We’re pleased to announce that SecureDrop 1.8.0 has been released. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
Important: This is the first release to provide support for Ubuntu 20.04 (Focal). All administrators must manually upgrade their SecureDrop instances from Ubuntu 16.04 (Xenial) to Ubuntu 20.04 LTS before April 30, 2021. Detailed migration instructions are here.
What’s new in SecureDrop 1.8.0?
For journalists and administrators:
- Security: This release adds changes that will disable the Source Interface of SecureDrop instances that are still running Ubuntu 16.04 after its end-of-life date of April 30, 2021. To avoid this, administrators should upgrade their servers to Ubuntu 20.04 LTS before April 30. (Issue, Pull request)
- Usability: In the list of all sources, journalists are now given the option to delete only files and messages associated with a source, instead of deleting the entire source account. User interface messages related to source deletion have been clarified. (Issue, Pull request)
For administrators:
- Support for Ubuntu 20.04 (Focal): This release adds support for Ubuntu 20.04 LTS as the base operating system for the SecureDrop servers (Tracking Issue). Administrators must manually upgrade before April 30, 2021; instructions are here. For details on the upcoming changes, see below.
- Security: With this release, the
securedrop-admin
tool on the Admin Workstation automatically checks for updates before performing most administrative commands. (Issue, Pull request) - Dependency updates:
- Tor has been updated from 0.4.4.6 to 0.4.5.6 (Issue, Pull request, Upstream changelog)
Ubuntu 20.04: What’s new for administrators:
- Onion services: v2 onion services are not supported on SecureDrop servers running Ubuntu 20.04. (Tracking issue, Issue, Pull request)
- Kernel changes: SecureDrop servers running Ubuntu 20.04 LTS will use the 5.4-series Linux kernel. This release will include the 5.4.97 kernel. (Issue, Pull request)
- Package changes:
paxctld
will replacepaxctl
(Issue, Pull request)aptitude
will not be installed (apt-get
is used instead), andinstall-recommends
is disabled (Pull request)unattended-upgrades
will replacecron-apt
(Issue 1, Issue 2, Pull request)systemd-timesyncd
will replacentp
andntpdate
(Issue, Issue 2, Pull request)
- A complete list of changes related to Ubuntu 20.04 (Focal) can be found in our changelog.
What administrators will need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 1.8.0 automatically within 24 hours of the release. Instructions for performing the workstation upgrades are here.
Important: All administrators will need to manually migrate their SecureDrop instances from Ubuntu 16.04 to Ubuntu 20.04 before April 30, 2021. Detailed migration instructions are here.
The migration will require on-premises access to the servers. We suggest you schedule a maintenance window of two days during which your servers can be offline and you can perform this upgrade.
Note that SecureDrop will not support v2 onion services on Ubuntu 20.04. If your instance is still using 16-character v2 onion URLs, an alternate migration path will allow you to move to Ubuntu 20.04 while retaining data from your old instance.
Acknowledgments
This release was made possible thanks to volunteer code and documentation contributions by Gonzalo Bulnes Guilpain, Joan Edwards, and pierwill.
The translations for all supported languages were updated thanks to the work of many volunteers:
- Arabic: andrea Sommer Ryan, Layla Taha, Ahmed Essam, erinm
- Catalan: Benet (BennyBeat) R. i Camps, Joan Montané
- Chinese (Simplified): ff98sha
- Chinese (Traditional): mengpangwang, erinm, Chi-Hsun Tsai
- Croatian: Igor K.
- Czech: Honza Cibulka, michaela-bot
- Dutch: Thom, kwadronaut
- French: AO Localization Lab
- German: kwadronaut, erinm, Robin Schubert, Ettore Atalan
- Greek: Adrian, Dimitris Maroulidis
- Icelandic: Oktavia, Sveinn í Felli
- Italian: Claudio Arseni
- Norwegian Bokmål: kwadronaut, erinm, Øyvind Bye Skille
- Portuguese (Brazil): Rodolfo Viana, communiaa
- Portuguese (Portugal): deeplow
- Romanian: robbpa
- Russian: Adham Kurbanov
- Sinhala: helabasa
- Slovak: ViktoriaAndr, 1000101
- Spanish: Gonzalo Bulnes Guilpain, erinm, Zuhualime Akoochimoya
- Swedish: Jonas Waga
- Turkish: Volkan, Kaya Zeren
- Thai: Charlie Haviland
Thanks to Erin McConnell and the Localization Lab for supporting this effort.
This release incorporates Freedom of the Press Foundation contributions by: Allie Crevier, Kushal Das, Mickael E. (deputy release manager, deputy localization manager), John Hensley (localization manager), Erik Moeller, Kevin O’Gorman (release manager), Rowen S. (communications manager), and Conor Schaefer.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!