Interest Article

SecureDrop Advisory: End-of-life for v2 onion services and Ubuntu 16.04

January 26, 2021

SecureDrop administrators and users should be aware of two upcoming critical migrations that are required to keep SecureDrop instances online:

  • V3 onion services: Any SecureDrop instance still using v2 onion services (recognizable by 16-character .onion addresses) must be migrated to v3 onion services. Support for v2 onion services will be removed for new installs in the SecureDrop 1.8.0 release, scheduled for March 9, 2021, and support for existing installs will be dropped completely in a subsequent release.

    Please be aware that, due to the .onion address change, this migration involves an update to your landing page, and should be coordinated with journalists to avoid disruption of source communications.
  • Upgrade to Ubuntu 20.04: The operating system used on the Application Server and Monitor Server, Ubuntu 16.04, will no longer receive security updates after April 30, 2021. SecureDrop 1.8.0 will add support for Ubuntu 20.04, which will receive security updates until 2025. We recommend scheduling a two-day maintenance window for this migration between March 9 and April 30, 2021, and performing some preparatory checks before then.

If you are a journalist using SecureDrop, and you are unsure whether your newsroom is planning for these time-sensitive migrations, we encourage you to check in with your administrator. If you would like to get help from the SecureDrop team, please do not hesitate to reach out via the support portal (if you have an account) or via our contact form.

What administrators need to do

Migration from v2 to v3 onion services

If you haven’t migrated to v3 onion services yet, please follow our detailed guide to do so. Note that this will involve coordinating with journalists and updating your landing page, as your SecureDrop’s .onion address will change. Please note that once you are on v3, you may be eligible to register a human-readable onion name for your SecureDrop instance.

If you miss the March 9 deadline, your SecureDrop will not immediately go offline, but you will need to migrate to v3 onion services when attempting to reinstall SecureDrop or when migrating to Ubuntu 20.04.

Preparing for Ubuntu 20.04 migration

Do not attempt to migrate to Ubuntu 20.04 before the release of SecureDrop 1.8.0 (scheduled for March 9, 2021). We will provide full migration instructions at the time of the release. In preparation for the migration, we recommend taking the following steps to ensure a smooth upgrade:

  1. ensure your instance is running the latest version of SecureDrop;
  2. ensure your Admin Workstation and Journalist Workstations are up to date;
  3. verify that you still have SSH access to the servers;
  4. delete old submissions and sources, and back up the SecureDrop servers.

Please see our documentation for details. If you have not completed the v3 migration yet, it will help prepare you for the switch to Ubuntu 20.04, as it will require you to take some of the same preparatory steps.

Updated 2021-02-11: Release date for SecureDrop 1.8.0 moved to March 9, 2021.

Return to News