The release of the next version of SecureDrop, 1.2.0, is scheduled for Tuesday, December 3, 2019. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s coming in SecureDrop 1.2.0?
- New feature: Administrators will be able to disable document uploads by sources, so that a SecureDrop installation can be restricted to text-only exchanges between journalists and sources, without the ability to attach documents or other files. (Pull Request)
- Behavior change: Submissions deleted through the Journalist Interface will now be moved into the directory
/var/lib/securedrop/shredderon the Application Server, from where they are securely deleted using a systemd service in regular intervals. This replaces the use of a Redis-based job queue in combination with Supervisord to manage deletions. The Redis-backed queue is still used for other asynchronous jobs. (Issue, Pull Request).
- Kernel update: This release will include a major kernel update, from the 4.4 series to the 4.14 series, as the 4.4 series will reach end-of-life for security updates by the end of this year. This kernel also includes patches for recently disclosed vulnerabilities impacting systems using Intel processors; see our security advisory for more information. (Issue, Pull Requests: 1, 2)
- Journalist Interface API: When requesting an authentication token, the API response will now include the first and last name configured for the authenticated account. (Pull Request)
What administrators will need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.2.0 automatically within 24 hours of the release. As with previous releases, we will provide instructions for performing the workstation updates at the time of the release.
If you have not upgraded your workstations to Tails 4 yet, we urge you to do so as soon as possible, but you will still be able to perform the upgrade after this release.
This release includes a kernel update. While we have tested this kernel extensively on supported hardware, it is possible that it will cause problems on your servers after the update. At the time of the release, we will provide instructions for troubleshooting kernel issues, and for temporarily downgrading to a previous version.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via firstname.lastname@example.org (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!