Releases: veracrypt/VeraCrypt
VeraCrypt version 1.26.19
Binaries for supported operating systems are also available at Sourceforge.
Changes between 1.26.18 and 1.26.19 (22 January 2025):
Full Changelog: VeraCrypt_1.26.18...VeraCrypt_1.26.19
VeraCrypt version 1.26.18
Binaries for supported operating systems are also available at Sourceforge.
Changes between 1.26.15 and 1.26.18 (20 January 2025):
- All OSes:
- Added support for SHA-256 x86 intrinsic to enhance the performance of PBKDF2-HMAC-SHA256.
- Added support for AES hardware on ARM64 platforms (e.g. Windows ARM64, macOS on Apple Silicon Mx).
- Updated translations
- Windows:
- Dropped support for Windows 32-bit.
- Set Windows 10 October 2018 Update (version 1809) as the minimum supported version.
- Reduce driver deadlock occurences under low-memory scenarios caused by re-entrant IRP completions.
- Fixed failed EFI detection on some PCs where the BootOrder variable is not defined (proposed by @kriegste, GH #360).
- Fixed "Access Denied" error when updating VeraCrypt using EXE setup following a Windows upgrade.
- Fixed various issues affecting the EFI system encryption configuration editor.
- Fixed regression in Traveler Disk creation (GH #886)
- Replaced the deprecated CryptGenRandom with BCryptGenRandom for generating secure random bytes.
- Use modern API to gather system entropy for random generation instead of obsolete ones.
- Update LZMA SDK to version 24.09
- Update libzip to version 1.11.2
- Linux:
- CVE-2024-54187: Added absolute paths when executing system binaries to prevent path hijacking (collaboration with SivertPL @__tfr)
- CVE-2025-23021: Prevent mounting volumes on system directories and PATH (reported by SivertPL @__tfr)
- Fixed an assertion issue with the wxWidgets library included in Ubuntu.
- Improved directory-opening logic by prioritizing xdg-open and adding fallback mechanisms.
- Ensure that volume exists before starting the mount operation.
- Fix "Password too long" error message not expanded to include max length (GH #1456)
- Simplify sudo session detection logic.
- macOS:
- CVE-2024-54187: Added absolute paths when executing system binaries to prevent path hijacking (collaboration with SivertPL @__tfr)
- CVE-2025-23021: Prevent mounting volumes on system directories and PATH (reported by SivertPL @__tfr)
- Disabled screen capture by default. Added the --allow-screencapture CLI switch to enable it if needed.
- Ensure that volume exists before starting the mount operation.
- Implement sudo session detection logic
Contributors
- Update Language.sv.xml by @NickWick13 in #1416
- Add Option to Enable/Disable Screen Capture by @denizt in #1418
- Update Language.ro.xml by @TigerxWood in #1434
Full Changelog: VeraCrypt_1.26.15...VeraCrypt_1.26.18
VeraCrypt version 1.26.15 (Windows Hotfix)
Binaries for supported operating systems are also available at Sourceforge.
Changes between 1.26.14 and 1.26.15 (2 September 2024):
- Windows:
- Fix MSI install/uninstall issues:
- Fixed error 1603 returned by MSI silent install when REBOOT=ReallySuppress is specified and a reboot is required.
- Fixed missing documentation and language files from the MSI package.
- Fixed MSI not installing new documentation and language files when upgrading from an EXE-based installation.
- Fixed installation folder not being removed after MSI uninstall in some cases.
- Fix regression during UEFI system decryption that caused the bootloader to persist.
- Fix MSI install/uninstall issues:
Full Changelog: VeraCrypt_1.26.14...VeraCrypt_1.26.15
VeraCrypt version 1.26.14
Binaries for supported operating systems are also available at Sourceforge.
Changes between 1.26.7 and 1.26.14 (25 August 2024):
-
All OSes:
- Update translations and documentation.
- Implement language selection settings in non-Windows versions.
- Make codebase compatible with wxWidgets 3.3 in non-Windows versions.
- Implement detection of volumes affected by XTS master key vulnerability and warn user about it.
- Update mount failure error messages to mention removal of TrueCrypt support and old algorithms.
-
Windows:
- Better fix for Secure Desktop issues under Windows 11 22H2.
- IME is now disabled in Secure Desktop because it is known to cause issues.
