We are pleased to announce the release of SecureDrop 1.2.0. Changes that sources, journalists, and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s new in SecureDrop 1.2.0?
For administrators
- New feature: Administrators can now disable Source Interface document uploads, restricting their SecureDrop installation to text-only exchanges between journalists and sources, without the ability to attach documents or other files. (Pull Request)
- Behavior change: Submissions deleted through the Journalist Interface are now moved into the
/var/lib/securedrop/shredder
directory on the Application Server, from where they are securely deleted using a systemd service at regular intervals. This replaces the use of a Redis-based job queue in combination with Supervisord to manage deletions. The Redis-backed queue is still used for other asynchronous jobs. (Issue, Pull Request). - Kernel update: This release includes a major kernel update, from the 4.4 series to the 4.14 series, as the 4.4 grsecurity patches will reach end-of-life for security updates by the end of this year. This kernel also includes patches for recently disclosed vulnerabilities impacting systems using Intel processors; see our security advisory for more information. (Issue, Pull Requests: 1, 2)
For developers
- Journalist Interface API: When requesting an authentication token, the API response now includes the first and last name configured for the authenticated account. (Pull Request)
What administrators need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.2.0 automatically within 24 hours of the release.
As with previous releases, we recommend that you update your Tails workstations to the latest version of Tails and the latest version of SecureDrop. Please see our upgrade guide for instructions.
This release includes a kernel update. While we have tested this kernel extensively on supported hardware, it is possible that it will cause problems on your servers after the update. Please see our upgrade guide for information about troubleshooting and temporarily downgrading your kernel.
Acknowledgments
This release was made possible thanks to volunteer code and documentation contributions by DrGFreeman, Garrett Robinson, and Whistleblower Aid.
The translations for all supported languages were updated thanks to the work of many volunteers:
- Arabic: Thalia Rahme
- Catalan: Benet (BennyBeat) R. i Camps
- Czech: 1000101, michaela-bot
- Chinese: Chi-Hsun Tsai, H.-L. Lee
- Dutch: Yarno Ritzen, kwadronaut
- French: AO
- German: Robin Schubert, Nicolas
- Greek: Adrian, Dimitris Maroulidis
- Hindi: Chandan Kumar (raukadah), Drashti
- Icelandic: Oktavia, Sveinn à Felli
- Italian: Claudio Arseni
- Norwegian: Allan Nordhøy, Øyvind Bye Skille
- Portuguese (Brazil): CecÃlia do Lago, communiaa
- Romanian: Jobava, robbpa
- Russian: Adham Kurbanov, Maria Ovsyannikova
- Slovak: 1000101, Oliver
- Spanish: Adolfo Jayme-Barrientos, carlos, Anatoli, Daniel Arauz, Freddy Martinez
- Swedish: Jonas Franzén, Allan Nordhøy
- Turkish: Kaya Zeren, Orhan
Thanks to the Localization Lab for supporting this effort.
This release incorporates Freedom of the Press Foundation contributions by Kevin O’Gorman (Release Manager), Jen Helsby (Deputy RM), John Hensley (Localization Manager), Kushal Das (Deputy LM), Conor Schaefer, Rowen S., Nina Alter, and Erik Moeller.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!