doc/html/en/Release Notes.html
Note to users who created volumes with 1.17 version of VeraCrypt or earlier:
To avoid hinting whether your volumes contain a hidden volume or not, or if you depend on plausible deniability when using hidden volumes/OS, then you must recreate both the outer and hidden volumes including system encryption and hidden OS, discarding existing volumes created prior to 1.18a version of VeraCrypt.
1.26.27 (September 20th, 2025):
All OSes:
Windows:
Linux:
macOS:
1.26.24 (May 30th, 2025):
All OSes:
Windows:
Implemented screen protection against screenshots and screen recording, enabled by default.
Added checkboxes to the MSI installer to control memory protection and screen protection features.
DISABLEMEMORYPROTECTION and DISABLESCREENPROTECTION for the MSI installer to manage these features.0 (enabled) or 1 (disabled).msiexec /i VeraCrypt_Setup_x64_1.26.24.msi DISABLESCREENPROTECTION=1 /qn REBOOT=ReallySuppress MSIRESTARTMANAGERCONTROL=Disable ACCEPTLICENSE=YESFix race conditions when multiple instances of veracrypt.exe are started simultaneously.
Updated libzip to version 1.11.3.
Linux:
macOS:
/usr/local/bin to allow using it from command line.1.26.20 (February 3rd, 2025):
All OSes:
Windows:
Linux:
macOS:
use-dummy-sudo-password (GH #1470).1.26.18 (January 20th, 2025):
All OSes:
Windows:
Linux:
macOS:
1.26.15 (September 2nd, 2024):
Fix MSI install/uninstall issues:
Fix regression during UEFI system decryption that caused the bootloader to persist.
1.26.14 (August 25th, 2024):
All OSes:
Windows:
Better fix for Secure Desktop issues under Windows 11 22H2
VeraCrypt Expander: Fix expansion of volumes on disks with a sector size different from 512 (by skl0n6)
Fix writing wrong EFI System Encryption Advanced Options to registry
Don't close Setup when exiting VeraCrypt process through system tray Exit menu
Fix failure to format some disks (e.g. VHDX) caused by virtual partition offset not 4K aligned
Fallback to absolute positioning when accessing disks if relative positioning fails
Update zlib to version 1.3.1
Linux:
macOS:
FreeBSD:
1.26.7 (October 1st, 2023):
All OSes:
Security: Ensure that XTS primary key is different from the secondary key when creating volumes
Remove TrueCrypt Mode support. Version 1.25.9 can be used to mount or convert TrueCrypt volumes.
Complete removal of RIPEMD160 and GOST89 algorithms. Legacy volumes using any of them cannot be mounted by VeraCrypt anymore.
Add support for BLAKE2s as new PRF algorithm for both system encryption and standard volumes.
Introducing support for EMV banking smart cards as keyfiles for non-system volumes.
When overwriting an existing file container during volume creation, add its current size to the available free space
Add Corsican language support. Update several translations.
Update documentation
Windows:
Officially, the minimum supported version is now Windows 10. VeraCrypt may still run on Windows 7 and Windows 8/8.1, but no active tests are done on these platforms.
EFI Bootloader:
Enable memory protection by default. Add option under Performance/Driver Configuration to disable it if needed.
Add process mitigation policy to prevent VeraCrypt from being injected by other processes
Minor enhancements to RAM Encryption implementation
Fix Secure Desktop issues under Windows 11 22H2
Implement support for mounting partially encrypted system partitions.
Fix false positive detection of new device insertion when Clear Encryption Keys option is enable (System Encryption case only)
Better implementation of Fast Create when creating file containers that uses UAC to request required privilege if not already held
Allow choosing Fast Create in Format Wizard UI when creating file containers
Fix formatting issues during volume creation on some machines.
Fix stall issue caused by Quick Format of large file containers
Add dropdown menu to Mount button to allow mounting without using the cache.
Possible workaround for logarithmic slowdown for Encrypt-In-Place on large volumes.
Make Expander first check file existence before proceeding further
Allow selecting size unit (KB/MB/GB) for generated keyfiles
Display full list of supported cluster sizes for NTFS, ReFS and exFAT filesystems when creating volumes
Support drag-n-drop of files and keyfiles in Expander.
Implement translation of Expander UI
Replace legacy file/dir selection APIs with modern IFileDialog interface for better Windows 11 compatibility
Enhancements to dependency dlls safe loading, including delay loading.
Remove recommendation of keyfiles files extensions and update documentation to mention risks of third-party file extensions.
