Skip to content

Releases: veracrypt/VeraCrypt

VeraCrypt version 1.26.19

23 Jan 00:23
VeraCrypt_1.26.19
16aa1a7
Compare
Choose a tag to compare

Binaries for supported operating systems are also available at Sourceforge.

Changes between 1.26.18 and 1.26.19 (22 January 2025):

  • macOS:
    • Fix regression that blocked dismounting of volumes. (GH #1467, GH #1469)

Full Changelog: VeraCrypt_1.26.18...VeraCrypt_1.26.19

VeraCrypt version 1.26.18

22 Jan 18:19
VeraCrypt_1.26.18
05ea7c1
Compare
Choose a tag to compare

Binaries for supported operating systems are also available at Sourceforge.

Changes between 1.26.15 and 1.26.18 (20 January 2025):
  • All OSes:
    • Added support for SHA-256 x86 intrinsic to enhance the performance of PBKDF2-HMAC-SHA256.
    • Added support for AES hardware on ARM64 platforms (e.g. Windows ARM64, macOS on Apple Silicon Mx).
    • Updated translations
  • Windows:
    • Dropped support for Windows 32-bit.
    • Set Windows 10 October 2018 Update (version 1809) as the minimum supported version.
    • Reduce driver deadlock occurences under low-memory scenarios caused by re-entrant IRP completions.
    • Fixed failed EFI detection on some PCs where the BootOrder variable is not defined (proposed by @kriegste, GH #360).
    • Fixed "Access Denied" error when updating VeraCrypt using EXE setup following a Windows upgrade.
    • Fixed various issues affecting the EFI system encryption configuration editor.
    • Fixed regression in Traveler Disk creation (GH #886)
    • Replaced the deprecated CryptGenRandom with BCryptGenRandom for generating secure random bytes.
    • Use modern API to gather system entropy for random generation instead of obsolete ones.
    • Update LZMA SDK to version 24.09
    • Update libzip to version 1.11.2
  • Linux:
    • CVE-2024-54187: Added absolute paths when executing system binaries to prevent path hijacking (collaboration with SivertPL @__tfr)
    • CVE-2025-23021: Prevent mounting volumes on system directories and PATH (reported by SivertPL @__tfr)
    • Fixed an assertion issue with the wxWidgets library included in Ubuntu.
    • Improved directory-opening logic by prioritizing xdg-open and adding fallback mechanisms.
    • Ensure that volume exists before starting the mount operation.
    • Fix "Password too long" error message not expanded to include max length (GH #1456)
    • Simplify sudo session detection logic.
  • macOS:
    • CVE-2024-54187: Added absolute paths when executing system binaries to prevent path hijacking (collaboration with SivertPL @__tfr)
    • CVE-2025-23021: Prevent mounting volumes on system directories and PATH (reported by SivertPL @__tfr)
    • Disabled screen capture by default. Added the --allow-screencapture CLI switch to enable it if needed.
    • Ensure that volume exists before starting the mount operation.
    • Implement sudo session detection logic

Contributors

Full Changelog: VeraCrypt_1.26.15...VeraCrypt_1.26.18

VeraCrypt version 1.26.15 (Windows Hotfix)

03 Sep 19:07
VeraCrypt_1.26.15
b2e55df
Compare
Choose a tag to compare

Binaries for supported operating systems are also available at Sourceforge.

Changes between 1.26.14 and 1.26.15 (2 September 2024):
  • Windows:
    • Fix MSI install/uninstall issues:
      • Fixed error 1603 returned by MSI silent install when REBOOT=ReallySuppress is specified and a reboot is required.
      • Fixed missing documentation and language files from the MSI package.
      • Fixed MSI not installing new documentation and language files when upgrading from an EXE-based installation.
      • Fixed installation folder not being removed after MSI uninstall in some cases.
    • Fix regression during UEFI system decryption that caused the bootloader to persist.

Full Changelog: VeraCrypt_1.26.14...VeraCrypt_1.26.15

VeraCrypt version 1.26.14

27 Aug 20:43
VeraCrypt_1.26.14
b5c7f62
Compare
Choose a tag to compare

Binaries for supported operating systems are also available at Sourceforge.

