SecureDrop 2.12.0 is scheduled to be released on March 18, 2025. We will send out another notification through this blog, Mastodon, X, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
Ubuntu 24.04 (Noble) migration
This release will add support for Ubuntu 24.04 (Noble). All SecureDrops must be upgraded from Ubuntu 20.04 (Focal) to Noble, by the Focal end-of-life on May 31, 2025. This process is far simpler than past upgrades as it has been fully automated. Administrators will have two options: a semiautomated upgrade or a fully automated upgrade. More details and documentation will be provided at release time; see our previous blog post for more information about the automated upgrade process.
What’s coming in SecureDrop 2.12.0?
For administrators
Ubuntu 24.04 (Noble) support
- Add support for manual upgrades from Focal to Noble (issue, pull request)
- Add script to upgrade from Ubuntu 20.04 (Focal) to Noble (issue, pull request)
- Add CI staging support for Noble (issue, pull request)
- Add the
sdssh
group before using it in ACLs (issue, pull request) - Set a fixed machine-id to ensure phased Noble updates are consistent (issue, pull request)
Operations
- Add support for disabling previously supported languages (issue, pull request)
- Remove Hindi as a supported language (pull request)
- Improve
securedrop-admin
error messaging (issue, pull request) - Update
systemd
services usingType=exec
to useType=simple
(issue, pull request) - Add a single script to manage Redis authentication changes (issue, pull request)
- Ensure
/etc/iptables
exists before writing to it (issue, pull request) - Fix
systemd
ConditionPathExists
syntax (issue, pull request)
For developers
- Update
redwood
to use stabilizedFile::create_new()
(pull request) - Update Rust toolchain to 1.84.1 (issue, issue, rull request, pull request)
- Update
backport.py
utility script (pull request) - Remove unused translator credits file (pull request)
- Update date string formatting to follow ISO8061 standards (issue, pull request)
- Add support for Podman in
make dev-tor
(pull request) - Update
make update-python3-requirements
to use a container (issue, pull request) - Add Github Actions workflow linting via
zizmor
(pull request) - Add
flake8-bugbear
rules toruff
config (pull request) - Update
testinfra
tests to resolve dpkg lock contention (issue, pull request) - Update Tor Browser tests to be parameterized by locale (issue, pull request)
- Update
testinfra
tests to handle unapplied phased updates (issue, pull request) - Update
testinfra
tests to speed uppam_ecryptfs
check (pull request) - Update dependency review documentation to reflect Rust and Python differences (pull request)
- Ignore safety alerts:
- Ignore Safety 74221, 74261 in
ansible-core
(pull request) - Ignore Safety 73969 in
jinja2
(rpull request)
- Ignore Safety 74221, 74261 in
- Update dependencies:
- Update
pip
to 25.0 (pull request) - Update Rust
openssl
dependency to 0.10.70 (pull request)
- Update
What administrators will need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 2.12.0 automatically within 24 hours of the release. As with previous releases, we will provide instructions for performing the workstation updates at the time of the release.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request)
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously)
- Via our community forums
We also encourage you to file nonsensitive issues you encounter in our GitHub repository (issue report form). Thank you for using SecureDrop!