freedomofpress/securedrop

Issues

• Fix sysctl handling for noble/Linux 6.6

  #7323 opened 2 months ago by legoktm
  1

• New Tor update available

  #7310 opened a month ago by sdcibot
  2

• New Linux kernel: 5.15.173-1-grsec-securedrop

  #7351 opened a month ago by sdcibot
  5

• kernel 5.15.166: broken TCP segmentation offloading

  #7359 opened a month ago by cfm
  0

• Switch systemd units to Type=exec instead of default Type=simple

  #7358 opened a month ago by legoktm
  0

• Our systemd services are probably using Type=oneshot wrong

  #7349 opened a month ago by legoktm
  0

• Tor Browser overrides the `Accept-Languages` header in the page-layout tests

  #7354 opened a month ago by cfm
  0

• We shouldn't enable apt-daily service units

  #7298 opened 2 months ago by legoktm
  1

• New Linux kernel: 5.15.173-1-grsec-securedrop

  #7352 opened a month ago by sdcibot
  2

• New Linux kernel: 5.15.172-1-grsec-securedrop

  #7345 opened a month ago by sdcibot
  6

• Check for noble readiness and tell journalists/admins

  #7322 opened 2 months ago by legoktm
  6

• Create focal -> noble upgrade script

  #7332 opened 2 months ago by legoktm
  9

• Allow running backups from the app server itself

  #7329 opened a month ago by legoktm
  0

• haveged is still installed on long-running systems

  #7326 opened a month ago by legoktm
  0

• Figure out noble upgrade cadence plan

  #7333 opened 2 months ago by legoktm
  13

• Investigate using apt's phased updates post-focal

  #7338 opened a month ago by legoktm
  0

• backup regression regarding the redis password

  #7328 opened 2 months ago by legoktm
  3

• Figure out if noble mon can talk to focal app or vice-versa

  #7330 opened 2 months ago by legoktm
  1

• Clean up leftover OSSEC diff files

  #7325 opened 2 months ago by legoktm
  0

• OSSEC 3.6.0 is not buildable on noble

  #7251 opened 2 months ago by legoktm
  1

• Create our own ssh group for access control

  #7316 opened 2 months ago by legoktm
  0

• Remove ufw from focal instances

  #7313 opened 2 months ago by legoktm
  0

• Source Tor packages for Ubuntu Noble

  #7250 opened 2 months ago by legoktm
  2

• Set up noble staging job

  #7312 opened 2 months ago by legoktm
  0

• Tests under noble / Python 3.12 are far slower

  #7311 opened 2 months ago by legoktm
  0

• paramiko (testinfra/verify) checks are using deprecated "ssh-rsa" connection algorithm

  #7279 opened 2 months ago by legoktm
  0

• assess all languages' translation and review coverage

  #7253 opened 2 months ago by cfm
  0

• New Linux kernel: 5.15.167-1-grsec-securedrop

  #7267 opened 2 months ago by sdcibot
  5

• 2024 Audit - SEC-01-002 WP4: Insufficient Password Complexity Requirements

  #7283 opened 2 months ago by zenmonkeykstop
  0

• 2024 Audit - SEC-01-007 WP1: Multiple Vulnerabilities in Third-Party Libraries

  #7287 opened 2 months ago by zenmonkeykstop
  1

• 2024 Audit- SEC-01-011 WP3: Missing SSH MFA & Auth Hardening

  #7290 opened 2 months ago by zenmonkeykstop
  0

• 2024 Audit - SEC-01-009 WP3: Usage of Obsolete Redis Version

  #7288 opened 2 months ago by zenmonkeykstop
  0

• 2024 Audit - SEC-01-018 WP3: Insufficiently Restricted Host-Based Firewall

  #7297 opened 2 months ago by zenmonkeykstop
  0

• 2024 audit - SEC-01-017 WP3: Lack of Full Disk Encryption

  #7296 opened 2 months ago by zenmonkeykstop
  0

• 2024 Audit - SEC-01-016 WP3: Insufficient Logging and Monitoring

  #7295 opened 2 months ago by zenmonkeykstop
  0

• 2024 Audit - SEC-01-014 WP3: Lack of DoS Mitigation for Onion Service

  #7294 opened 2 months ago by zenmonkeykstop
  0

• 2024 Audit - SEC-01-013 WP3: Possible SSRF via Redis Listening on TCP

  #7293 opened 2 months ago by zenmonkeykstop
  0

• 2024 Audit - SEC-01-015 WP1: Potential Race Condition in Source Creation

  #7292 opened 2 months ago by zenmonkeykstop
  0

• 2024 Audit - SEC-01-012 WP3: Weaknesses in Network Stack Configuration

  #7291 opened 2 months ago by zenmonkeykstop
  0

• 2024 Audit - SEC-01-010 WP4: Missing 2FA Enforcement for Sensitive Operations

  #7289 opened 2 months ago by zenmonkeykstop
  0

• 2024 Audit - SEC-01-006 WP3: File Access via Insecure Permissions

  #7286 opened 2 months ago by zenmonkeykstop
  0

• 2024 Audit- SEC-01-005 WP3: Boot Loader Password Not Set

  #7285 opened 2 months ago by zenmonkeykstop
  0

• 2024 Audit - SEC-01-004 WP4: Multiple Leaks via API Error Messages In Development Mode

  #7284 opened 2 months ago by zenmonkeykstop
  1

• Figure out sshd algorithms for noble

  #7281 opened 2 months ago by legoktm
  0

• Upgrade pyo3 to latest

  #7277 opened 2 months ago by legoktm
  0

• Staging job should use already-built debs

  #7275 opened 2 months ago by legoktm
  0

• staging job is failing with dpkg lock contention

  #7258 opened 2 months ago by legoktm
  0

• Upgrade geckodriver

  #7255 opened 2 months ago by legoktm
  3

• New Linux kernel: 5.15.167-1-grsec-securedrop

  #7266 opened 2 months ago by sdcibot
  2

• New Linux kernel: 5.15.167-1-grsec-securedrop

  #7265 opened 2 months ago by sdcibot
  2