Pre-Release Announcement

SecureDrop 2.4.0: Pre-Release Announcement

May 12, 2022

(Update: SecureDrop 2.4.0 has been delayed to May 24, 2022 to provide additional time for QA testing and translations.)

SecureDrop 2.4.0 is scheduled to be released on May 24, 2022 (originally May 19, 2022). We will send out another notification through this blog, Twitter, Mastodon, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.

What’s coming in SecureDrop 2.4.0?

For sources

  • Usability: The design of the Source Interface was overhauled, including: (Issue, Pull Request)
    • Notification messages consistently have an accompanying heading and icon
    • Use of new monochrome icons based on Material Design
    • Improved support for right-to-left languages
    • Simplified and updated warning to disable JavaScript
    • Fixes for making tab focus properly visible and consistently ordering buttons
  • Usability: Some potentially offensive words have been removed from the list that is used to generate codenames. (Issue, Pull Request)

For journalists and administrators

  • Localization: When a configured user interface language is no longer supported by SecureDrop, administrators will now receive OSSEC alerts (instead of the application crashing). (Issue, Pull Request)
  • Alerts: Administrators will no longer receive inactionable OSSEC alerts from “fwupd”, which is not used by SecureDrop. (Issue, Pull Request)

What administrators will need to do

SecureDrop Application and Monitor Servers will be updated to SecureDrop 2.4.0 automatically within 24 hours of the release. As with previous releases, we will provide instructions for performing the workstation updates at the time of the release.

Questions and comments

If you have questions or comments regarding this release, please contact us:

  • Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
  • Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
  • Via our community forums.

We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).

Thank you for using SecureDrop!

Return to News