Changes between 1.26.7 and 1.26.14 (25 August 2024):
  • All OSes:

    • Update translations and documentation.
    • Implement language selection settings in non-Windows versions.
    • Make codebase compatible with wxWidgets 3.3 in non-Windows versions.
    • Implement detection of volumes affected by XTS master key vulnerability and warn user about it.
    • Update mount failure error messages to mention removal of TrueCrypt support and old algorithms.
  • Windows:

    • Better fix for Secure Desktop issues under Windows 11 22H2.
      • IME is now disabled in Secure Desktop because it is known to cause issues.
    • VeraCrypt Expander: Fix expansion of volumes on disks with a sector size different from 512 (by skl0n6).
    • Fix writing wrong EFI System Encryption Advanced Options to registry.
    • Don't close Setup when exiting VeraCrypt process through system tray Exit menu.
    • Fix failure to format some disks (e.g., VHDX) caused by virtual partition offset not 4K aligned.
    • Fallback to absolute positioning when accessing disks if relative positioning fails.
    • Update zlib to version 1.3.1.
  • Linux:

    • Focus PIM field when selected (GH #1239).
    • Fix generic installation script on Konsole in Wayland (GH #1244).
    • Added the ability to build using wolfCrypt as the cryptographic backend. Disabled by default. (Contributed by wolfSSL, GH PR #1227).
    • Allows GUI to launch in a Wayland-only environment (GH #1264).
    • CLI: Don't initially re-ask PIM if it was already specified (GH #1288).
    • CLI: Fix incorrect max hidden volume size for file containers (GH #1338).
    • Enhance ASLR security of generic installer binaries by adding linked flag for old GCC version (reported by @morton-f on Sourceforge).
  • macOS:

    • Fix corrupted disk icon in main UI (GH #1218).
    • Fix near zero width PIM input box and simplify wxTextValidator logic (GH #1274).
    • Use correct Disk Utility location when "check filesystem" is ran (GH #1273).
    • Add support for FUSE-T as an alternative to MacFUSE (GH #1055).
  • FreeBSD:

    • Fix privilege escalation prompts not showing up (GH #1349).
    • Support automatic detection and mounting of ext2/3/4, exFAT, NTFS filesystems (GH #1350).
    • Use correct Disk Utility location when "check filesystem" is ran (GH #1273).

New Contributors

Full Changelog: VeraCrypt_1.26.7...VeraCrypt_1.26.14

VeraCrypt version 1.26.7

01 Oct 20:26
9d36f15
Compare
Choose a tag to compare

Binaries for supported operating systems are also available at Sourceforge.

