This release is in response to a security issue in the logging component of SecureDrop Client (CVE-2025-24889), please see our advisory for more details.
A manual step will be needed to apply this update; please follow these instructions to retrieve the updated expiry date for our release signing key. If you need help or have any questions with this step, please reach out.
- Recreate sd-log VM from scratch; save backup in new sd-retain-logvm VM
- Update dom0 release signing key expiry to May 2027
Note that the 1.0.1 version was skipped because of an issue while preparing this release.
This is the first release targeting Qubes 4.2 and will require a full reinstall. As we have reached 1.0.0, we are transitioning from a closed pilot to an open beta program. If you are interested in using SecureDrop Workstation, please reach out to us via the support portal.
-
Add Qubes 4.2 support (#970, #976, #983, #987, #993, #995, #1126)
-
Create base template by cloning debian-12-minimal template (#970)
-
Switch to new RPC .policy file format (#990)
-
Add scalable version of SecureDrop icon (#974)
-
Update for proxy v2 (#1026)
-
Update release signing key expiry to May 2027 (#1046)
-
Integrate Qubes 4.2 updater into ours (#1023, #1128, #1142)
-
Require securedrop-workstation-dom0 RPM updates (#1054)
-
Make our VMs internal, hiding their applications from the menu (#857, #1098)
-
Set all VMs
default_dispvmto None except sd-app and verify that (#1068, #1084) -
Move to Fedora 40 base system template (#1078)
-
Support viewing
*.webpimages (#614) -
Set menu items for sd-devices and sd-whonix (#1112)
-
Ensure and verify files in built RPM have their mtime clamped (#1114)
-
Provisioning:
- Set vm-config features for sd-app, sd-proxy, sd-whonix (#1001)
- Enable/disable systemd timers via systemctl --user (#974)
- Package some dom0 files in RPM instead of provisioning via Salt (#1030)
- Provision deb822-style apt sources list (#1005)
- Remove configuration templating for sd-app (#1037)
- Rely on systemd services for securedrop-log's provisioning (#840)
- Configure environment-specific services in dom0 via systemd (#1038, #1056)
- Move all Salt provisioning files into
/srv/salt/securedrop_salt(#1048) - Remove MIME overrides from Salt and make sd-proxy disposable (#1043)
- Configure sd-whonix by a package and QubesDB (#1051)
-
Testing:
- Update sd-devices test to check for udisks2, not cryptsetup (#954)
- Skip tests that check packages are up to date in CI (#984)
- Add sd-viewer test that verifies mime symlink (#1018)
- Add functional RPC tests (#1027)
- Test desired state of Linux Security Module configuration (#1082)
- Improve sd-gpg test (#1085)
- Verify grsec kernel and paxctld is running in all VMs (#1092)
- Add checks for expected VMs under
@tag:sd-workstation(#1095)
-
Internal and development:
- Add feature, bug report and architectural proposal templates (#962, #963)
- Update apt-test.freedom.press signing key (#972)
- Push nightlies to securedrop-yum-test (#955)
- Enable GitHub's merge queue (#985)
- Remove unused copy-rpm-repo-pubkey.sh script from repo (#997)
- Rename desktop entry after freedesktop specifications (#974)
- Switch to poetry, split up
make install-deps(#1007, #1014) - Clean up shebangs so they don't need mangling (#1012)
- Rename all Python files to end in .py (#1019)
- Don't hide output during
make clone'smake build-rpmstep (#1021) - Stop using assert in validate_config.py (#1025, #1064)
- Add ruff, remove flake8, black, isort, bandit (#1028)
- Remove
--keep-template-rpmflag (#1067) - Fix update_version.sh (#1074)
- Update README to include information about new repository structure (#1072)
- Update lookup path for Notify.py update script (#1108)