We’re pleased to announce that SecureDrop 2.7.0 has been released. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s new in SecureDrop 2.7.0?
For sources, journalists, administrators, and developers
- Security: SecureDrop 2.7.0 introduces
Sequoia-PGP
for encryption/decryption operations instead ofGnuPG
andpretty_bad_protocol
, and will include an automatic migration of existing keys. See administrator notes below and our separate blog post. (#6891, #6884, #6913, #6912, #6925, #6926, #6949, #6958, #6892, #6948, #6946, #6970, #6975, #6972, #6983, #6981, #6998) - Localization: Our translation workflow now supports continuous updates (#6953, #6954, #6985, #6997, #6984)
- Localization: Improvements to our French diceware wordlist (#6936)
For administrators
- Deployment:
securedrop-admin
tooling now checks for and rejects weak GPG keys with a SHA-1 backing signature (#6928)- More information: https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/
- Deployment: Remove Ansible check for installed Tor version on servers (#6894)
For developers
- Dependency changes:
- Update
Ansible
from 2.9.26 to 6.7.0 (ansible-core
version 2.13.7) (#6830) - Update
cryptography
from 41.0.1 to 41.0.3 - Remove
boto
andboto3
dependencies (#6890) - Remove
hypothesis
dependency (#6893) - Update
certifi
from 2022.12.7 to 2023.7.22 (#6900) - Update
pillow
from 9.3.0 to 10.0.1 (#6959) - Update
markupsafe
from 2.0.1 to 2.1.2 (#7014) - Import
Markup
andescape
frommarkupsafe
(#6964)
- Update
- Update default Dockerfile application versions:
- Replace
bandit
,flake8
,pylint
, andisort
withruff
(#6885, #6932, #6961, #6995) - Replace
pretty_bad_protocol
dependency with vendored version (#6836, #6907)
What administrators need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 2.7.0 automatically within 24 hours. As with previous releases, we recommend that you update your Tails workstations to the latest version of Tails (5.19) and the latest version of SecureDrop.
Note: This release removes support for submission PGP keys with legacy SHA-1-based binding signatures. The SecureDrop Journalist Interface will not start when the instance has been configured with such a key. If you have set up SecureDrop according to our documentation, you are not using such keys; no SecureDrop instances known to us are affected by this change.
If you are unsure if you will be affected by this change, you can reach out to us for support. Our recommended course of action is to check your Submission Public Key, available at the /public-key
endpoint of your SecureDrop Source Interface onion url, using the sq-keyring-linter
program, which is available by default on your Admin Workstation starting with Tails version 5.19. If your key contains insecure SHA-1-based signatures, we suggest creating a new Submission Keypair according to our documentation. You should not delete the old key from your Secure Viewing Station, so that you can still decrypt old submissions. We are happy to assist you with this process. As a reminder, all key material must be generated on an air-gapped machine, and should never reside on a network-connected device.
For more detailed information about why keys with SHA-1 signatures are insecure, see https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/.
Acknowledgments
This release was made possible thanks to volunteer code contributions from Sam Schlinkert and reviews from Alban Diquet, Wiktor Kwapisiewicz and Neal Walfield. Translations were updated thanks to the work of many volunteers:
- Catalan: Benet (BennyBeat) R. i Camps, Joan Montané
- Czech: 1000101
- Turkish: Kaya Zeren, tekrei
- Icelandic: Sveinn à Felli, Oktavia
- German: Curtis Baltimore
- Hebrew: Yaron Shahrabani, hwr2023
- Greek: Adrian, norhorn
- Italian: Claudio Arseni
- Arabic: Soufiane Hti, Ahmad Gharbeia
- Russian: Alexey Peschany
- Dutch: kwadronaut
- Slovak: 1000101
- French: AO Localization Lab
- Swedish: Jonas Waga
- Persian: 10-ARA-01
- Finnish: Oskari Lavinto, Jiri Grönroos
- Polish: Adam Rak
- Norwegian Bokmål: Øyvind Bye Skille
- Portuguese (Portugal): deeplow
- Chinese (Traditional): Chi-Hsun Tsai
- Chinese (Simplified): ff98sha, Reader
Thanks to Localization Lab for supporting this effort.
We are currently lacking active translators for Hindi and Romanian, which are slated to be removed as supported languages in the SecureDrop 2.8.0 release. If you speak one of these languages or know someone who does, please see our instructions on contributing translations.
This release incorporates Freedom of the Press Foundation contributions by: Giulio B, Nathan Dyer (communications manager), Kunal Mehta, Erik Moeller, Cory Francis Myers (deputy release manager and localization manager), Kevin O’Gorman (release manager), Rowen S, and Michael Z.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!