1 files changed, 456 insertions, 5 deletions
diff --git a/doc/html/Release Notes.html b/doc/html/Release Notes.html
index 09e5d1ed..aa8792df 100644
--- a/doc/html/Release Notes.html
+++ b/doc/html/Release Notes.html
@@ -10,8 +10,8 @@
 </head>
 <body>
 
-<div>                      
-<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
+<div>
+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
 </div>
 
 <div id="menu">
@@ -27,7 +27,7 @@
 
 <div>
 <p>
-<a href="Documentation.html">Documentation</a>           
+<a href="Documentation.html">Documentation</a>
 <img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
 <a href="Release%20Notes.html">Version History</a>
 </p></div>
@@ -39,6 +39,457 @@
 <strong>Note to users who created volumes with 1.17 version of VeraCrypt or earlier: </strong><br/>
 <span style="color:#ff0000;">To avoid hinting whether your volumes contain a hidden volume or not, or if you depend on plausible deniability when using hidden volumes/OS, then you must recreate both the outer and hidden volumes including system encryption and hidden OS, discarding existing volumes created prior to 1.18a version of VeraCrypt.</span></li>
 </p>
+<p><strong style="text-align:left">1.26.10</strong> (November 8<sup>th</sup>, 2023):</p>
+<ul>
+<li><strong>All OSes:</strong>
+<ul>
+<li>Update translations and documentation</li>
+</ul>
+</li>
+<li><strong>Windows:</strong>
+	<ul>
+	<li>Better fix for Secure Desktop issues under Windows 11 22H2</li>
+	<li>VeraCrypt Expander: Fix expansion of volumes on disks with a sector size different from 512 (by skl0n6)</li>
+	<li>Fix writing wrong EFI System Encryption Advanced Options to registry</li>
+	<li>Don't close Setup when exiting VeraCrypt process through system tray Exit menu</li>
+	<li>Fix failure to format some disks (e.g. VHDX) caused by virtual partition offset not 4K aligned</li>
+	<li>Fallback to absolute positioning when accessing disks if relative positioning fails</li>
+	</ul>
+</li>
+<li><strong>Linux:</strong>
+	<ul>
+	<li>Focus PIM field when selected (#1239)</li>
+	<li>Fix generic installation script on Konsole in Wayland (#1244)</li>
+	</ul>
+</li>
+<li><strong>macOS:</strong>
+	<ul>
+	<li>Fix corrupted disk icon in main UI (GH #1218)</li>
+	</ul>
+</li>
+</ul>
+
+<p><strong style="text-align:left">1.26.7</strong> (October 1<sup>st</sup>, 2023):</p>
+<ul>
+<li><strong>All OSes:</strong>
+<ul>
+<li>Security: Ensure that XTS primary key is different from the secondary key when creating volumes
+	<ul>
+		<li>Issue unlikely to happen thanks to random generator properties but this check must be added to prevent attacks</li>
+		<li>Reference: CCSS,NSA comment at page 3: <a href="https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf">https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf</a></li>
+	</ul>
+</li>
+<li>Remove TrueCrypt Mode support. Version 1.25.9 can be used to mount or convert TrueCrypt volumes.</li>
+<li>Complete removal of RIPEMD160 and GOST89 algorithms. Legacy volumes using any of them cannot be mounted by VeraCrypt anymore.</li>
+<li>Add support for BLAKE2s as new PRF algorithm for both system encryption and standard volumes.</li>
+<li>Introducing support for EMV banking smart cards as keyfiles for non-system volumes.