- VeraCrypt Expander: Fix expansion of volumes on disks with a sector size different from 512 (by skl0n6).
- Fix writing wrong EFI System Encryption Advanced Options to registry.
- Don't close Setup when exiting VeraCrypt process through system tray Exit menu.
- Fix failure to format some disks (e.g., VHDX) caused by virtual partition offset not 4K aligned.
- Fallback to absolute positioning when accessing disks if relative positioning fails.
- Update zlib to version 1.3.1.
- Better fix for Secure Desktop issues under Windows 11 22H2.
-
Linux:
- Focus PIM field when selected (GH #1239).
- Fix generic installation script on Konsole in Wayland (GH #1244).
- Added the ability to build using wolfCrypt as the cryptographic backend. Disabled by default. (Contributed by wolfSSL, GH PR #1227).
- Allows GUI to launch in a Wayland-only environment (GH #1264).
- CLI: Don't initially re-ask PIM if it was already specified (GH #1288).
- CLI: Fix incorrect max hidden volume size for file containers (GH #1338).
- Enhance ASLR security of generic installer binaries by adding linked flag for old GCC version (reported by @morton-f on Sourceforge).
-
macOS:
-
FreeBSD:
New Contributors
- @Mattoje made their first contribution in #1226
- @udev2045 made their first contribution in #1230
- @MayanTigger made their first contribution in #1241
- @lealem47 made their first contribution in #1227
- @kayazeren made their first contribution in #1254
- @JonatanWick made their first contribution in #1270
- @pji2918 made their first contribution in #1291
- @RoboSchmied made their first contribution in #1324
- @nerun made their first contribution in #1306
- @Ozero4 made their first contribution in #1372
- @SebastienGeeraert made their first contribution in #1373
- @chatgptdev made their first contribution in #1386
- @lollolong made their first contribution in #1389
Full Changelog: VeraCrypt_1.26.7...VeraCrypt_1.26.14
VeraCrypt version 1.26.7
Binaries for supported operating systems are also available at Sourceforge.
Changes between 1.25.9 and 1.26.7 (1 October 2023) :
- All OSes:
- Security: Ensure that XTS primary key is different from the secondary key when creating volumes
- Issue unlikely to happen thanks to random generator properties but this check must be added to prevent attacks
- Reference: CCSS,NSA comment at page 3: https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf
- Remove TrueCrypt Mode support. Version 1.25.9 can be used to mount or convert TrueCrypt volumes.
- Complete removal of RIPEMD160 and GOST89 algorithms. Legacy volumes using any of them cannot be mounted by VeraCrypt anymore.
- Add support for BLAKE2s as new PRF algorithm for both system encryption and standard volumes.
- Introducing support for EMV banking smart cards as keyfiles for non-system volumes.
- No need for a separate PKCS#11 module configuration.
- Card PIN isn't required.
- Generates secure keyfile content from unique, encoded data present on the banking card.
- Supports all EMV standard-compliant banking cards.
- Can be enabled in settings (go to Settings->Security Tokens).
- Developed by a team of students from the Institut national des sciences appliquées de Rennes.
- More details about the team and the project are available at https://projets-info.insa-rennes.fr/projets/2022/VeraCrypt/index_en.html.
- When overwriting an existing file container during volume creation, add its current size to the available free space
- Add Corsican language support. Update several translations.
- Update documentation
- Security: Ensure that XTS primary key is different from the secondary key when creating volumes
- Windows:
- Officially, the minimum supported version is now Windows 10. VeraCrypt may still run on Windows 7 and Windows 8/8.1, but no active tests are done on these platforms.
- EFI Bootloader:
- Fix bug in PasswordTimeout value handling that caused it to be limited to 255 seconds.
- Rescue Disk: enhance "Boot Original Windows Loader" by using embedded backup of original Windows loader if it is missing from disk
- Addition of Blake2s and removal of RIPEMD160 & GOST89
- Enable memory protection by default. Add option under Performance/Driver Configuration to disable it if needed.
- Memory protection blocks non-admin processes from reading VeraCrypt memory
- It may block Screen Readers (Accessibility support) from reading VeraCrypt UI, in which case it can be disabled
- It can be disabled by setting registry value "VeraCryptEnableMemoryProtection" to 0 under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt
- Add process mitigation policy to prevent VeraCrypt from being injected by other processes
- Minor enhancements to RAM Encryption implementation
- Fix Secure Desktop issues under Windows 11 22H2
- Implement support for mounting partially encrypted system partitions.
