Upgrade from 2.16.0 to 2.16.1

Changes in SecureDrop 2.16.1

SecureDrop 2.16.1 addresses an issue in which Onion Service client authentication credentials may have been inadvertently copied to the Monitor Server.

This issue only affects SecureDrop instances that have journalist alerts disabled and have run the securedrop-admin install command since December 2025.

To see if your server was affected, and if so, how to remediate the issue, please refer to the announcement for the 2.16.1 release.

Update Workstations to SecureDrop 2.16.1

Important

We recommend backing up your workstations prior to any upgrades. See our backup instructions for more information.

Update Automatically

On the next boot of your SecureDrop Journalist and Admin Workstations, securedrop-admin will be automatically updated once your Persistent Storage volume is unlocked and a Tor connection is established.

Manual Update

You can manually update by running:

sudo apt update
sudo apt upgrade

This will check for updates to your installed packages, including securedrop-admin, and install any that are available.

You can verify the installed version number by running:

sudo apt policy securedrop-admin

and confirming that you see version ‘2.16.1’ is installed.

Getting Support

Should you require further support with your SecureDrop installation, we are happy to help!