+	<ul>
+		<li>No need for a separate PKCS#11 module configuration.</li>
+		<li>Card PIN isn't required.</li>
+		<li>Generates secure keyfile content from unique, encoded data present on the banking card.</li>
+		<li>Supports all EMV standard-compliant banking cards.</li>
+		<li>Can be enabled in settings (go to Settings->Security Tokens).</li>
+		<li>Developed by a team of students from the <a href="https://www.insa-rennes.fr">Institut national des sciences appliquées de Rennes</a>.</li>
+		<li>More details about the team and the project are available at <a href="https://projets-info.insa-rennes.fr/projets/2022/VeraCrypt/index_en.html">https://projets-info.insa-rennes.fr/projets/2022/VeraCrypt/index_en.html</a>.</li>
+	</ul>
+</li>
+<li>When overwriting an existing file container during volume creation, add its current size to the available free space</li>
+<li>Add Corsican language support. Update several translations. </li>
+<li>Update documentation</li>
+</ul>
+</li>
+<li><strong>Windows:</strong>
+<ul>
+<li>Officially, the minimum supported version is now <strong>Windows 10</strong>. VeraCrypt may still run on Windows 7 and Windows 8/8.1, but no active tests are done on these platforms.</li>
+<li>EFI Bootloader:
+<ul>
+<li>Fix bug in PasswordTimeout value handling that caused it to be limited to 255 seconds.</li>
+<li>Rescue Disk: enhance "Boot Original Windows Loader" by using embedded backup of original Windows loader if it is missing from disk</li>
+<li>Addition of Blake2s and removal of RIPEMD160 & GOST89</li>
+</ul>
+</li>
+<li>Enable memory protection by default. Add option under Performance/Driver Configuration to disable it if needed.
+<ul>
+	<li>Memory protection blocks non-admin processes from reading VeraCrypt memory</li>
+	<li>It may block Screen Readers (Accessibility support) from reading VeraCrypt UI, in which case it can be disabled</li>
+	<li>It can be disabled by setting registry value "VeraCryptEnableMemoryProtection" to 0 under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt"</li>
+</ul>
+</li>
+<li>Add process mitigation policy to prevent VeraCrypt from being injected by other processes</li>
+<li>Minor enhancements to RAM Encryption implementation</li>
+<li>Fix Secure Desktop issues under Windows 11 22H2</li>
+<li>Implement support for mounting partially encrypted system partitions.</li>
+<li>Fix false positive detection of new device insertion when Clear Encryption Keys option is enable (System Encryption case only)</li>
+<li>Better implementation of Fast Create when creating file containers that uses UAC to request required privilege if not already held</li>
+<li>Allow choosing Fast Create in Format Wizard UI when creating file containers</li>
+<li>Fix formatting issues during volume creation on some machines.</li>
+<li>Fix stall issue caused by Quick Format of large file containers</li>
+<li>Add dropdown menu to Mount button to allow mounting without using the cache.</li>
+<li>Possible workaround for logarithmic slowdown for Encrypt-In-Place on large volumes.</li>
+<li>Make Expander first check file existence before proceeding further</li>
+<li>Allow selecting size unit (KB/MB/GB) for generated keyfiles</li>
+<li>Display full list of supported cluster sizes for NTFS, ReFS and exFAT filesystems when creating volumes</li>
+<li>Support drag-n-drop of files and keyfiles in Expander.</li>
+<li>Implement translation of Expander UI</li>
+<li>Replace legacy file/dir selection APIs with modern IFileDialog interface for better Windows 11 compatibility</li>
+<li>Enhancements to dependency dlls safe loading, including delay loading.</li>
+<li>Remove recommendation of keyfiles files extensions and update documentation to mention risks of third-party file extensions.</li>
+<li>Add support for more language in the setup installer</li>
+<li>Update LZMA library to version 23.01</li>
+<li>Update libzip to version 1.10.1 and zlib to version 1.3</li>
+</ul>
+</li>
+<li><strong>Linux:</strong>
+<ul>
+<li>Fix bug in Random generator on Linux when used with Blake2s that was triggering a self test failure.</li>