- Fix false positive detection of new device insertion when Clear Encryption Keys option is enable (System Encryption case only)
- Better implementation of Fast Create when creating file containers that uses UAC to request required privilege if not already held
- Allow choosing Fast Create in Format Wizard UI when creating file containers
- Fix formatting issues during volume creation on some machines.
- Fix stall issue caused by Quick Format of large file containers
- Add dropdown menu to Mount button to allow mounting without using the cache.
- Possible workaround for logarithmic slowdown for Encrypt-In-Place on large volumes.
- Make Expander first check file existence before proceeding further
- Allow selecting size unit (KB/MB/GB) for generated keyfiles
- Display full list of supported cluster sizes for NTFS, ReFS and exFAT filesystems when creating volumes
- Support drag-n-drop of files and keyfiles in Expander.
- Implement translation of Expander UI
- Replace legacy file/dir selection APIs with modern IFileDialog interface for better Windows 11 compatibility
- Enhancements to dependency dlls safe loading, including delay loading.
- Remove recommendation of keyfiles files extensions and update documentation to mention risks of third-party file extensions.
- Add support for more language in the setup installer
- Update LZMA library to version 23.01
- Update libzip to version 1.10.1 and zlib to version 1.3.
- Linux:
- Fix bug in Random generator on Linux when used with Blake2s that was triggering a self test failure.
- Modify Random Generator on Linux to exactly match official documentation and the Windows implementation.
- Fix compatibility issues with Ubuntu 23.04.
- Fix assert messages displayed when using wxWidgets 3.1.6 and newer.
- Fix issues launching fsck on Linux.
- Fix privilege escalation prompts being ignored.
- Fix wrong size for hidden volume when selecting the option to use all free space.
- Fix failure to create hidden volume on a disk using CLI caused by wrong maximum size detection.
- Fix various issues when running in Text mode:
- Don't allow selecting exFAT/BTRFS filesytem if they are not present or not compatible with the created volume.
- Fix wrong dismount message displayed when mounting a volume.
- Hide PIM during entry and re-ask PIM when user entered a wrong value.
- Fix printing error when checking free space during volume creation in path doesn't exist.
- Use wxWidgets 3.2.2.1 for static builds (e.g. console only version)
- Fix compatibility of generic installers with old Linux distros
- Update help message to indicate that when cascading algorithms they must be separated by dash
- Better compatibility with building under Alpine Linux and musl libc
- macOS:
- Fix issue of VeraCrypt window becoming unusable in use cases involving multiple monitors and change in resolution.
VeraCrypt version 1.25.9
Binaries for FreeBSD, Linux, macOS and Windows are available at Launchpad and Sourceforge.
Changes between 1.25.7 and 1.25.9 (19 February 2022) :
-
All OSes:
- Update translations (Chinese, Dutch, French, German, Turkish).
-
Windows:
- Make MSI installer compatible with system encryption (Issue #869).
- Set minimum support for MSI installation to Windows 7.
- Fix failure to create Traveler Disk when VeraCrypt is installed using MSI (Issue #886).
- Don't cache the outer volume password when mounting with hidden volume protection if wrong hidden volume password was specified.
- Reduce the size of EXE installers by almost 50% by using LZMA compression instead of DEFLATE.
- Fix double-clicking mounted drive in VeraCrypt UI not working in some special Windows configurations (Issue #873).
- Add registry key to fix BSOD during shutdown/reboot on some machines when using system encryption (Issue #871).
- Under "
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt
", create a REG_DWORD value named "VeraCryptEraseKeysShutdown
". - Setting this registry value to 0 disables erasing system encryption keys which is the cause of BSOD during shutdown on some machines.
- Under "
-
Linux:
- Fix hidden volume settings not correctly displayed when enabling hidden volume protection in mount options window.
- Fix generic Linux installer overwriting /usr/sbin if it is a symlink (Issue #888).
- Fix crash when building with _GLIBCXX_ASSERTIONS defined (Issue #896).
- Enable building from source without AES-NI support (Issue #892).
-
MacOSX:
- Fix hidden volume settings not correctly displayed when enabling hidden volume protection in mount options window.
