We are announcing the release of SecureDrop 1.2.2, a bugfix release. Changes that sources, journalists, and administrators should be aware of are summarized in this blog post. A list of changes can also be found on GitHub.

What’s new in SecureDrop 1.2.2?

For administrators

• Bugfix: A dependency issue caused installations and updates of Admin and Journalist Workstations to fail around March 8. This issue has no implications for your SecureDrop server and impacts only your workstations. The issue has been fixed by enforcing an update of the setuptools dependency. (Issue, Pull Request)
• Dependency update: As a precaution, the psutil dependency has been updated from version 5.4.3 to version 5.7.0, due to a memory management issue in earlier versions. (Pull Request)

What administrators need to do

SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.2.2 automatically within 24 hours of the release.

We recommend that you update your Tails workstations to the latest version of Tails and the latest version of SecureDrop. You should be able to use the graphical updater to update the SecureDrop code on your workstations, but you can use the manual update process if it fails for any reason. See our upgrade guide for more information.

Questions and comments

If you have questions or comments regarding this release, please contact us:

• Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
• Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
• Via our community forums.

We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).

Thank you for using SecureDrop!