+<li>Modify Random Generator on Linux to exactly match official documentation and the Windows implementation.</li> 
+<li>Fix compatibility issues with Ubuntu 23.04.</li>
+<li>Fix assert messages displayed when using wxWidgets 3.1.6 and newer.</li>
+<li>Fix issues launching fsck on Linux.</li>
+<li>Fix privilege escalation prompts being ignored.</li>
+<li>Fix wrong size for hidden volume when selecting the option to use all free space.</li>
+<li>Fix failure to create hidden volume on a disk using CLI caused by wrong maximum size detection.</li>
+<li>Fix various issues when running in Text mode:
+<ul>
+<li>Don't allow selecting exFAT/BTRFS filesytem if they are not present or not compatible with the created volume.</li>
+<li>Fix wrong dismount message displayed when mounting a volume.</li>
+<li>Hide PIM during entry and re-ask PIM when user entered a wrong value.</li>
+<li>Fix printing error when checking free space during volume creation in path doesn't exist.</li>
+</ul>
+</li>
+<li>Use wxWidgets 3.2.2.1 for static builds (e.g. console only version)</li>
+<li>Fix compatibility of generic installers with old Linux distros</li>
+<li>Update help message to indicate that when cascading algorithms they must be separated by dash</li>
+<li>Better compatibility with building under Alpine Linux and musl libc</li>
+</ul>
+</li>
+<li><strong>macOS:</strong>
+	<ul>
+	<li>Fix issue of VeraCrypt window becoming unusable in use cases involving multiple monitors and change in resolution.</li>
+	</ul>
+</li>
+</ul>
+
+<p><strong style="text-align:left">1.25.9</strong> (February 19<sup>th</sup>, 2022):</p>
+<ul>
+<li><strong>All OSes:</strong>
+<ul>
+<li>Update translations (Chinese, Dutch, French, German, Turkish).</li>
+</ul>
+</li>
+<li><strong>Windows:</strong>
+<ul>
+<li>Make MSI installer compatible with system encryption.</li>
+<li>Set minimum support for MSI installation to Windows 7.</li>
+<li>Fix failure to create Traveler Disk when VeraCrypt is installed using MSI.</li>
+<li>Don't cache the outer volume password when mounting with hidden volume protection if wrong hidden volume password was specified.</li> 
+<li>Reduce the size of EXE installers by almost 50% by using LZMA compression instead of DEFLATE.</li>
+<li>Fix double-clicking mounted drive in VeraCrypt UI not working in some special Windows configurations.</li>
+<li>Add registry key to fix BSOD during shutdown/reboot on some machines when using system encryption.
+<ul>
+<li>Under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt", create a REG_DWORD value named "VeraCryptEraseKeysShutdown".</li>
+<li>Setting this registry value to 0 disables erasing system encryption keys which is the cause of BSOD during shutdown on some machines.</li>
+</ul>
+</li>
+</ul>
+</li>
+<li><strong>Linux:</strong>
+<ul>
+<li>Fix hidden volume settings not correctly displayed when enabling hidden volume protection in mount options window.</li>
+<li>Fix generic Linux installer overwriting /usr/sbin if it is a symlink.</li>
+<li>Fix crash when building with _GLIBCXX_ASSERTIONS defined.</li>
+<li>Enable building from source without AES-NI support.</li>
+</ul>
+</li>
+<li><strong>MacOSX:</strong>
+<ul>
+<li>Fix hidden volume settings not correctly displayed when enabling hidden volume protection in mount options window.</li>
+</ul>
+</li>
+</ul>
+<p><strong style="text-align:left">1.25.7</strong> (January 7<sup>th</sup>, 2022):</p>
+<ul>
+<li><strong>All OSes:</strong>
+<ul>
+<li>Update translations.</li>
+</ul>
+</li>
+<li><strong>Windows:</strong>
+<ul>
+<li>Restore support of Windows Vista, Windows 7 and Windows 8/8.1.
+<ul>
+<li>Windows 7 support requires that either KB3033929 or KB4474419 is installed.</li>
+<li>Windows Vista support requires that either KB4039648 or KB4474419 is installed.</li>
+</ul>
+</li>
+<li>MSI installation only: Fix double-clicking .hc file container inserting %1 instead of volume name in path field.</li>
+<li>Advanced users: Add registry settings to control driver internal encryption queue to allow tuning performance for SSD disks and having better stability under heavy load.
