Skip to content

GlobaLeaks

Secrets & Credentials

Free and open‑source whistleblowing software for setting up secure reporting platforms

Track releases GitHub Website
Python Latest v5.0.93 · 20d ago Security brief →

Features

  • Enables organizations to deploy a secure, anonymous whistleblowing channel
  • Recognized as a Digital Public Good by the DPG Alliance
  • Provides continuous integration testing and quality metrics (build status, test coverage, security scores)
  • Offers documented stable and development releases with ReadTheDocs documentation

Recent releases

View all 6 releases →
Review required
v5.0.93 Security relevant
Auth RBAC

Cross‑tenant security hardening

Open
v5.0.92 Bug fix

Bug fixes and stability improvements in GlobaLeaks.

Full changelog

Changes in version 5.0.92

  • Add tid constraint to user and tip queries
  • Implement key restrictions on rtip 'set' operation
  • Remove usage of random.sample and random.randint in favor of secrets functions
  • Fix issue #4821
  • Bump client dependencies to latest stable versions
  • [doc] Remove oudated documentation about client exceptions
View release on GitHub
v5.0.91 Bugfix

Fixed admin UI issues when reordering users, contexts, and questions.

Full changelog

Changes in version 5.0.91

  • Fix admin UI in relation to reordering of users, context and questions
  • Bump client dependencies to latest stable versions
View release on GitHub
v5.0.90 Bug fix
Notable features
  • Added receipt page when homepage is set to /submission
  • Added Mongolian translation
Full changelog

Changes in version 5.0.90

  • Add receipt page when homepage is set to be /submission
  • Fix failure in gl-admin backup (#4811)
  • Fix search site function by tenant number (#4810)
  • Fix regression on search filter on sites list (#4803)
  • Fix reordering of reports using column filters (#4802)
  • Fix issue #4800
  • Bump client dependencies to latest stable versions
  • Add mongolian translation
  • Update translations
View release on GitHub
v5.0.89 Breaking risk
⚠ Upgrade required
  • Client dependencies have been bumped to their latest stable versions.
  • Translations have been updated.
Breaking changes
  • Deleting a channel is now blocked if any report exists within that channel (#4574).
Notable features
  • Path validation and input format checks for password reset tokens
  • Ability to select the homepage among '/' and '/submission' (#4796)
  • URL defanging for untrusted support user input and deriving support URL from server hostname (#4794)
Full changelog

Changes in version 5.0.89

  • Fix gl-admin restore command failing with missing directory error
  • Add path validation and input format checks for password reset tokens
  • Prevent to delete a channel till areport in such channel exists (#4574)
  • Replace integration with Transifex with integration with Weblate (#4755)
  • Revise footer moving Custom Footer below Policies (#4767)
  • Prevent configuring the data retention policy on intermediate substatuses
  • Fix bug causing reset of submission substatuses configurations
  • Make it possible to select which page should be the homepage among / and /submission (#4796)
  • Implemented URL defanging for untrusted support user input (#4794) and
    updated code to derive the support URL from the server hostname
    (thanks to @zaphoxx)
  • Fix issue #4754, #4764, #4769
  • Bump client dependencies to their latest stable versions
  • Update translations
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
1,487
Forks
340
Languages
Python TypeScript HTML
View on GitHub Homepage Documentation

Similar tools

PasswordPusher
Hemmelig.app
KatrielMoses/voidaccess](https:
Secrover
chartbrew

Beta — feedback welcome: [email protected]