We’re pleased to announce that SecureDrop 2.7.0 has been released. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.

What’s new in SecureDrop 2.7.0?

For sources, journalists, administrators, and developers

• Security: SecureDrop 2.7.0 introduces Sequoia-PGP for encryption/decryption operations instead of GnuPG and pretty_bad_protocol, and will include an automatic migration of existing keys. See administrator notes below and our separate blog post. (#6891, #6884, #6913, #6912, #6925, #6926, #6949, #6958, #6892, #6948, #6946, #6970, #6975, #6972, #6983, #6981, #6998)
• Localization: Our translation workflow now supports continuous updates (#6953, #6954, #6985, #6997, #6984)
• Localization: Improvements to our French diceware wordlist (#6936)

For administrators

• Deployment: securedrop-admin tooling now checks for and rejects weak GPG keys with a SHA-1 backing signature (#6928)
  • More information: https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/
• Deployment: Remove Ansible check for installed Tor version on servers (#6894)

For developers

• Dependency changes:
  • Update Ansible from 2.9.26 to 6.7.0 (ansible-core version 2.13.7) (#6830)
  • Update cryptography from 41.0.1 to 41.0.3
  • Remove boto and boto3 dependencies (#6890)
  • Remove hypothesis dependency (#6893)
  • Update certifi from 2022.12.7 to 2023.7.22 (#6900)
  • Update pillow from 9.3.0 to 10.0.1 (#6959)
  • Update markupsafe from 2.0.1 to 2.1.2 (#7014)
  • Import Markup and escape from markupsafe (#6964)
• Update default Dockerfile application versions:
  • geckodriver to 0.33.0 (#6957)
  • Firefox to 115esr, Tor Browser to 13.0 (#7001)
• Replace bandit, flake8, pylint, and isort with ruff (#6885, #6932, #6961, #6995)
• Replace pretty_bad_protocol dependency with vendored version (#6836, #6907)

What administrators need to do

SecureDrop Application and Monitor Servers will be updated to SecureDrop 2.7.0 automatically within 24 hours. As with previous releases, we recommend that you update your Tails workstations to the latest version of Tails (5.19) and the latest version of SecureDrop.

Note: This release removes support for submission PGP keys with legacy SHA-1-based binding signatures. The SecureDrop Journalist Interface will not start when the instance has been configured with such a key. If you have set up SecureDrop according to our documentation, you are not using such keys; no SecureDrop instances known to us are affected by this change.

If you are unsure if you will be affected by this change, you can reach out to us for support. Our recommended course of action is to check your Submission Public Key, available at the /public-key endpoint of your SecureDrop Source Interface onion url, using the sq-keyring-linter program, which is available by default on your Admin Workstation starting with Tails version 5.19. If your key contains insecure SHA-1-based signatures, we suggest creating a new Submission Keypair according to our documentation. You should not delete the old key from your Secure Viewing Station, so that you can still decrypt old submissions. We are happy to assist you with this process. As a reminder, all key material must be generated on an air-gapped machine, and should never reside on a network-connected device.

For more detailed information about why keys with SHA-1 signatures are insecure, see https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/.

Acknowledgments

This release was made possible thanks to volunteer code contributions from Sam Schlinkert and reviews from Alban Diquet, Wiktor Kwapisiewicz and Neal Walfield. Translations were updated thanks to the work of many volunteers:

• Catalan: Benet (BennyBeat) R. i Camps, Joan Montané
• Czech: 1000101
• Turkish: Kaya Zeren, tekrei
• Icelandic: Sveinn í Felli, Oktavia
• German: Curtis Baltimore
• Hebrew: Yaron Shahrabani, hwr2023
• Greek: Adrian, norhorn
• Italian: Claudio Arseni
• Arabic: Soufiane Hti, Ahmad Gharbeia
• Russian: Alexey Peschany
• Dutch: kwadronaut
• Slovak: 1000101
• French: AO Localization Lab
• Swedish: Jonas Waga
• Persian: 10-ARA-01
• Finnish: Oskari Lavinto, Jiri Grönroos
• Polish: Adam Rak
• Norwegian Bokmål: Øyvind Bye Skille
• Portuguese (Portugal): deeplow
• Chinese (Traditional): Chi-Hsun Tsai
• Chinese (Simplified): ff98sha, Reader

Thanks to Localization Lab for supporting this effort.

We are currently lacking active translators for Hindi and Romanian, which are slated to be removed as supported languages in the SecureDrop 2.8.0 release. If you speak one of these languages or know someone who does, please see our instructions on contributing translations.

This release incorporates Freedom of the Press Foundation contributions by: Giulio Berra, Nathan Dyer (communications manager), Kunal Mehta, Erik Moeller, Cory Francis Myers (deputy release manager and localization manager), Kevin O’Gorman (release manager), Rowen S, and Michael Z.

Questions and comments

If you have questions or comments regarding this release, please contact us:

• Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
• Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
• Via our community forums.

We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).

Thank you for using SecureDrop!