Created date

Feb 1 2018 - 3:07pm

We are annoucing the release of SecureDrop 0.5.2. The important changes in this release are summarized below:

  1. Updates Tor to on all SecureDrop servers
  2. Resolves a bug in the registration of OSSEC agents during securedrop-admin-install

For full details, see the changelog. Development for this releasw as tracked in the 0.5.2 milestone on GitHub.

What Administrators Need To Do

The update will be automatic on the Application and Monitor Servers. This release does not require you to run securedrop-admin again from the Admin Workstation.

All administrator and journalist drives should be upgraded to Tails 3.5 as it contains multiple security fixes, including further Spectre mitigations.

For administrators that have been experiencing OSSEC issues due a failure of the application server agent to register with the OSSEC server, you can do the following from your Admin Workstation (note: if you would like to edit OSSEC-related system configuration settings, please read this documentation on updating system config):

cd ~/Persistent/securedrop
git fetch --tags
git checkout 0.5.2
gpg --refresh-keys
git tag -v 0.5.2 # Output should include "Good Signature"
./securedrop-admin setup
./securedrop-admin install

If you have issues with this procedure, please report them to us via the support area of the SecureDrop community forum or the Freedom of the Press Foundation SecureDrop support portal.