We’re pleased to announce that SecureDrop 2.0.2 has been released. This is a maintenance release that updates the Linux kernel on your SecureDrop servers. A complete list of changes can be found on Github.
What’s new in SecureDrop 2.0.2?
For administrators
- Kernel update: The Linux kernel version has been updated from 5.4.97 to 5.4.136 to include patches for recently discovered security issues, including the Sequoia privilege escalation vulnerability.
While a successful exploit would require that an attacker has already obtained code execution capabilities on the system, this kernel update provides additional defense in depth. (Issue, Pull Request)
What administrators need to do
SecureDrop Application and Monitor Servers running Ubuntu 20.04 will be updated to SecureDrop 2.0.2 automatically within 24 hours of the release. As with previous releases, we recommend that you update your Tails workstations to the latest version of Tails and the latest version of SecureDrop. Please see our upgrade guide for instructions.
If you experience any issues with the updated Linux kernel, please see our kernel troubleshooting guide, or get in touch with us.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!