SecureDrop 2.12.3 Released

April 28, 2025

We’re pleased to announce that SecureDrop 2.12.3 has been released. After an initial set of successful fully automated upgrades to Ubuntu 24.04 (Noble) with 2.12.2, we are now enabling the next batch of automated upgrades. In practice, this will result in approximately 40% of Application Servers being upgraded.

To learn more about this process, or if you receive pre-upgrade error notifications from OSSEC, please review our Noble upgrade guide.

Please note that this release also addresses an issue where some SecureDrop instances that failed the pre-upgrade migration check could remain in a state with automatic updates disabled. The SecureDrop team is monitoring known servers; if we believe this bug has affected you, we will reach out with steps to re-enable automatic updates.

If you experience issues with your upgrade or have any questions, please contact support.

What’s new in SecureDrop 2.12.3?

Ubuntu 24.04 (Noble) upgrade

Enable second phase of automated Noble upgrades (pull request)
Check the Noble migration script status before disabling unattended updates (issue, pull request)

What administrators need to do

Please follow our previous upgrade guide and get in touch with us if you require assistance.

As we previously highlighted, Tails has issued an emergency 6.14.2 release, which fixes several security vulnerabilities in the Linux kernel. If you have not already done so, please make certain to upgrade your Journalist and Admin Workstations to Tails 6.14.2 at your earliest convenience.

Acknowledgments

This release incorporates Freedom of the Press Foundation (FPF) contributions by Nathan Dyer, communications manager; Kunal Mehta, deputy release manager; Erik Moeller; Cory Francis Myers; Kevin O’Gorman, release manager; Francisco Rocha; and Rowen S.

Questions and comments

If you have questions or comments regarding this release, please contact us:

Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request)
Via securedrop@freedom.press (PGP encrypted) for sensitive security issues (please use judiciously), or submit a report via Bugcrowd

We also encourage you to file nonsensitive issues you encounter in our GitHub repository (issue report form).

Thank you for using SecureDrop!

Have a document to share?

You are not anonymous while using this browser!

Your Tor security settings are too low!

Set your Tor security level to "Safest" for maximum protection