The release of the next version of SecureDrop, 1.3.0, is scheduled for Tuesday, May 12, 2020. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s coming in SecureDrop 1.3.0?
For sources
- Bugfix: Sources will no longer see an error when they attempt to create a codename after already having done so in another browser tab. Instead, they will see a message letting them know that they are already logged in. (Issue, Pull Request)
- UI update: The “Remember, your codename is:” hint on the submission page will be moved to the top of the page for easier discoverability, and the “Read Replies” section will more clearly indicate when there are no replies. (Issue, Pull Request, Screenshot)
- UI update / behavior change: The messaging in the Source Interface will be updated to account for a new placement and appearance of the “New Identity” button in recent versions of Tor Browser. In addition, sources will now see a dedicated page after logging out, to focus attention on the recommendation to click the “New identity” button. (Issue, Pull Request)
- UI update: The Source Interface will now use language like “our team” where it previously used language like “our journalists”, to avoid confusion in cases where SecureDrop is used by organizations that are not newsrooms. (Issue, Pull Request)
For journalists
- Bugfix: Visiting a path that does not exist in the Journalist Interface will no longer produce an internal server error. (Issue, Pull Request)
For administrators
- New feature: You will now be able to restore a backup without also applying the Tor service configuration from the backup to your Application Server. This can be useful if the Tor service configuration has changed since the last backup, e.g., because v3 services were enabled. (Issue, Pull Request)
- Bugfix: This release will include two fixes for the graphical updater for Journalist and Admin Workstations. Note that these fixes will only take effect after you have applied this update to your workstations.
- The updater will more reliably handle input of the Tails admin password, and will report timeout errors. (Issue, Pull Request)
- The updater will now exit silently and write a syslog entry if it is already running, instead of displaying an error. This is because the update itself caused the error to appear during the update process. (Issue, Pull Request)
- New guides: The documentation will include two new guides for admins:
- a guide to offboarding journalists or administrators. (Issue, Pull Request)
- a guide to updating the BIOS on the recommended Intel NUC hardware. (Pull Request)
- Kernel update: This release will include an update from version 4.14.154 to 4.14.175 of the grsecurity-patched kernel. (Issue, Pull Request)
- Dependency updates: The following dependencies on the SecureDrop servers will be updated:
- Ansible from version 2.7.13 to 2.9.7 (Issue, Pull Request, Changelogs: 2.7, 2.8, 2.9)
- OSSEC from version 3.0.0 to 3.6.0 (Pull Request, Changelogs)
- Tor from version 0.4.1.6 to 0.4.2.7 (Issue, Pull Request, Changelogs)
For developers
- Journalist API:
- Performance improvement: SecureDrop will now cache the public keys of sources, to significantly improve performance of the
/get_all_sources
endpoint. (Issue, Pull Request) - Bugfix: The
/replies
endpoint will now correctly return replies associated with a deleted journalist account (Issue, Pull Request)
- Performance improvement: SecureDrop will now cache the public keys of sources, to significantly improve performance of the
- Metadata API Update: The publicly accessible SecureDrop metadata endpoint at yoursourceinterfaceaddress.onion/metadata will now include the addresses of your Source Interface (v2 and/or v3 address, depending on configuration). (Issue, Pull Request)
What administrators will need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.3.0 automatically within 24 hours of the release. As with previous releases, we will provide instructions for performing the workstation updates at the time of the release.
This release will include a kernel update. While we have tested the updated kernel extensively on supported hardware, it is possible that it will cause problems on your servers after the update. At the time of the release, we will provide instructions for troubleshooting kernel issues and temporarily downgrading to a previous version.
If you have not upgraded your workstations to Tails 4 yet, we urge you to do so as soon as possible.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!