+<ul>
+<li>Under registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt:
+<ul>
+<li>VeraCryptEncryptionFragmentSize (REG_DWORD): size of encryption data fragment in KiB. Default is 256. Maximum is 2048.</li>
+<li>VeraCryptEncryptionIoRequestCount (REG_DWORD): maximum number of parallel I/O requests. Default is 16. Maximum is 8192.</li>
+<li>VeraCryptEncryptionItemCount (REG_DWORD): maximum number of encryption queue items processed in parallel. Default as well as maximum is half of VeraCryptEncryptionIoRequestCount.</li>
+</ul>
+</li>
+<li>The triplet (FragmentSize=512, IoRequestCount=128, ItemCount=64) is an example of parameters that enhance sequential read speed on some SSD NVMe systems.</li>
+<li>Fix truncate text in installer for some languages.</li>
+</ul>
+</li>
+</ul>
+<li><strong>MacOSX:</strong>
+<ul>
+<li>Fix resource files inside VeraCrypt application bundle (e.g. HTML documentation, languages XML files) being world-writable. (Reported by Niall O'Reilly)</li>
+</ul>
+</li>
+</ul>
+<p><strong style="text-align:left">1.25.4</strong> (December 3<sup>rd</sup>, 2021):</p>
+<ul>
+<li><strong>All OSes:</strong>
+<ul>
+<li>Speed optimization of Streebog.</li>
+<li>Update translations.</li>
+</ul>
+</li>
+<li><strong>Windows:</strong>
+<ul>
+<li>Add support for Windows on ARM64 (e.g. Microsoft Surface Pro X) but system encryption not yet supported.</li>
+<li>Add MSI installer for silent mode deployment (ACCEPTLICENSE=YES must be set in msiexec command line).
+<ul>
+<li>For now, MSI installer cannot be used if system partition is encrypted with VeraCrypt</li>
+<li>MSI installer requires Windows 10 or newer</li>
+</ul>
+</li>
+<li>Drop support of Windows Vista, Windows 7, Windows 8 and Windows 8.1 because of new requirement for driver code signing.</li>
+<li>Reduce time of mount when PRF auto-detection is selected.</li>
+<li>Fix potential memory corruption in driver caused by integer overflow in IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES (reported by Ilja van Sprundel).</li>
+<li>Replace insecure wcscpy/wcscat/strcpy runtime functions with secure equivalents.</li>
+<li>Changes to EFI bootloader:
+<ul>
+<li>Fix memory leak in some cases caused by wrong check of pointer for calling MEM_FREE</li>
+<li>Clear bootParams variable that may contain sensitive information when halting the system in case of fatal error</li>
+<li>Add option "KeyboardInputDelay" in DcsProp to control the minimum delay supported between two key strokes</li>
+</ul></li>
+<li>Try to workaround Windows Feature Updates issues with system encryption by fixing of bootloader and SetupConfig.ini when system resumes or when session is opened/unlocked</li>
+<li>Fix failure to load local HTML documentation if application running with administrative privileges</li>
+<li>Fix freeze when password dialog displayed in secure desktop and try to access token keyfiles protected by PIN</li>
+<li>Fix failure to launch keyfile generator in secure desktop mode</li>
+<li>Block Windows from resizing system partition if it is encrypted</li>
+<li>Add keyboard shortcut to "TrueCrypt mode" in the mount dialog.</li>
+
+</ul>
+</li>
+<li><strong>MacOSX:</strong>
+<ul>
+<li>Native support of Apple Silicon M1.</li>
+<li>Drop official support of Mac OS X 10.7 Lion and Mac OS X 10.8 Mountain Lion.</li>
+<li>Add UI language support using installed XML files. Language is automatically detected using "LANG" environment variable</li>
+<li>Add CLI switch (--size=max) and UI option to give a file container all available free space on the disk where it is created.</li>
+<li>Return error if unknown filesystem value specified in CLI --filesystem switch instead of silently skipping filesystem creation.</li>
+</ul>
+</li>
+<li><strong>Linux:</strong>
+<ul>
+<li>Add UI language support using installed XML files. Language is automatically detected using "LANG" environment variable</li>
