Release Announcement

SecureDrop Workstation 1.5.2 released

April 6, 2026

We are pleased to announce that SecureDrop Workstation 1.5.2 is now available, as well as SecureDrop Client 0.17.4.

This update contains multiple security fixes, all of which are low or informational priority. We are not aware of any exploitation in the wild for any vulnerability.

These updates will be applied automatically during preflight updates; no further action is required by administrators or journalists. If you have any questions, please contact SecureDrop support via Signal or encrypted email.

Journalists may notice that printing will now go through a separate sd-printers VM; exporting to USB will continue to use sd-devices.

Security audit findings

The SecureDrop team commissioned a security audit of the SecureDrop Workstation and the upcoming SecureDrop Inbox. More details about the audit, including the full report, will be disclosed in the next few weeks, once the process has completed.

The following fixes are included in this release:

  • Move printers out of sd-devices into a dedicated sd-printers VM (commit, commit)
  • Prevent sd-proxy DoS from infinite stdin (commit)
  • Prevent sd-log DoS from infinite stdin (commit)

Acknowledgments

This release incorporates Freedom of the Press Foundation (FPF) contributions by Martin C; Nathan Dyer, communications manager; Micah Lee; Kunal Mehta, release manager; Cory Francis Myers; Vicki Niu; Kevin O’Gorman; Francisco Rocha, deputy release manager; John Skinner; and Rowen S.

Questions and comments

If you have questions or comments regarding this release, please contact us:

We also encourage you to file nonsensitive issues via our GitHub repository.

Thank you for using SecureDrop!

Security research

Researchers may submit security vulnerabilities either through our bug bounty program or via encrypted email to securedrop@freedom.press (public key, fingerprint: 734F 6E70 7434 ECA6 C007 E1AE 82BD 6C96 16DA BB79).

Return to News