Changes between 1.25.9 and 1.26.7 (1 October 2023) :
  • All OSes:
    • Security: Ensure that XTS primary key is different from the secondary key when creating volumes
    • Remove TrueCrypt Mode support. Version 1.25.9 can be used to mount or convert TrueCrypt volumes.
    • Complete removal of RIPEMD160 and GOST89 algorithms. Legacy volumes using any of them cannot be mounted by VeraCrypt anymore.
    • Add support for BLAKE2s as new PRF algorithm for both system encryption and standard volumes.
    • Introducing support for EMV banking smart cards as keyfiles for non-system volumes.
      • No need for a separate PKCS#11 module configuration.
      • Card PIN isn't required.
      • Generates secure keyfile content from unique, encoded data present on the banking card.
      • Supports all EMV standard-compliant banking cards.
      • Can be enabled in settings (go to Settings->Security Tokens).
      • Developed by a team of students from the Institut national des sciences appliquées de Rennes.
      • More details about the team and the project are available at https://projets-info.insa-rennes.fr/projets/2022/VeraCrypt/index_en.html.
    • When overwriting an existing file container during volume creation, add its current size to the available free space
    • Add Corsican language support. Update several translations.
    • Update documentation
  • Windows:
    • Officially, the minimum supported version is now Windows 10. VeraCrypt may still run on Windows 7 and Windows 8/8.1, but no active tests are done on these platforms.
    • EFI Bootloader:
      • Fix bug in PasswordTimeout value handling that caused it to be limited to 255 seconds.
      • Rescue Disk: enhance "Boot Original Windows Loader" by using embedded backup of original Windows loader if it is missing from disk
      • Addition of Blake2s and removal of RIPEMD160 & GOST89
    • Enable memory protection by default. Add option under Performance/Driver Configuration to disable it if needed.
      • Memory protection blocks non-admin processes from reading VeraCrypt memory
      • It may block Screen Readers (Accessibility support) from reading VeraCrypt UI, in which case it can be disabled
      • It can be disabled by setting registry value "VeraCryptEnableMemoryProtection" to 0 under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt
    • Add process mitigation policy to prevent VeraCrypt from being injected by other processes
    • Minor enhancements to RAM Encryption implementation
    • Fix Secure Desktop issues under Windows 11 22H2
    • Implement support for mounting partially encrypted system partitions.
    • Fix false positive detection of new device insertion when Clear Encryption Keys option is enable (System Encryption case only)
    • Better implementation of Fast Create when creating file containers that uses UAC to request required privilege if not already held
    • Allow choosing Fast Create in Format Wizard UI when creating file containers
    • Fix formatting issues during volume creation on some machines.
    • Fix stall issue caused by Quick Format of large file containers
    • Add dropdown menu to Mount button to allow mounting without using the cache.
    • Possible workaround for logarithmic slowdown for Encrypt-In-Place on large volumes.
    • Make Expander first check file existence before proceeding further
    • Allow selecting size unit (KB/MB/GB) for generated keyfiles
    • Display full list of supported cluster sizes for NTFS, ReFS and exFAT filesystems when creating volumes
    • Support drag-n-drop of files and keyfiles in Expander.
    • Implement translation of Expander UI
    • Replace legacy file/dir selection APIs with modern IFileDialog interface for better Windows 11 compatibility
    • Enhancements to dependency dlls safe loading, including delay loading.
    • Remove recommendation of keyfiles files extensions and update documentation to mention risks of third-party file extensions.
    • Add support for more language in the setup installer
    • Update LZMA library to version 23.01
    • Update libzip to version 1.10.1 and zlib to version 1.3.
    • Linux:
      • Fix bug in Random generator on Linux when used with Blake2s that was triggering a self test failure.
      • Modify Random Generator on Linux to exactly match official documentation and the Windows implementation.
      • Fix compatibility issues with Ubuntu 23.04.
      • Fix assert messages displayed when using wxWidgets 3.1.6 and newer.
      • Fix issues launching fsck on Linux.
      • Fix privilege escalation prompts being ignored.
      • Fix wrong size for hidden volume when selecting the option to use all free space.
      • Fix failure to create hidden volume on a disk using CLI caused by wrong maximum size detection.
      • Fix various issues when running in Text mode:
        • Don't allow selecting exFAT/BTRFS filesytem if they are not present or not compatible with the created volume.
        • Fix wrong dismount message displayed when mounting a volume.
        • Hide PIM during entry and re-ask PIM when user entered a wrong value.
        • Fix printing error when checking free space during volume creation in path doesn't exist.
      • Use wxWidgets 3.2.2.1 for static builds (e.g. console only version)
      • Fix compatibility of generic installers with old Linux distros
      • Update help message to indicate that when cascading algorithms they must be separated by dash
      • Better compatibility with building under Alpine Linux and musl libc
    • macOS:
      • Fix issue of VeraCrypt window becoming unusable in use cases involving multiple monitors and change in resolution.

VeraCrypt version 1.25.9

20 Feb 20:10
3d655ca
Compare
Choose a tag to compare

Binaries for FreeBSD, Linux, macOS and Windows are available at Launchpad and Sourceforge.

Changes between 1.25.7 and 1.25.9 (19 February 2022) :
  • All OSes:

    • Update translations (Chinese, Dutch, French, German, Turkish).
  • Windows:

    • Make MSI installer compatible with system encryption (Issue #869).
    • Set minimum support for MSI installation to Windows 7.
    • Fix failure to create Traveler Disk when VeraCrypt is installed using MSI (Issue #886).
    • Don't cache the outer volume password when mounting with hidden volume protection if wrong hidden volume password was specified.
    • Reduce the size of EXE installers by almost 50% by using LZMA compression instead of DEFLATE.
    • Fix double-clicking mounted drive in VeraCrypt UI not working in some special Windows configurations (Issue #873).
    • Add registry key to fix BSOD during shutdown/reboot on some machines when using system encryption (Issue #871).
      • Under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt", create a REG_DWORD value named "VeraCryptEraseKeysShutdown".
      • Setting this registry value to 0 disables erasing system encryption keys which is the cause of BSOD during shutdown on some machines.
  • Linux:

    • Fix hidden volume settings not correctly displayed when enabling hidden volume protection in mount options window.
    • Fix generic Linux installer overwriting /usr/sbin if it is a symlink (Issue #888).
    • Fix crash when building with _GLIBCXX_ASSERTIONS defined (Issue #896).
    • Enable building from source without AES-NI support (Issue #892).
  • MacOSX:

    • Fix hidden volume settings not correctly displayed when enabling hidden volume protection in mount options window.

