We’re pleased to announce that SecureDrop 1.8.2 has been released. This is a bugfix release only issued for servers running Ubuntu 20.04. A complete list of changes can be found on GitHub.

What’s new in SecureDrop 1.8.2?

For administrators

• Bugfix: This release restores OSSEC email delivery on mailservers that perform strict validation of the sender address against the authenticated username. By default, the sender address will now be the SASL username followed by the SASL domain name. (Issue, Pull Request)
• Bugfix: The restore script will no longer copy the backup tarball into the Tails temporary filesystem, which could cause large restore operations to fail due to memory limitations (Issue, Pull Request).
• Code Verification: This release includes a new public signing key that will be used to verify future SecureDrop releases after this one. The current public signing key will be allowed to expire on June 30, 2021. (Issue, Pull Request)

What administrators need to do

SecureDrop Application and Monitor Servers running Ubuntu 20.04 will be updated to SecureDrop 1.8.2 automatically within 24 hours of the release. As with previous releases, we recommend that you update your Tails workstations to the latest version of Tails and the latest version of SecureDrop. Please see our upgrade guide for instructions.

If you have not migrated to Ubuntu 20.04 yet, you must do so at your earliest convenience. If your servers are still running Ubuntu 16.04, please follow our migration guide, or reinstall SecureDrop.

Questions and comments

If you have questions or comments regarding this release, please contact us:

• Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
• Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
• Via our community forums.

We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).

Thank you for using SecureDrop!