+<li>Compatiblity with with pam_tmpdir.</li>
+<li>Display icon in notification area on Ubuntu 18.04 and newer (contibuted by https://unit193.net/).</li>
+<li>Add CLI switch (--size=max) and UI option to give a file container all available free space on the disk where it is created.</li>
+<li>Return error if unknown filesystem value specified in CLI --filesystem switch instead of silently skipping filesystem creation.</li>
+</ul>
+</li>
+<li><strong>FreeBSD:</strong>
+<ul>
+<li>Make system devices work under FreeBSD</li>
+<li>Add CLI switch (--size=max) and UI option to give a file container all available free space on the disk where it is created.</li>
+<li>Return error if unknown filesystem value specified in CLI --filesystem switch instead of silently skipping filesystem creation.</li>
+</ul>
+</li>
+<li><strong>OpenBSD:</strong>
+<ul>
+<li>Add basic support of OpenBSD</li>
+<li>Add CLI switch (--size=max) and UI option to give a file container all available free space on the disk where it is created.</li>
+<li>Return error if unknown filesystem value specified in CLI --filesystem switch instead of silently skipping filesystem creation.</li>
+</ul>
+</li>
+</ul>
+
+<p><strong style="text-align:left">1.24-Update8</strong> (November 28<sup>th</sup>, 2020):</p>
+<ul>
+<li><strong>MacOSX:</strong>
+<ul>
+<li>Fix compatibility issues with macOS Big Sur, especially on Apple Silicon M1 with macFUSE 4.0.x.</li>
+</ul>
+</li>
+</ul>
+
+<p><strong style="text-align:left">1.24-Update7</strong> (August 7<sup>th</sup>, 2020):</p>
+<ul>
+<li><strong>All OSes:</strong>
+<ul>
+<li>Don't allow Hidden volume to have the same password, PIM and keyfiles as Outer volume</li>
+<li>Fix random crash in 32-bit builds when using Streebog.</li>
+<li>Enable FIPS mode in JitterEntropy random generator.</li>
+<li>Update Beginner's Tutorial in documentation to use "MyVolume.hc" instead of "My Volume" for file container name in order to avoid confusion about nature of file nature.</li>
+<li>Minor code cleanup</li>
+</ul>
+</li>
+<li><strong>Windows:</strong>
+<ul>
+<li>Fix wrong results in benchmark of encryption algorithms when RAM encryption is enabled</li>
+<li>Fix issue when RAM encryption used, AES selected and AES-NI not supported by CPU that caused the free space of newly created volumes not filled with random data even if "quick format" is not selected.</li>
+<li>Fix UI for blocking TRIM in system encryption not working in MBR boot mode.</li>
+<li>Support password drag-n-drop from external applications (e.g. KeePass) to password UI fields which is more secure than using clipboard.</li>
+<li>Implements compatibility with Windows 10 Modern Standby and Windows 8.1 Connected Standby power model. This makes detection of entring power saving mode more reliable.</li>
+<li>Avoid displaying waiting dialog when /silent specified for "VeraCrypt Format" during creating of file container using /create switch and a filesystem other than FAT.</li>
+<li>Use native Windows format program to perform formatting of volume since it is more reliable and only fallback to FormatEx function from fmifs.dll in case of issue.</li>
+<li>Don't use API for Processor Groups support if there is only 1 CPU group in the system. This can fix slowness issue observed on some PCs with AMD CPUs.</li>
+<li>Don't allow to encrypt the system drive if it is already encrypted by BitLocker.</li>
+<li>Implement detection of Hibernate and Fast Startup and disable them if RAM encryption is activated.</li>
+<li>Warn about Fast Startup if it is enabled during VeraCrypt installation/upgrade, when starting system encryption or when creating a volume, and propose to disable it.</li>
+<li>Add UI options to control the behavior of automatic bootloader fixing when System Encryption used.</li>
+<li>Don't allow a directory path to be entered for the file container to be created in Format wizard.</li>