VeraCrypt version 1.25.7
Binaries for Windows and MacOSX are available at Launchpad and Sourceforge.
Changes between 1.25.4 and 1.25.7 (7 January 2022) :
-
All OSes:
- Update translations.
-
Windows:
- Restore support of Windows Vista, Windows 7 and Windows 8/8.1.
- Windows 7 support requires that either KB3033929 or KB4474419 is installed.
- Windows Vista support requires that either KB4039648 or KB4474419 is installed.
- MSI installation only: Fix double-clicking .hc file container inserting %1 instead of volume name in path field.
- Advanced users: Add registry settings to control driver internal encryption queue to allow tuning performance for SSD disks and having better stability under heavy load.
- Under registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt
:VeraCryptEncryptionFragmentSize
(REG_DWORD): size of encryption data fragment in KiB. Default is 256. Maximum is 2048.VeraCryptEncryptionIoRequestCount
(REG_DWORD): maximum number of parallel I/O requests. Default is 16. Maximum is 8192.VeraCryptEncryptionItemCount
(REG_DWORD): maximum number of encryption queue items processed in parallel. Default as well as maximum is half ofVeraCryptEncryptionIoRequestCount
.
- The triplet (FragmentSize=512, IoRequestCount=128, ItemCount=64) is an example of parameters that enhance sequential read speed on some SSD NVMe systems.
- Under registry key
- Fix truncate text in installer for some languages.
- Restore support of Windows Vista, Windows 7 and Windows 8/8.1.
-
MacOSX:
- Fix resource files inside VeraCrypt application bundle (e.g. HTML documentation, languages XML files) being world-writable. (Reported by Niall O'Reilly)
VeraCrypt version 1.25.4
Binaries for Windows, Linux and MacOSX are available at Launchpad and Sourceforge.
Changes between 1.24-Update8 and 1.25.4 (3 December 2021) :
-
All OSes:
- Speed optimization of Streebog.
- Update translations.
-
Windows:
- Add support for Windows on ARM64 (e.g. Microsoft Surface Pro X) but system encryption not yet supported.
- Add MSI installer for silent mode deployment (ACCEPTLICENSE=YES must be set in msiexec command line).
- For now, MSI installer cannot be used if system partition is encrypted with VeraCrypt
- MSI installer requires Windows 10 or newer
- Drop support of Windows Vista, Windows 7, Windows 8 and Windows 8.1 because of new requirement for driver code signing.
- Reduce time of mount when PRF auto-detection is selected.
- Fix potential memory corruption in driver caused by integer overflow in IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES (reported by Ilja van Sprundel).
- Replace insecure wcscpy/wcscat/strcpy runtime functions with secure equivalents.
- Changes EFI Bootloader:
- Fix memory leak in some cases caused by wrong check of pointer for calling MEM_FREE
- Clear bootParams variable that may contain sensitive information when halting the system in case of fatal error
- Add option "KeyboardInputDelay" in DcsProp to control the minimum delay supported between two key strokes
- Try to workaround Windows Feature Updates issues with system encryption by fixing of bootloader and SetupConfig.ini when system resumes or when session is opened/unlocked
- Fix failure to load local HTML documentation if application running with administrative privileges
- Fix freeze when password dialog displayed in secure desktop and try to access token keyfiles protected by PIN
- Fix failure to launch keyfile generator in secure desktop mode
- Block Windows from resizing system partition if it is encrypted
- Add keyboard shortcut to "TrueCrypt mode" in the mount dialog.
-
MacOSX:
- Native support of Apple Silicon M1.
- Drop official support of Mac OS X 10.7 Lion and Mac OS X 10.8 Mountain Lion.
- Add UI language support using installed XML files. Language is automatically detected using "LANG" environment variable.
- Add CLI switch (
--size=max
) and UI option to give a file container all available free space on the disk where it is created. - Return error if unknown filesystem value specified in CLI --filesystem switch instead of silently skipping filesystem creation.
-
Linux:
- Add UI language support using installed XML files. Language is automatically detected using "LANG" environment variable
- Compatiblity with with pam_tmpdir.
- Display icon in notification area on Ubuntu 18.04 and newer (contibuted by https://unit193.net/).
