SecureDrop 2.7.0 is scheduled to be released on November 2, 2023. We will send out another notification through this blog, Mastodon, X (formerly Twitter), and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s coming in SecureDrop 2.7.0?
For sources, journalists, administrators, and developers
- Security: SecureDrop 2.7.0 introduces
Sequoia-PGP
for encryption/decryption operations instead ofGnuPG
andpretty_bad_protocol
, and will include an automatic migration of existing keys. See administrator notes below; a more detailed blog post is forthcoming. (#6891, #6884, #6913, #6912, #6925, #6926, #6949, #6958, #6892, #6948, #6946, #6970, #6975, #6972, #6983, #6981, #6998) - Localization: Our translation workflow now supports continuous updates (#6953, #6954, #6985, #6997, #6984)
- Localization: Improvements to our French diceware wordlist (#6936)
For administrators
- Deployment:
securedrop-admin
tooling now checks for and rejects weak GPG keys with a SHA-1 backing signature (#6928)- More information: https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/
- Deployment: Remove Ansible check for installed Tor version on servers (#6894)
For developers
- Dependency changes:
- Update
Ansible
from 2.9.26 to 6.7.0 (ansible-core
version 2.13.7) (#6830) - Update
cryptography
from 41.0.1 to 41.0.3 (#6940) - Remove
boto
andboto3
dependencies (#6890) - Remove
hypothesis
dependency (#6893) - Update
certifi
from 2022.12.7 to 2023.7.22 (#6900) - Update
pillow
from 9.3.0 to 10.0.1 (#6959) - Update
markupsafe
from 2.0.1 to 2.1.2 (#7014) - Import
Markup
andescape
frommarkupsafe
(#6964)
- Update
- Update default Dockerfile application versions:
- Replace
bandit
,flake8
,pylint
, andisort
withruff
(#6885, #6932, #6961, #6995) - Replace
pretty_bad_protocol
dependency with vendored version (#6836, #6907)
What administrators will need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 2.7.0 automatically within 24 hours of the release. As with previous releases, we will provide instructions for performing the workstation updates at the time of the release.
Note: This release will remove support for submission PGP keys with legacy SHA-1-based binding signatures. The SecureDrop Journalist Interface will not start when the instance has been configured with such a key. If you have set up SecureDrop according to our documentation, you are not using such keys; no SecureDrop instances known to us are affected by this change.
If you are unsure if you will be affected by this change, you can reach out to us for support. Our recommended course of action is to check your Submission Public Key, available at the /public-key
endpoint of your SecureDrop Source Interface onion url, using the sq-keyring-linter
program installable on your Admin Workstation. If your key contains insecure SHA-1-based signatures, we suggest creating a new Submission Keypair according to our documentation. You should not delete the old key from your Secure Viewing Station, so that you can still decrypt old submissions. We are happy to assist you with this process. As a reminder, all key material should be generated on an air-gapped machine, and should never reside on a network-connected device.
For more detailed information about why keys with SHA-1 signatures are insecure, see https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file nonsensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!