Security Advisory

All news
Security Advisory

SecureDrop and the OpenSSL vulnerability

Today a serious vulnerability was reported on OpenSSL versions 1.0.1 through 1.0.1f: CVE-2014-0160, or Heartbleed. SecureDrop runs as a Tor Hidden Service, which we also know is affected. As such, this affects all properly configured instances of SecureDrop, and steps should be taken immediately to mitigate disruption of SecureDrop running services. Read More