Add support for more language in the setup installer
Update LZMA library to version 23.01
Update libzip to version 1.10.1 and zlib to version 1.3
Linux:
Fix bug in Random generator on Linux when used with Blake2s that was triggering a self test failure.
Modify Random Generator on Linux to exactly match official documentation and the Windows implementation.
Fix compatibility issues with Ubuntu 23.04.
Fix assert messages displayed when using wxWidgets 3.1.6 and newer.
Fix issues launching fsck on Linux.
Fix privilege escalation prompts being ignored.
Fix wrong size for hidden volume when selecting the option to use all free space.
Fix failure to create hidden volume on a disk using CLI caused by wrong maximum size detection.
Fix various issues when running in Text mode:
Use wxWidgets 3.2.2.1 for static builds (e.g. console only version)
Fix compatibility of generic installers with old Linux distros
Update help message to indicate that when cascading algorithms they must be separated by dash
Better compatibility with building under Alpine Linux and musl libc
macOS:
1.25.9 (February 19th, 2022):
All OSes:
Windows:
Linux:
MacOSX:
1.25.7 (January 7th, 2022):
All OSes:
Windows:
Restore support of Windows Vista, Windows 7 and Windows 8/8.1.
MSI installation only: Fix double-clicking .hc file container inserting %1 instead of volume name in path field.
Advanced users: Add registry settings to control driver internal encryption queue to allow tuning performance for SSD disks and having better stability under heavy load.
Under registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt:
The triplet (FragmentSize=512, IoRequestCount=128, ItemCount=64) is an example of parameters that enhance sequential read speed on some SSD NVMe systems.
Fix truncate text in installer for some languages.
MacOSX:
1.25.4 (December 3rd, 2021):
All OSes:
Windows:
Add support for Windows on ARM64 (e.g. Microsoft Surface Pro X) but system encryption not yet supported.
Add MSI installer for silent mode deployment (ACCEPTLICENSE=YES must be set in msiexec command line).
Drop support of Windows Vista, Windows 7, Windows 8 and Windows 8.1 because of new requirement for driver code signing.
Reduce time of mount when PRF auto-detection is selected.
Fix potential memory corruption in driver caused by integer overflow in IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES (reported by Ilja van Sprundel).
Replace insecure wcscpy/wcscat/strcpy runtime functions with secure equivalents.
Changes to EFI bootloader:
Try to workaround Windows Feature Updates issues with system encryption by fixing of bootloader and SetupConfig.ini when system resumes or when session is opened/unlocked
Fix failure to load local HTML documentation if application running with administrative privileges
Fix freeze when password dialog displayed in secure desktop and try to access token keyfiles protected by PIN
Fix failure to launch keyfile generator in secure desktop mode
Block Windows from resizing system partition if it is encrypted
Add keyboard shortcut to "TrueCrypt mode" in the mount dialog.
MacOSX:
Linux:
FreeBSD:
OpenBSD:
1.24-Update8 (November 28th, 2020):
1.24-Update7 (August 7th, 2020):
All OSes:
Windows:
Linux/MacOSX:
1.24-Update6 (March 10th, 2020):
1.24-Update5 (March 9th, 2020):
1.24-Update4 (January 23rd, 2020):
Windows:
Linux:
MacOSX:
1.24-Update3 (December 21nd, 2019):
1.24-Update2 (December 16th, 2019):
All OSes:
Windows:
Fix possible local privilege escalation vulnerability during execution of VeraCrypt Expander (CVE-2019-19501)
MBR bootloader:
EFI bootloader:
Fix multi-OS boot compatibility by only setting VeraCrypt as first bootloader of the system if the current first bootloader is Windows one.
Add new registry flags for SystemFavoritesService to control updating of EFI BIOS boot menu on shutdown.
Allow system encrypted drive to be mounted in WindowsPE even if changing keyboard layout fails (reported and fixed by Sven Strickroth)
Enhancements to the mechanism preserving file timestamps, especially for keyfiles.
Fix RDRAND instruction not detected on AMD CPUs.
Detect cases where RDRAND is flawed (e.g. AMD Ryzen) to avoid using it if enabled by user.
Don't write extra 0x00 byte at the end of DcsProp file when modifying it through UI
Reduce memory usage of IOCTL_DISK_VERIFY handler used in disk verification by Windows.
Add switch /FastCreateFile for VeraCrypt Format.exe to speedup creation of large file container if quick format is selected.
