The release of the next version of SecureDrop, 1.8.0, is scheduled for March 9, 2021. We will send out another notification through this blog, Twitter, Mastodon, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
Important: This will be the first release to provide support for Ubuntu 20.04 (Focal). All administrators must manually upgrade their SecureDrop instances from Ubuntu 16.04 (Xenial) to Ubuntu 20.04 LTS before April 30, 2021. Detailed migration instructions will be provided in conjunction with this release.
What’s coming in SecureDrop 1.8.0?
For journalists and administrators
- Security: This release adds changes that will disable the Source Interface of SecureDrop instances that are still running Ubuntu 16.04 after its end-of-life date of April 30, 2021. To avoid this, administrators should upgrade their servers to Ubuntu 20.04 LTS before April 30. (Issue, Pull request)
- Usability: In the list of all sources, journalists are now given the option to delete only files and messages associated with a source, instead of deleting the entire source account. User interface messages related to source deletion have been clarified. (Issue, Pull request)
For administrators
- Support for Ubuntu 20.04 (Focal): This release adds support for Ubuntu 20.04 LTS as the base operating system for the SecureDrop servers (Tracking Issue). Administrators must manually upgrade before April 30, 2021; instructions will be provided with the release. Details on the upcoming changes are below.
- Security: With this release, the
securedrop-admin
tool on the Admin Workstation will automatically check for updates before performing most administrative commands. (Issue, Pull request) - Dependency updates:
- Tor will be updated from 0.4.4.6 to 0.4.5.6 (Issue, Pull request, Upstream changelog)
Ubuntu 20.04: What’s new for administrators
- Onion services: v2 onion services are not supported on SecureDrop servers running Ubuntu 20.04. (Tracking issue, Issue, Pull request)
- Kernel changes: SecureDrop servers running Ubuntu 20.04 LTS will use the 5.4-series Linux kernel. This release will include the 5.4.97 kernel. (Issue, Pull request)
- Package changes:
paxctld
will replacepaxctl
(Issue, Pull request)aptitude
will not be installed (apt-get
is used instead), andinstall-recommends
is disabled (Pull request)unattended-upgrades
will replacecron-apt
(Issue 1, Issue 2, Pull request)systemd-timesyncd
will replacentp
andntpdate
(Issue 1, Issue 2, Pull request)
- A complete list of changes related to Ubuntu 20.04 (Focal) can be found in our changelog.
What administrators will need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.8.0 automatically within 24 hours of the release. As with previous releases, we will provide instructions for performing the workstation updates at the time of the release.
Important: All administrators will need to manually migrate their SecureDrop instances from Ubuntu 16.04 to Ubuntu 20.04 before April 30, 2021. Detailed migration instructions will be provided in conjunction with the release.
The migration will require on-premises access to the servers. We suggest you schedule a maintenance window of two days during which your servers can be offline and you can perform this upgrade.
Note that SecureDrop will not support v2 onion services on Ubuntu 20.04. If your instance is still using 16-character v2 onion URLs, we recommend enabling v3 onion services as soon as possible to facilitate the OS migration.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!