- Add CLI switch (
--size=max
) and UI option to give a file container all available free space on the disk where it is created. - Return error if unknown filesystem value specified in CLI --filesystem switch instead of silently skipping filesystem creation.
-
FreeBSD:
- Make system devices work under FreeBSD
- Add CLI switch (
--size=max
) and UI option to give a file container all available free space on the disk where it is created. - Return error if unknown filesystem value specified in CLI --filesystem switch instead of silently skipping filesystem creation.
-
OpenBSD:
- Add basic support of OpenBSD
- Add CLI switch (
--size=max
) and UI option to give a file container all available free space on the disk where it is created. - Return error if unknown filesystem value specified in CLI --filesystem switch instead of silently skipping filesystem creation.
VeraCrypt version 1.24-Update8 for MacOSX
Package for MacOSX is available at Launchpad and Sourceforge.
Changes between 1.24-Update7 and 1.24-Update8 (28 November 2020) :
- MacOSX:
- Fix compatibility issues with macOS Big Sur, especially on Apple Silicon M1 with macFUSE 4.0.x (#699 )
VeraCrypt version 1.24-Update7
Binaries for Windows, Linux and MacOSX are available at Launchpad and Sourceforge.
Changes between 1.24-Update6 and 1.24-Update7 (7 August 2020) :
-
Windows:
- Fix regression in Expander and Format when RAM encryption is enable that was causing volume headers to be corrupted.
-
All OSes:
- Don't allow Hidden volume to have the same password, PIM and keyfiles as Outer volume
- Fix random crash in 32-bit builds when using Streebog.
- Enable FIPS mode in JitterEntropy random generator.
- Update Beginner's Tutorial in documentation to use "MyVolume.hc" instead of "My Volume" for file container name in order to avoid confusion about nature of file nature.
- Minor code cleanup
-
Windows:
- Fix wrong results in benchmark of encryption algorithms when RAM encryption is enabled
- Fix issue when RAM encryption used, AES selected and AES-NI not supported by CPU that caused the free space of newly created volumes not filled with random data even if "quick format" is not selected.
- Fix UI for blocking TRIM in system encryption not working in MBR boot mode.
- Support password drag-n-drop from external applications (e.g. KeePass) to password UI fields which is more secure than using clipboard.
- Implements compatibility with Windows 10 Modern Standby and Windows 8.1 Connected Standby power model. This makes detection of entering power saving mode more reliable.
- Avoid displaying waiting dialog when /silent specified for "VeraCrypt Format" during creating of file container using /create switch and a filesystem other than FAT.
- Use native Windows format program to perform formatting of volume since it is more reliable and only fallback to FormatEx function from fmifs.dll in case of issue.
- Don't use API for Processor Groups support if there is only 1 CPU group in the system. This can fix slowness issue observed on some PCs with AMD CPUs.
- Don't allow to encrypt the system drive if it is already encrypted by BitLocker.
- Implement detection of Hibernate and Fast Startup and disable them if RAM encryption is activated.
- Warn about Fast Startup if it is enabled during VeraCrypt installation/upgrade, when starting system encryption or when creating a volume, and propose to disable it.
- Add UI options to control the behavior of automatic bootloader fixing when System Encryption used.
- Don't allow a directory path to be entered for the file container to be created in Format wizard.
- Don't try to use fix for CVE-2019-19501 if Windows Shell has been modified or is not running since there is no reliable way to fix it in such non standard configuation.
- MBR bootloader: fix incorrect compressed data size passed to decompressor in boot sector.
- Add warning message when typed password reaches maximum length during the system encryption wizard.
- Fix wrong error message when UTF-8 encoding of entered password exceeds the maximum supported length.
- Fix crash when using portable 32-bit "VeraCrypt Format.exe" to create hidden volume on a 64-bit machine where VeraCrypt is already installed.
- Update libzip to latest version 1.7.3.
- Update translations.
-
Linux/MacOSX:
- Force reading of at least 32 bytes from /dev/random before allowing it to fail gracefully
- Allow choosing a filesystem other than FAT for Outer volume but display warning about risks of such choice. Implement an estimation of maximum possible size of hidden volume in this case.
- Erase sensitive memory explicitly instead of relying on the compiler not optimizing calls to method Memory::Erase.
- Add support for Btrfs filesystem when creating volumes (Linux Only).
- Update wxWidgets for static builds to version 3.0.5.