+<li>Don't try to use fix for CVE-2019-19501 if Windows Shell has been modified or is not running since there is no reliable way to fix it in such non standard configuation.</li>
+<li>MBR bootloader: fix incorrect compressed data size passed to decompressor in boot sector.</li>
+<li>Add warning message when typed password reaches maximum length during the system encryption wizard.</li>
+<li>Fix wrong error message when UTF-8 encoding of entered password exceeds the maximum supported length.</li>
+<li>Fix crash when using portable 32-bit "VeraCrypt Format.exe" to create hidden volume on a 64-bit machine where VeraCrypt is already installed.</li>
+<li>Update libzip to latest version 1.7.3.</li>
+<li>Update translations.</li>
+</ul>
+</li>
+<li><strong>Linux/MacOSX:</strong>
+<ul>
+<li>Force reading of at least 32 bytes from /dev/random before allowing it to fail gracefully</li>
+<li>Allow choosing a filesystem other than FAT for Outer volume but display warning about risks of such choice. Implement an estimation of maximum possible size of hidden volume in this case.</li>
+<li>Erase sensitive memory explicitly instead of relying on the compiler not optimizing calls to method Memory::Erase.</li>
+<li>Add support for Btrfs filesystem when creating volumes (Linux Only).</li>
+<li>Update wxWidgets for static builds to version 3.0.5.</li>
+</ul>
+</li>
+</ul>
+
+<p><strong style="text-align:left">1.24-Update6 </strong>(March 10<sup>th</sup>, 2020):</p>
+<ul>
+<li><strong>Windows:</strong>
+<ul>
+<li>Fix PIM label text truncation in password dialog</li>
+<li>Fix wrong language used in installer if user selects a language other than English and then selects English before clicking OK on language selection dialog.</li>
+</ul>
+</li>
+</ul>
+
+<p><strong style="text-align:left">1.24-Update5 </strong>(March 9<sup>th</sup>, 2020):</p>
+<ul>
+<li><strong>Windows:</strong>
+<ul>
+<li>Optimize performance for CPUs that have more than 64 logical processors (contributed by Sachin Keswani from AMD)</li>
+<li>Support specifying keyfiles (both in tokens and in filesystem) when creating file containers using command line (switches /keyfile, /tokenlib and /tokenpin supported in VeraCrypt Format)</li>
+<li>Fix leak of keyfiles path and name after VeraCrypt process exits.</li>
+<li>Add CLI switch /secureDesktop to VeraCrypt Format.</li>
+<li>Update libzip to version 1.6.1</li>
+<li>Minor UI fixes</li>
+</ul>
+</li>
+</ul>
+
+<p><strong style="text-align:left">1.24-Update4 </strong>(January 23<sup>rd</sup>, 2020):</p>
+<ul>
+<li><strong>Windows:</strong>
+<ul>
+<li>Fix regression in Expander and Format when RAM encryption is enable that was causing volume headers to be corrupted.</li>
+<li>Fix failure of Screen Readers (Accessibility support) to read UI by disabling newly introduced memory protection by default and adding a CLI switch (/protectMemory) to enable it when needed.</li>
+<li>Fix side effects related to the fix for CVE-2019-19501 which caused links in UI not to open.</li>
+<li>Add switch /signalExit to support notifying <a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/waitfor" target="_blank">WAITFOR</a> Windows command when VeraCrypt.exe exits if /q was specified in CLI (cf documentation for usage).</li>
+<li>Don't display mount/dismount examples in help dialog for command line in Format and Expander.</li>
+<li>Documentation and translation updates.</li>
+</ul>
+</li>
+<li><strong>Linux:</strong>
+<ul>
+<li>Fix regression that limited the size available for hidden volumes created on disk or partition.</li>
+</ul>
+</li>
+<li><strong>MacOSX:</strong>
+<ul>
+<li>Fix regression that limited the size available for hidden volumes created on disk or partition.</li>
+</ul>
+</li>
+</ul>
+
+<p><strong style="text-align:left">1.24-Update3 </strong>(December 21<sup>nd</sup>, 2019):</p>
+<ul>
+<li><strong>Linux:</strong>
+<ul>
