SecureDrop 1.6.0 will be released on October 7, 2020. We will send out another notification through this blog, Twitter, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
Security reminder: If your SecureDrop instance is still using 16-character v2 onion URLs, you should migrate to v3 onion services at the earliest opportunity, and contact us via the Support Portal if you require assistance doing so. Due to security and anonymity improvements in v3 of the onion services protocol, support for v2 onion services will be removed from SecureDrop in February 2021.
What’s coming in SecureDrop 1.6.0?
For all users
- Usability: Application and dependency names have been accurately capitalized to improve readability (Pull Request 1, Pull Request 2)
- Bugfix: An issue preventing sources from submitting documents or messages when reply files were unavailable has been fixed. (Issue, Pull Request)
- Dependency updates: The following dependencies on the SecureDrop servers have been updated:
- Journalist API:
/usersendpoint has now been added to enumerate all Journalist Interface accounts. (Issue, Pull Request)
- Support for “seen/unseen” messages, files, and replies has been added to SecureDrop in order to support functionality in SecureDrop Workstation. A submission is considered “seen” if it has been downloaded by any journalist. (Issue, Pull Request 1, Issue 2, Pull Request 2).
- Usability: Support for screenshots in Weblate has been added to provide visual context to translators. (Issue, Pull Request)
What administrators will need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.6.0 automatically within 24 hours of the release. As with previous releases, we will provide instructions for performing the workstation updates at the time of the release.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via firstname.lastname@example.org (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!