SecureDrop 2.9.0: Pre-Release Announcement

June 25, 2024

SecureDrop 2.9.0 is scheduled to be released on June 27, 2024. We will send out another notification through this blog, Mastodon, X, and the support portal when the release is live. Changes that journalists and administrators should be aware of are summarized in this blog post. A complete list of changes can be found on GitHub.

What’s coming in SecureDrop 2.9.0?

For administrators

Network performance: Added an option to enable Tor’s proof-of-work defenses for the Source Interface, to protect against network attacks. (Issue, Pull Request)

For all users

Accessibility: Added expanded labels and descriptions to aid navigation for visually impaired users (Issue, Pull Request)
Security: Updated SecureDrop signing key with new expiry date of 2027-05-24 (Issue, Pull Request)
- Note: SecureDrop is moving from a 1-year to a 3-year expiration term for the SecureDrop Release Signing Key.
API feature: Support for HTTP range requests has been added to the Journalist API for the submissions and replies endpoints (Issue, Pull Request)

For developers

Quality of life: Added support for development virtualenv in Debian 12 (Issue, Pull Request)
Quality of life: Added random file generation in loaddata.py (Pull Request)
Bugfix: Fixed an issue with date generation in loaddata.py (Issue, Pull Request)
Quality of life: Added persistence for onion addresses created with make dev-tor (Issue, Pull Request)
Dependency changes:
- (Rust) sequoia-openpgp from 1.17.0 to 1.20.0 (Pull Request)
- black from 22.3.0 to 24.3.0 (Pull Request)
- pillow from 10.2.0 to 10.3.0 (Pull Request)

What administrators will need to do

SecureDrop Application and Monitor Servers will be updated to SecureDrop 2.9.0 automatically within 24 hours of the release. As with previous releases, we will provide instructions for performing the workstation updates at the time of the release.

Questions and comments

If you have questions or comments regarding this release, please contact us:

Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request);
Via securedrop@freedom.press (GPG encrypted) for sensitive security issues (please use judiciously), or submit a report via Bugcrowd;
Via our community forums.

We also encourage you to file nonsensitive issues you encounter in our GitHub repository (issue report form).

Thank you for using SecureDrop!

Have a document to share?

You are not anonymous while using this browser!

Your Tor security settings are too low!

Set your Tor security level to "Safest" for maximum protection