We’re pleased to announce that SecureDrop 2.12.0 has been released. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found in the changelog on GitHub.

This release adds support for Ubuntu Noble, including a semiautomated upgrade process. Administrators may opt to upgrade at their own convenience before April 15, 2025, or may wait for our automated upgrade process, which will begin taking effect after that date. More information can be found in our migration guide.

What’s new in SecureDrop 2.12.0?

For administrators

Ubuntu 24.04 (Noble) support

• Add support for manual upgrades from Focal to Noble (issue, pull request)
• Add script to upgrade from Ubuntu 20.04 (Focal) to Noble (issue, pull request)
• Add CI staging support for Noble (issue, pull request)
• Add the sdssh group before using it in ACLs (issue, pull request)
• Set a fixed machine-id to ensure phased Noble updates are consistent (issue, pull request)

Operations

• Add support for disabling previously supported languages (issue, pull request)
• Remove Hindi as a supported language (pull request)
• Improve securedrop-admin error messaging (issue, pull request)
• Update systemd services using Type=exec to use Type=simple (issue, pull request)
• Add a single script to manage Redis authentication changes (issue, pull request)
• Ensure /etc/iptables exists before writing to it (issue, pull request)
• Fix systemd ConditionPathExists syntax (issue, pull request)

For developers

• Update redwood to use stabilized File::create_new() (pull request)
• Update Rust toolchain to 1.84.1 (issue, issue, rull request, pull request)
• Update backport.py utility script (pull request)
• Remove unused translator credits file (pull request)
• Update date string formatting to follow ISO8061 standards (issue, pull request)
• Add support for Podman in make dev-tor (pull request)
• Update make update-python3-requirements to use a container (issue, pull request)
• Add Github Actions workflow linting via zizmor (pull request)
• Add flake8-bugbear rules to ruff config (pull request)
• Update testinfra tests to resolve dpkg lock contention (issue, pull request)
• Update Tor Browser tests to be parameterized by locale (issue, pull request)
• Update testinfra tests to handle unapplied phased updates (issue, pull request)
• Update testinfra tests to speed up pam_ecryptfs check (pull request)
• Update dependency review documentation to reflect Rust and Python differences (pull request)
• Ignore safety alerts:
  • Ignore Safety 74221, 74261 in ansible-core (pull request)
  • Ignore Safety 73969 in jinja2 (rpull request)
• Update dependencies:
  • Update pip to 25.0 (pull request)
  • Update Rust openssl dependency to 0.10.70 (pull request)

What administrators need to do

SecureDrop Application and Monitor Servers will be updated to SecureDrop 2.12.0 automatically within 24 hours.

Please follow our upgrade guide and get in touch with us if you require assistance.

Acknowledgments

Thanks to Localization Lab for continued support with our translations. Translations were updated thanks to the work of many volunteers:

• Chinese (Simplified Han script): bearbeeprunestardust
• Icelandic: Oktavia, Sveinn í Felli
• Italian: Claudio Arseni, lsd-cat
• Portuguese (Portugal): deeplow
• Swedish: Jonas Waga

Hindi has been removed as a supported language as of this release and can no longer be enabled during installation. If Hindi is currently enabled on your SecureDrop, it will no longer be offered to sources or journalists. If you would like to help expand the languages that SecureDrop supports, please see our instructions on contributing translations.

This release incorporates Freedom of the Press Foundation (FPF) contributions by Nathan Dyer, communications manager; Kunal Mehta; Erik Moeller; Cory Francis Myers, deputy release manager and localization manager; Kevin O’Gorman, release manager; Francisco Rocha; and Rowen S.

Questions and comments

If you have questions or comments regarding this release, please contact us:

• Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request)
• Via securedrop@freedom.press (PGP encrypted) for sensitive security issues (please use judiciously), or submit a report via Bugcrowd

We also encourage you to file nonsensitive issues you encounter in our GitHub repository (issue report form).

Thank you for using SecureDrop!