SecureDrop 2.5.0 is scheduled to be released on Oct 18, 2022. We will send out another notification through this blog, Twitter, Mastodon, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.

What’s coming in SecureDrop 2.5.0?

For sources

• Usability: Fixed an issue with how organization names containing special characters are displayed (Issue, Pull Request)
• Usability: Some potentially offensive words have been removed from the list that is used to generate codenames (Pull Request)

For journalists and administrators

• Authentication: After logging in, the journalist’s session details are now stored on the server rather than on-device, and session behavior has been made consistent across the Journalist Interface and the API (Pull Request)
• Usability: The template password database for Journalist and Admin Workstations has been updated with more accurate descriptions (Issue, Pull Request)
• Localization: A phrase in the Journalist Interface that was always shown in English is now translatable (Pull Request)

For developers

• Documentation: Developer documentation has been removed from the main project documentation, and moved to its own site at developers.securedrop.org (Issue, Pull Request)
• Dependency updates: The following dependencies have been updated:
  • mako from 1.07 to 1.2.2 (Pull Request)
  • secrets module is now used instead of random (Pull Request)

What administrators will need to do

SecureDrop Application and Monitor Servers will be updated to SecureDrop 2.5.0 automatically within 24 hours of the release. As with previous releases, we will provide instructions for performing the workstation updates at the time of the release.

Questions and comments

If you have questions or comments regarding this release, please contact us:

• Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
• Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
• Via our community forums.

We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).

Thank you for using SecureDrop!