We are pleased to announce the release of SecureDrop 1.2.1. Changes that sources, journalists, and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.

What’s new in SecureDrop 1.2.1?

For sources

• Bugfix: The Source Interface no longer displays a security reminder to use Tor Browser when you access it in Tor Browser for macOS or Windows. The detection logic was updated to account for recent changes in Tor Browser. (Issue, Pull Request)

For journalists

• Feature removal: We have removed the “Change codename” feature that lets journalists generate a new two-word designation for a source shown in the Journalist Interface. A recent newsroom survey has indicated that this feature is not in wide use. (Issue, Pull Request)

For developers

• Journalist Interface API: The performance of the /sources endpoint has been significantly improved through the use of a key fingerprint cache. (Pull Request)

What administrators need to do

SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.2.1 automatically within 24 hours of the release.

As with previous releases, we recommend that you update your Tails workstations to the latest version of Tails and the latest version of SecureDrop. See our upgrade guide for more information.

Questions and comments

If you have questions or comments regarding this release, please contact us:

• Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
• Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
• Via our community forums.

We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).

Thank you for using SecureDrop!