Fix the checkbox for skipping verification of Rescue Disk not reflecting the value of /noisocheck switch specified in VeraCrypt Format command line.
check "TrueCrypt Mode" in password dialog when mounting a file container with .tc extension
Update XML languages files.
Linux:
MacOSX:
1.24-Hotfix1 (October 27rd, 2019):
Windows:
Linux:
MacOSX:
1.24 (October 6th, 2019):
All OSs:
Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
Use Hardware RNG based on CPU timing jitter "Jitterentropy" by Stephan Mueller as a good alternative to CPU RDRAND (http://www.chronox.de/jent.html)
Speed optimization of XTS mode on 64-bit machine using SSE2 (up to 10% faster).
Fix detection of CPU features AVX2/BMI2. Add detection of RDRAND/RDSEED CPU features. Detect Hygon CPU as AMD one.
Windows:
Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
Mitigate some memory attacks by making VeraCrypt applications memory inaccessible to non-admin users (based on KeePassXC implementation)
New security features:
MBR Bootloader: dynamically determine boot loader memory segment instead of hardcoded values (proposed by neos6464)
MBR Bootloader: workaround for issue affecting creation of hidden OS on some SSD drives.
Fix issue related to Windows Update breaking VeraCrypt UEFI bootloader.
Several enhancements and fixes for EFI bootloader:
Implement timeout mechanism for password input. Set default timeout value to 3 minutes and default timeout action to "shutdown".
Implement new actions "shutdown" and "reboot" for EFI DcsProp config file.
Enhance Rescue Disk implementation of restoring VeraCrypt loader.
Fix ESC on password prompt during Pre-Test not starting Windows.
Add menu entry in Rescue Disk that enables starting original Windows loader.
Fix issue that was preventing Streebog hash from being selected manually during Pre-Boot authentication.
If "VeraCrypt" folder is missing from Rescue Disk, it will boot PC directly from bootloader stored on hard drive
Add option (disabled by default) to use CPU RDRAND or RDSEED as an additional entropy source for our random generator when available.
Add mount option (both UI and command line) that allows mounting a volume without attaching it to the specified drive letter.
Update libzip to version 1.5.2
Do not create uninstall shortcut in startmenu when installing VeraCrypt. (by Sven Strickroth)
Enable selection of Quick Format for file containers creation. Separate Quick Format and Dynamic Volume options in the wizard UI.
Fix editor of EFI system encryption configuration file not accepting ENTER key to add new lines.
Avoid simultaneous calls of favorites mounting, for example if corresponding hotkey is pressed multiple times.
Ensure that only one thread at a time can create a secure desktop.
Resize some dialogs in Format and Mount Options to to fix some text truncation issues with non-English languages.
Fix high CPU usage when using favorites and add switch to disable periodic check on devices to reduce CPU load.
Minor UI changes.
Updates and corrections to translations and documentation.
MacOSX:
Linux:
1.23-Hotfix-2 (October 8th, 2018):
Fix low severity vulnerability inherited from TrueCrypt that allowed reading 3 bytes of kernel stack memory (with a rare possibility of 25 additional bytes).
Disable quick format when creating file containers from command line. Add /quick switch to enable it in this case if needed.
Add /nosizecheck switch to disable checking container size against available free space during its creation.
1.23 (September 12th, 2018):
Windows:
MacOSX:
Linux:
1.22 (March 30th, 2018):
All OSs:
Windows:
Linux:
MacOSX:
1.21 (July 9th, 2017):
All OSs:
Windows:
FreeBSD:
1.20 (June 29th, 2017):
All OSs:
Use 64-bit optimized assembly implementation of Twofish and Camellia by Jussi Kivilinna.
Use optimized implementation for SHA-512/SHA256.
Deploy local HTML documentation instead of User Guide PDF.
Change links in UI from ones on Codeplex to ones hosted at veracrypt.fr
Security: build binaries with support for Address Space Layout Randomization (ASLR).
Windows:
Several fixes and modifications for EFI System Encryption:
Fix bug in EFI system decryption using EFI Rescue Disk
Add support for TPM 1.2 and TPM 2.0 (experimental) through DCS low level configuration.
Add Support for EFI full disk encryption and hidden OS using manual procedure (not exposed in UI).
Enable using Secure Desktop for password entry. Add preferences option and command line switch (/secureDesktop) to activate it.
Use default mount parameters when mounting multiple favorites with password caching.
Enable specifying PRF and TrueCryptMode for favorites.
Preliminary driver changes to support EFI hidden OS functionality.
Fix Streebog not recognized by /hash command line.
