We are pleased to announce the release of SecureDrop 1.1.0. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s new in SecureDrop 1.1.0?
For journalists and administrators
Tails upgrade: This release is the first to support using Tails 4.0 on all workstations. Tails 4.0 is scheduled to be released on October 22. Because the 3.x series of Tails will not receive security updates after the release of Tails 4.0, we recommend updating to Tails 4 as soon as possible (see below). SecureDrop 1.1.x will be the last release series to support Tails 3.x. (Issue, PRs: 1, 2)
- Most users should not notice major changes in behavior. See the release notes for the beta and the release candidate for a detailed summary of changes in Tails 4. Notably, Tails 4 ships with KeePassXC instead of KeePassX. (Password databases created in KeePassX can be opened in KeePassXC.) Tails 4 also includes a new version of the Metadata Anonymization Toolkit. There is no longer a “Home” shortcut on the desktop; use the “Places” menu at the top to quickly navigate folders.
Bugfix: The graphical SecureDrop updater running on workstations now shows an error message if you attempt to update without having a set a Tails administrator password, instead of causing subsequent update attempts to fail. This fix will only take effect after you have updated your workstation to SecureDrop 1.1.0. (Issue, Pull Request)
- Tor from version 0.4.1.5 to 0.4.1.6
- Ansible from version 2.6.14 to 2.7.13
- PyYAML from version 3.12 to 5.1.2
- Werkzeug from version 0.14.1 to 0.16.0
New languages: SecureDrop is now available in Czech and Slovak. You can enable these or any other supported languages by following our documentation.
securedrop-app-codeDebian package now fully specifies its dependencies. This fixes a problem where an underspecified dependency on
libpython3.5could cause problems when other non-SecureDrop packages were removed from the system. (Issues: 1, 2; Pull Request)
What administrators need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.1.0 automatically.
This release is the first one to support Tails 4, which is scheduled to be released on October 22. In order to ensure that your workstations will continue to receive Tails security updates, we recommend updating your workstations to Tails 4 soon after the release. Because this is a major upgrade, you need to perform it manually on each workstation.
This release also migrates the
securedrop-admin command to Python 3, as the Python 2 series reaches end-of-life on January 1, 2020. To complete this migration, you will need to update the Python environment on your Journalist and Admin Workstations.
Follow the instructions in our upgrade guide to perform these upgrades on each workstation.
1000101, michaela-bot and Michal Stanke contributed a new Czech translation of SecureDrop. 1000101, Oliver and darmozrac contributed a new Slovak translation. Thanks to the Localization Lab for supporting this effort.
This release incorporates Freedom of the Press Foundation contributions by Kushal Das (Release Manager), Mickael E. (Deputy RM), John Hensley (Localization Manager), Jen Helsby (Deputy LM), Conor Schaefer, Kevin O’Gorman, Rowen S., Nina Alter, and Erik Moeller.
Questions and comments
If you have questions or comments regarding this release, please don't hesitate to reach out:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via firstname.lastname@example.org (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!