Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prepare 2.11.0-rc1 version and changelog #7373

Merged
merged 2 commits into from
Dec 9, 2024
Merged

Prepare 2.11.0-rc1 version and changelog #7373

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8522ccc
Merge pull request #7368 from freedomofpress/7328-redis-regen
zenmonkeykstop Dec 9, 2024
02b055c
SecureDrop 2.11.0~rc1
zenmonkeykstop Dec 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 73 additions & 2 deletions changelog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,77 @@

## 2.11.0~rc1

The main focus for this release was to prepare SecureDrop servers for upgrading
to Ubuntu 24.04 (Noble) next year. Other maintenance changes are also included.

### Ubuntu 24.04 (Noble) upgrade

* Support building packages on noble (#7273, #7247, #7319)
* Add a noble migration check script (#7334, #7363)
* Use Type=exec instead of Type=oneshot for systemd units (#7350)
* Make Ansible variables distro-agnostic (#7356)
* Apply grsec_lock once only (#7353)
* Stop setting vm.heap_stack_gap and net.ipv4 sysctl flags via Ansible (#7324)
* Use "sdssh" group instead of internal-only "ssh" group for access control (#7317, #7355)
* Add timed job to clean out old OSSEC diff and state files (#7327)
* Remove ufw from new and existing installs (#7315)
* Update apache config templates to be distro-agnostic (#7301)
* Install backup script on app server via Debian package (#7331)
* Ensure sources.list is absent on noble (#7342)
* Overwrite sources.list.d/ubuntu.sources on noble (#7307)

### Web applications

* Add a banner in the Journalist Interface, in preparation for the noble migration (#7348)
* Use sqlalchemy.LargeBinary instead of deprecated Binary (#7264)
* Upgrade sequoia-openpgp from 1.21.1 to 1.21.2 (#7248)
* Import escape from markupsafe, not flask (#7252)
* Ignore safety alerts:
* ignore Safety 73711 in cryptography (#7339)
* ignore Safety 73889, 73969 in werkzeug (#7361)

### Operations

* Regenerate Redis password on restoring from server backup (#7328)
* Replace reboot-flag cron job with a systemd timer (#7337)
* Remove haveged package, if installed (#7335, 7341)
* Don't install apt-transport-https transitional package (#7303)
* Remove unused Ansible restrict_direct_access_{app,mon} roles (#7302)
* Remove unused Ansible sysctl_flags_ipv6 variables (#7300)
* Prompt "sdadmin" for the default SSH username (#7309)
* Remove unused load_iptables script (#7282)
* Remove unused SSHd config from cloud-init (#7318)

### Development and CI

* Publish versions of packages with debug symbols (#7347, #7365)
* Preserve screenshots from translation test CI job (#7240)
* Make backport.py more flexible for complex pull requests (#7260)
* Install xz-utils in diffoscope CI job (#7344)
* Don't return True from test_swap_disabled for monitor server, skip test instead (#7320)
* Run admin CI tests on bookworm (#7212)
* Use a single pass in ansible to install local packages (#7261)
* Upgrade tbselenium from 0.8.1 to 0.9.0 (#7274, #7271)
* Update geckodriver from 0.33.0 to 0.35.0 (#7268)
* Standardize git message formats in version updater (#7263)
* Speed up update-python3-dependencies using uv (#7234)
* Upgrade ruff, remove black, add ruff formatting fixes (#7233, #7246)
* Remove unused devops/scripts/aws-jenkins-venv.sh (#7238)
* Ignore safety alerts:
* Ignore CVE-2024-8775 in ansible-core (#7269)
* Update dependencies:
* Upgrade cargo-vet from 0.9.0 to 0.10.0 (#7343)
* Upgrade Rust toolchain from 1.78.0 to 1.81.0 (#7232)

#### In support of Ubuntu 24.04 (Noble) upgrade

* Support noble dev environment (#7249)
* Run basic lint CI against Ubuntu noble and Python 3.12 (#7242)
* Remove tests checking that no apparmor profiles are complaining (#7308)
* Remove test_securedrop_application_apt_dependencies test (#7305)
* Inspect grsec_lock as root in testinfra (#7304)
* Upgrade paramiko from 2.7.2 to 2.10.6 (#7280, #7321)

## 2.10.1

* Update translations (#7143, #7259)
Expand Down Expand Up @@ -586,7 +657,7 @@ our [blog post](https://securedrop.org/news/securedrop-2_10_0-released/) for mor

* Provide end-of-life messaging and disable source interface after Xenial End-of-life (#5789)
* Adds safe deletion functionality to the Journalist Interface (#5770, #5827)
* source\_app.utils.normalizer\_timestamps will no longer create an empty file (#5724)
* source_app.utils.normalizer_timestamps will no longer create an empty file (#5724)

### Operations

Expand Down Expand Up @@ -1035,7 +1106,7 @@ our [blog post](https://securedrop.org/news/securedrop-2_10_0-released/) for mor
* Added support for asynchronous jobs in dev container (#4392)
* Updated Qubes staging environment to use Xenial by default (#4344, #4228)
* Updated dev environment to use Xenial by default (#4213)
* Fixed Dockerfile apt caching error, fixed error in create\_dev\_data.py (#4353)
* Fixed Dockerfile apt caching error, fixed error in create_dev_data.py (#4353)
* Added support for use of VNC during functional tests (#4288, #4324)
* Added support for staging-specific data to create-dev-data.py (#4298)
* Removed firefox and other packages from app-test Ansible role (#4277)
Expand Down
2 changes: 1 addition & 1 deletion install_files/ansible-base/roles/restore/tasks/perform_restore.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@
state: absent
regexp: "^requirepass .*$"

- name: Reconfigure securedrop-app-code, regenerating Redis config vi postint
- name: Reconfigure securedrop-app-code, regenerating Redis config via postint
command: dpkg-reconfigure securedrop-app-code

- name: Reconfigure securedrop-config
Expand Down
26 changes: 1 addition & 25 deletions securedrop/debian/changelog
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ securedrop (2.11.0~rc1) unstable; urgency=medium

* see changelog.md

-- SecureDrop Team <[email protected]> Tue, 22 Oct 2024 16:50:19 -0400
-- SecureDrop Team <[email protected]> Mon, 09 Dec 2024 17:38:39 -0500

securedrop (2.10.1+focal) focal; urgency=medium

Expand All @@ -16,36 +16,12 @@ securedrop (2.10.0+focal) focal; urgency=medium

-- SecureDrop Team <[email protected]> Tue, 17 Sep 2024 16:05:58 -0400

securedrop (2.10.0~rc1+focal) focal; urgency=medium

* see changelog.md

-- SecureDrop Team <[email protected]> Thu, 29 Aug 2024 14:42:38 -0700

securedrop (2.9.0+focal) focal; urgency=medium

* see changelog.md

-- SecureDrop Team <[email protected]> Thu, 27 Jun 2024 13:42:10 -0400

securedrop (2.9.0~rc3+focal) focal; urgency=medium

* see changelog.md

-- SecureDrop Team <[email protected]> Tue, 25 Jun 2024 17:27:17 -0400

securedrop (2.9.0~rc2+focal) focal; urgency=medium

* see changelog.md

-- SecureDrop Team <[email protected]> Thu, 13 Jun 2024 17:42:18 -0400

securedrop (2.9.0~rc1+focal) focal; urgency=medium

* see changelog.md

-- SecureDrop Team <[email protected]> Wed, 29 May 2024 11:32:58 -0400

securedrop (2.8.0+focal) focal; urgency=medium

* see changelog.md
Expand Down
Loading