VeraCrypt version 1.25.7

08 Jan 18:30
abfef88
Compare
Choose a tag to compare

Binaries for Windows and MacOSX are available at Launchpad and Sourceforge.

Changes between 1.25.4 and 1.25.7 (7 January 2022) :
  • All OSes:

    • Update translations.
  • Windows:

    • Restore support of Windows Vista, Windows 7 and Windows 8/8.1.
      • Windows 7 support requires that either KB3033929 or KB4474419 is installed.
      • Windows Vista support requires that either KB4039648 or KB4474419 is installed.
    • MSI installation only: Fix double-clicking .hc file container inserting %1 instead of volume name in path field.
    • Advanced users: Add registry settings to control driver internal encryption queue to allow tuning performance for SSD disks and having better stability under heavy load.
      • Under registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt:
        • VeraCryptEncryptionFragmentSize (REG_DWORD): size of encryption data fragment in KiB. Default is 256. Maximum is 2048.
        • VeraCryptEncryptionIoRequestCount (REG_DWORD): maximum number of parallel I/O requests. Default is 16. Maximum is 8192.
        • VeraCryptEncryptionItemCount (REG_DWORD): maximum number of encryption queue items processed in parallel. Default as well as maximum is half of VeraCryptEncryptionIoRequestCount.
      • The triplet (FragmentSize=512, IoRequestCount=128, ItemCount=64) is an example of parameters that enhance sequential read speed on some SSD NVMe systems.
    • Fix truncate text in installer for some languages.
  • MacOSX:

    • Fix resource files inside VeraCrypt application bundle (e.g. HTML documentation, languages XML files) being world-writable. (Reported by Niall O'Reilly)

VeraCrypt version 1.25.4

04 Dec 00:08
0bc3e36
Compare
Choose a tag to compare

Binaries for Windows, Linux and MacOSX are available at Launchpad and Sourceforge.

Changes between 1.24-Update8 and 1.25.4 (3 December 2021) :
  • All OSes:

    • Speed optimization of Streebog.
    • Update translations.
  • Windows:

    • Add support for Windows on ARM64 (e.g. Microsoft Surface Pro X) but system encryption not yet supported.
    • Add MSI installer for silent mode deployment (ACCEPTLICENSE=YES must be set in msiexec command line).
      • For now, MSI installer cannot be used if system partition is encrypted with VeraCrypt
      • MSI installer requires Windows 10 or newer
    • Drop support of Windows Vista, Windows 7, Windows 8 and Windows 8.1 because of new requirement for driver code signing.
    • Reduce time of mount when PRF auto-detection is selected.
    • Fix potential memory corruption in driver caused by integer overflow in IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES (reported by Ilja van Sprundel).
    • Replace insecure wcscpy/wcscat/strcpy runtime functions with secure equivalents.
    • Changes EFI Bootloader:
      • Fix memory leak in some cases caused by wrong check of pointer for calling MEM_FREE
      • Clear bootParams variable that may contain sensitive information when halting the system in case of fatal error
      • Add option "KeyboardInputDelay" in DcsProp to control the minimum delay supported between two key strokes
    • Try to workaround Windows Feature Updates issues with system encryption by fixing of bootloader and SetupConfig.ini when system resumes or when session is opened/unlocked
    • Fix failure to load local HTML documentation if application running with administrative privileges
    • Fix freeze when password dialog displayed in secure desktop and try to access token keyfiles protected by PIN
    • Fix failure to launch keyfile generator in secure desktop mode
    • Block Windows from resizing system partition if it is encrypted
    • Add keyboard shortcut to "TrueCrypt mode" in the mount dialog.
  • MacOSX:

    • Native support of Apple Silicon M1.
    • Drop official support of Mac OS X 10.7 Lion and Mac OS X 10.8 Mountain Lion.
    • Add UI language support using installed XML files. Language is automatically detected using "LANG" environment variable.
    • Add CLI switch (--size=max) and UI option to give a file container all available free space on the disk where it is created.
    • Return error if unknown filesystem value specified in CLI --filesystem switch instead of silently skipping filesystem creation.
  • Linux:

    • Add UI language support using installed XML files. Language is automatically detected using "LANG" environment variable
    • Compatiblity with with pam_tmpdir.
    • Display icon in notification area on Ubuntu 18.04 and newer (contibuted by https://unit193.net/).
    • Add CLI switch (--size=max) and UI option to give a file container all available free space on the disk where it is created.
    • Return error if unknown filesystem value specified in CLI --filesystem switch instead of silently skipping filesystem creation.
  • FreeBSD:

    • Make system devices work under FreeBSD
    • Add CLI switch (--size=max) and UI option to give a file container all available free space on the disk where it is created.
    • Return error if unknown filesystem value specified in CLI --filesystem switch instead of silently skipping filesystem creation.
  • OpenBSD:

    • Add basic support of OpenBSD
    • Add CLI switch (--size=max) and UI option to give a file container all available free space on the disk where it is created.
    • Return error if unknown filesystem value specified in CLI --filesystem switch instead of silently skipping filesystem creation.

