updater running on workstations now shows an error message if you attempt to update without having a set a Tails administrator password, instead of causing subsequent update attempts to fail. This fix will only take effect after you have updated your workstation to SecureDrop 1.1.0. (Issue, Pull Request)
For administrators
Dependency update: The
securedrop-admin
command on your workstations has been updated to use Python 3, which will require manual action (see below). (Issue, Pull Request)Dependency updates: The following dependencies on the SecureDrop servers have been updated (Pull Requests: 1, 2):
- Tor from version 0.4.1.5 to 0.4.1.6
- Ansible from version 2.6.14 to 2.7.13
- PyYAML from version 3.12 to 5.1.2
- Werkzeug from version 0.14.1 to 0.16.0
New languages: SecureDrop is now available in Czech and Slovak. You can enable these or any other supported languages by following our documentation.
Code cleanup: This release removes Python 2 support from the SecureDrop server code, which was transitioned to Python 3 as part of SecureDrop 1.0.0. (Issue, Pull Request)
Bugfix: The
securedrop-app-code
Debian package now fully specifies its dependencies. This fixes a problem where an underspecified dependency onlibpython3.5
could cause problems when other non-SecureDrop packages were removed from the system. (Issues: 1, 2; Pull Request)
What administrators need to do
Servers
SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.1.0 automatically.
Workstations
This release is the first one to support Tails 4, which is scheduled to be released on October 22. In order to ensure that your workstations will continue to receive Tails security updates, we recommend updating your workstations to Tails 4 soon after the release. Because this is a major upgrade, you need to perform it manually on each workstation.
This release also migrates the securedrop-admin
command to Python 3, as the Python 2 series reaches end-of-life on January 1, 2020. To complete this migration, you will need to update the Python environment on your Journalist and Admin Workstations.
Follow the instructions in our upgrade guide to perform these upgrades on each workstation.
Acknowledgments
This release was made possible thanks to volunteer code and documentation contributions by Giovanni Pellerano and pierwill.
1000101, michaela-bot and Michal Stanke contributed a new Czech translation of SecureDrop. 1000101, Oliver and darmozrac contributed a new Slovak translation. Thanks to the Localization Lab for supporting this effort.
This release incorporates Freedom of the Press Foundation contributions by Kushal Das (Release Manager), Mickael E. (Deputy RM), John Hensley (Localization Manager), Jen Helsby (Deputy LM), Conor Schaefer, Kevin O’Gorman, Rowen S., Nina Alter, and Erik Moeller.
Questions and comments
If you have questions or comments regarding this release, please don't hesitate to reach out:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!