Add support for ReFS filesystem on Windows 10 when creating normal volumes
Fix high CPU usage when favorite configured to mount with VolumeID on arrival.
Use CHM file for User Guide instead of PDF.
Fix false warning in case of EFI system encryption about Windows not installed on boot drive.
Enhancements to driver handling of various disk IOCTL.
Enhancements to EFI bootloader. Add possibility to manually edit EFI configuration file.
Driver Security: Use enhanced protection of NX pool under Windows 8 and later.
Reduce performance impact of internal check for disconnected network drives.
Minor fixes.
MacOSX:
Linux:
1.19 (October 17th, 2016):
All OSs:
Fix issues raised by Quarkslab audit.
Use SSE2 optimized Serpent algorithm implementation from Botan project (2.5 times faster on 64-bit platforms).
Windows:
Fix keyboard issues in EFI Boot Loader.
Fix crash on 32-bit machines when creating a volume that uses Streebog as PRF.
Fix false positive detection of Evil-Maid attacks in some cases (e.g. hidden OS creation)
Fix failure to access EFS data on VeraCrypt volumes under Windows 10.
Fix wrong password error in the process of copying hidden OS.
Fix issues raised by Quarkslab audit:
Support EFI system encryption for 32-bit Windows.
Perform shutdown instead of reboot during Pre-Test of EFI system encryption to detect incompatible motherboards.
Minor GUI and translations fixes.
MacOSX:
1.18a (August 17th, 2016):
All OSs:
Windows:
Linux:
MacOSX:
1.17 (February 13th, 2016):
All OSs:
Windows:
Linux/MacOSX:
1.16 (October 7th, 2015):
1.15 (September 26th, 2015):
Fix two TrueCrypt vulnerabilities reported by James Forshaw (Google Project
Zero)
Fix regression in mounting of favorite volumes at user logon.
Fix display of some Unicode languages (e.g. Chinese) in formatting wizard.
Set keyboard focus to PIM field when "Use PIM" is checked.
Allow Application key to open context menu on drive letters list
Support specifying volumes size in TB in the GUI (command line already supports this)
1.14 (September 16th, 2015):
All OSs:
Windows:
Solve Rescue Disk damaged error when using cascade ciphers and SHA256 for system encryption.
Solve option "Cache password in drive memory" always disabled even if checked in preferences.
Solve UI language change not taken into account for new install unless a preference is changed.
Implement creating file containers using command line.
Driver: disable support of IOCTL_STORAGE_QUERY_PROPERTY by default and add option to enable it.
Driver: Support returning StorageDeviceProperty when queried through IOCTL_STORAGE_QUERY_PROPERTY.
Support setting volume label in Explorer through mount option or favorite label value.
Fix for Hot Keys assignment dialog issue where OEM-233 is always displayed and can't be changed.
Always copy both 32-bit and 64-bit executable binaries during install and in Traveler Disk Setup.
Include Volume Expander in Traveler Disk Setup.
Don't offer creating a restore point if it is disabled in Windows.
Add possibility to verify a Rescue Disk ISO image file.
Minors fixes in the installer, GUI and driver.
Linux:
veracrypt -t ${IMAGE_PATH} ${MOUNT_PATH} --mount --non-interactive --stdin <<< "$PWD"1.13 (August 9th, 2015):
1.12 (August 5th, 2015):
All OSs:
Windows:
Linux:
1.0f-2 (April 5th, 2015):
All OSs:
Windows:
Solve CryptAcquireContext vulnerability reported by Open Crypto Audit Phase II.
Proper handling of random generator failures. Inform user in such cases.
TrueCrypt Mode related changes:
Solve PIN BLOCKED issue with smart cards in a special case.
Correctly handle file access errors when mounting containers.
Solve several issues reported by the Static Code Analysis too Coverity.
Bootloader: Add "Verifying Password..." message.
When UAC prompt fails (for example timeout), offer the user to retry the operation.
Uninstall link now open the standard "Add/Remove Programs" window.
On uninstall, remove all VeraCrypt references from registry and disk.
Included VeraCryptExpander in the Setup.
Add option to temporary cache password when mounting multiple favorites.
Minor fixes and enhancements (see git history for more information)
MacOSX:
Linux/MacOSX:
1.0f-1 (January 4th, 2015)
All OSs :
Linux/MacOSX:
Windows:
1.0f (December 30, 2014)
All OSs :
MacOSX:
Linux:
Windows:
1.0e (September 4, 2014)
1.0d (June 3, 2014)