SecureDrop 2.12.0 is scheduled to be released on March 18, 2025. We will send out another notification through this blog, Mastodon, X, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.

Ubuntu 24.04 (Noble) migration

This release will add support for Ubuntu 24.04 (Noble). All SecureDrops must be upgraded from Ubuntu 20.04 (Focal) to Noble, by the Focal end-of-life on May 31, 2025. This process is far simpler than past upgrades as it has been fully automated. Administrators will have two options: a semiautomated upgrade or a fully automated upgrade. More details and documentation will be provided at release time; see our previous blog post for more information about the automated upgrade process.

What’s coming in SecureDrop 2.12.0?

For administrators

Ubuntu 24.04 (Noble) support

• Add support for manual upgrades from Focal to Noble (issue, pull request)
• Add script to upgrade from Ubuntu 20.04 (Focal) to Noble (issue, pull request)
• Add CI staging support for Noble (issue, pull request)
• Add the sdssh group before using it in ACLs (issue, pull request)
• Set a fixed machine-id to ensure phased Noble updates are consistent (issue, pull request)

Operations

• Add support for disabling previously supported languages (issue, pull request)
• Remove Hindi as a supported language (pull request)
• Improve securedrop-admin error messaging (issue, pull request)
• Update systemd services using Type=exec to use Type=simple (issue, pull request)
• Add a single script to manage Redis authentication changes (issue, pull request)
• Ensure /etc/iptables exists before writing to it (issue, pull request)
• Fix systemd ConditionPathExists syntax (issue, pull request)

For developers

• Update redwood to use stabilized File::create_new() (pull request)
• Update Rust toolchain to 1.84.1 (issue, issue, rull request, pull request)
• Update backport.py utility script (pull request)
• Remove unused translator credits file (pull request)
• Update date string formatting to follow ISO8061 standards (issue, pull request)
• Add support for Podman in make dev-tor (pull request)
• Update make update-python3-requirements to use a container (issue, pull request)
• Add Github Actions workflow linting via zizmor (pull request)
• Add flake8-bugbear rules to ruff config (pull request)
• Update testinfra tests to resolve dpkg lock contention (issue, pull request)
• Update Tor Browser tests to be parameterized by locale (issue, pull request)
• Update testinfra tests to handle unapplied phased updates (issue, pull request)
• Update testinfra tests to speed up pam_ecryptfs check (pull request)
• Update dependency review documentation to reflect Rust and Python differences (pull request)
• Ignore safety alerts:
  • Ignore Safety 74221, 74261 in ansible-core (pull request)
  • Ignore Safety 73969 in jinja2 (rpull request)
• Update dependencies:
  • Update pip to 25.0 (pull request)
  • Update Rust openssl dependency to 0.10.70 (pull request)

What administrators will need to do

SecureDrop Application and Monitor Servers will be updated to SecureDrop 2.12.0 automatically within 24 hours of the release. As with previous releases, we will provide instructions for performing the workstation updates at the time of the release.

Questions and comments

If you have questions or comments regarding this release, please contact us:

• Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request)
• Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously)
• Via our community forums

We also encourage you to file nonsensitive issues you encounter in our GitHub repository (issue report form). Thank you for using SecureDrop!