VeraCrypt version 1.24-Update8 for MacOSX

29 Nov 10:31
5db0ee2
Compare
Choose a tag to compare

Package for MacOSX is available at Launchpad and Sourceforge.

Changes between 1.24-Update7 and 1.24-Update8 (28 November 2020) :
  • MacOSX:
    • Fix compatibility issues with macOS Big Sur, especially on Apple Silicon M1 with macFUSE 4.0.x (#699 )

VeraCrypt version 1.24-Update7

09 Aug 13:28
42890b7
Compare
Choose a tag to compare

Binaries for Windows, Linux and MacOSX are available at Launchpad and Sourceforge.

Changes between 1.24-Update6 and 1.24-Update7 (7 August 2020) :
  • Windows:

    • Fix regression in Expander and Format when RAM encryption is enable that was causing volume headers to be corrupted.
  • All OSes:

    • Don't allow Hidden volume to have the same password, PIM and keyfiles as Outer volume
    • Fix random crash in 32-bit builds when using Streebog.
    • Enable FIPS mode in JitterEntropy random generator.
    • Update Beginner's Tutorial in documentation to use "MyVolume.hc" instead of "My Volume" for file container name in order to avoid confusion about nature of file nature.
    • Minor code cleanup
  • Windows:

    • Fix wrong results in benchmark of encryption algorithms when RAM encryption is enabled
    • Fix issue when RAM encryption used, AES selected and AES-NI not supported by CPU that caused the free space of newly created volumes not filled with random data even if "quick format" is not selected.
    • Fix UI for blocking TRIM in system encryption not working in MBR boot mode.
    • Support password drag-n-drop from external applications (e.g. KeePass) to password UI fields which is more secure than using clipboard.
    • Implements compatibility with Windows 10 Modern Standby and Windows 8.1 Connected Standby power model. This makes detection of entering power saving mode more reliable.
    • Avoid displaying waiting dialog when /silent specified for "VeraCrypt Format" during creating of file container using /create switch and a filesystem other than FAT.
    • Use native Windows format program to perform formatting of volume since it is more reliable and only fallback to FormatEx function from fmifs.dll in case of issue.
    • Don't use API for Processor Groups support if there is only 1 CPU group in the system. This can fix slowness issue observed on some PCs with AMD CPUs.
    • Don't allow to encrypt the system drive if it is already encrypted by BitLocker.
    • Implement detection of Hibernate and Fast Startup and disable them if RAM encryption is activated.
    • Warn about Fast Startup if it is enabled during VeraCrypt installation/upgrade, when starting system encryption or when creating a volume, and propose to disable it.
    • Add UI options to control the behavior of automatic bootloader fixing when System Encryption used.
    • Don't allow a directory path to be entered for the file container to be created in Format wizard.
    • Don't try to use fix for CVE-2019-19501 if Windows Shell has been modified or is not running since there is no reliable way to fix it in such non standard configuation.
    • MBR bootloader: fix incorrect compressed data size passed to decompressor in boot sector.
    • Add warning message when typed password reaches maximum length during the system encryption wizard.
    • Fix wrong error message when UTF-8 encoding of entered password exceeds the maximum supported length.
    • Fix crash when using portable 32-bit "VeraCrypt Format.exe" to create hidden volume on a 64-bit machine where VeraCrypt is already installed.
    • Update libzip to latest version 1.7.3.
    • Update translations.
  • Linux/MacOSX:

    • Force reading of at least 32 bytes from /dev/random before allowing it to fail gracefully
    • Allow choosing a filesystem other than FAT for Outer volume but display warning about risks of such choice. Implement an estimation of maximum possible size of hidden volume in this case.
    • Erase sensitive memory explicitly instead of relying on the compiler not optimizing calls to method Memory::Erase.
    • Add support for Btrfs filesystem when creating volumes (Linux Only).
    • Update wxWidgets for static builds to version 3.0.5.