We’re pleased to announce that SecureDrop 2.8.0 has been released. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.
What’s new in SecureDrop 2.8.0?
For journalists and administrators
- Compatibility: SecureDrop 2.8.0 is compatible with the latest release series of the Tails operating system, Tails 6.
Notably for end users, Tails 6 no longer supports desktop shortcuts. You will need to access SecureDrop through the SecureDrop Menu introduced in SecureDrop 2.6.0.
Because the Tails 5 release series is now discontinued, please follow our upgrade guide to migrate your Tails USB drives at the next opportunity. (Issue, Pull Request) - Bugfix: The
./securedrop-admin setup
logic for detecting missing package dependencies now works correctly on recent releases of Tails. (Issue, Pull Request) - Usability: Some potentially offensive words have been removed from the dictionaries used to generate two-word designations for sources visible to journalists. (Pull Request)
For all users
- Usability: Some text in the user interface has been updated in response to translator feedback. (Pull Request)
For developers
- Bugfix: The development environment automatically reloads again when detecting file changes. (Issue, Pull Request)
- Dependency changes:
- The following production dependencies have been updated:
openssl
rust crate from 0.10.57 to 0.10.60 (Pull Request)cryptography
from 41.0.3 to 41.0.7 (Pull Request)rustix
rust crate from 0.38.18 to 0.38.21 (Pull Request)Ansible
from 6.7.0 to 8.7.0 (Pull Request)cffi
from 1.14.5 to 1.16.0 (Pull Request)pyyaml
from 5.4.1 to 6.0.1 (Pull Request)
- The following development dependencies have been updated:
MarkupSafe
from 2.0.2 to 2.1.2 (Pull Request)Selenium
from 3.141.0 to 4.16.0 (Pull Request)tbselenium
from 0.5.2 to 0.8.1 (Pull Request)jinja2
from 3.0.2 to 3.1.3 (Pull Requests: 1, 2)peewee
from 3.15.0 to 3.17.1 (Pull Request)diffoscope
from 236 to 256 (Pull Request)pillow
from 10.0.1 to 10.2.0 (Pull Request)semgrep
from 0.98.0 to 1.57.0 (Pull Request)
- The following production dependencies have been updated:
What administrators need to do
SecureDrop Application and Monitor Servers will be updated to SecureDrop 2.8.0 automatically within 24 hours.
This release includes support for Tails 6, a major new Tails release series.
Because the Tails 5 release series is now discontinued, we strongly recommend updating your Tails USB drives soon after the release, to ensure the continued security of your workstations.
Conservatively, we recommend setting aside an hour per Tails USB drive to perform the necessary backups and updates.
Please follow our upgrade guide, and get in touch with us if you require assistance.:
Acknowledgments
Thanks to Sam Schlinkert for their volunteer contributions to this release. Translations were updated thanks to the work of many volunteers:
- Chinese (Simplified): Reader
- Chinese (Traditional): Meng Pang Wang
- French: AO Localization Lab
- German: Curtis Baltimore
- Greek: Dimitris Maroulidis
- Hebrew: hwr2023
- Icelandic: Sveinn í Felli
- Norwegian Bokmål: Øyvind Bye Skille
- Polish: Adam Rak
- Spanish: clarailr
- Swedish: Jonas Waga
- Turkish: tekrei
Thanks to Localization Lab for supporting this effort.
We are currently lacking active translators for Hindi and Romanian, which are slated to be removed as supported languages in the SecureDrop 2.9.0 release. If you speak one of these languages or know someone who does, please see our instructions on contributing translations.
This release incorporates Freedom of the Press Foundation contributions by Nathan Dyer, Kunal Mehta (deputy release manager), Erik Moeller (communications manager), Cory Francis Myers (localization manager) , Kevin O’Gorman (release manager), and Rowen S.
Questions and comments
If you have questions or comments regarding this release, please contact us:
- Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
- Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).
Thank you for using SecureDrop!