+<li>Fix console-only build to remove dependency on GTK that is not wanted on headless servers.</li>
+</ul>
+</li>
+</ul>
+
+<p><strong style="text-align:left">1.24-Update2 </strong>(December 16<sup>th</sup>, 2019):</p>
+<ul>
+<li><strong>All OSes:</strong>
+<ul>
+<li>clear AES key from stack memory when using non-optimized implementation. Doesn't apply to VeraCrypt official build (Reported and fixed by Hanno Böck)</li>
+<li>Update Jitterentropy RNG Library to version 2.2.0</li>
+<li>Start following IEEE 1541 agreed naming of bytes (KiB, MiB, GiB, TiB, PiB).</li>
+<li>Various documentation enhancements.</li>
+</ul>
+</li>
+<li><strong>Windows:</strong>
+<ul>
+<li>Fix possible local privilege escalation vulnerability during execution of VeraCrypt Expander (CVE-2019-19501)</li>
+<li>MBR bootloader:
+<ul>
+<li>workaround for SSD disks that don't allow write operations in BIOS mode with buffers less than 4096 bytes.</li>
+<li>Don't restore MBR to VeraCrypt value if it is coming from a loader different from us or different from Microsoft one.</li>
+</ul>
+</li>
+<li>EFI bootloader:
+<ul>
+<li>Fix "ActionFailed" not working and add "ActionCancelled" to customize handling of user hitting ESC on password prompt</li>
+<li>Fix F5 showing previous password after failed authentication attempt. Ensure that even wrong password value are cleared from memory.</li>
+</ul>
+</li>
+<li>Fix multi-OS boot compatibility by only setting VeraCrypt as first bootloader of the system if the current first bootloader is Windows one.</li>
+<li>Add new registry flags for SystemFavoritesService to control updating of EFI BIOS boot menu on shutdown.</li>
+<li>Allow system encrypted drive to be mounted in WindowsPE even if changing keyboard layout fails (reported and fixed by Sven Strickroth)</li>
+<li>Enhancements to the mechanism preserving file timestamps, especially for keyfiles.</li>
+<li>Fix RDRAND instruction not detected on AMD CPUs.</li>
+<li>Detect cases where RDRAND is flawed (e.g. AMD Ryzen) to avoid using it if enabled by user.</li>
+<li>Don't write extra 0x00 byte at the end of DcsProp file when modifying it through UI</li>
+<li>Reduce memory usage of IOCTL_DISK_VERIFY handler used in disk verification by Windows.</li>
+<li>Add switch /FastCreateFile for VeraCrypt Format.exe to speedup creation of large file container if quick format is selected.</li>
+<li>Fix the checkbox for skipping verification of Rescue Disk not reflecting the value of /noisocheck switch specified in VeraCrypt Format command line.</li>
+<li>check "TrueCrypt Mode" in password dialog when mounting a file container with .tc extension</li>
+<li>Update XML languages files.</li>
+</ul>
+</li>
+<li><strong>Linux:</strong>
+<ul>
+<li>Fix regression causing admin password to be requested too many times in some cases</li>
+<li>Fix off by one buffer overflow in function Process::Execute (Reported and fixed by Hanno Böck)</li>
+<li>Make sure password gets deleted in case of internal error when mounting volume (Reported and fixed by Hanno Böck)</li>
+<li>Fix passwords using Unicode characters not recognized in text mode.</li>
+<li>Fix failure to run VeraCrypt binary built for console mode on headless machines.</li>
+<li>Add switch to force the use of legacy maximum password length (64 UTF8 bytes)</li>
+<li>Add CLI switch (--use-dummy-sudo-password) to force use of old sudo behavior of sending a dummy password</li>
+<li>During uninstall, output error message to STDERR instead of STDOUT for better compatibility with package managers.</li>
+<li>Make sector size mismatch error when mounting disks more verbose.</li>
+<li>Speedup SHA256 in 64-bit mode by using assembly code.</li>
+</ul>
+</li>
+<li><strong>MacOSX:</strong>
+<ul>
+<li>Add switch to force the use of legacy maximum password length (64 UTF8 bytes)</li>
+<li>Fix off by one buffer overflow in function Process::Execute (Reported and fixed by Hanno Böck)</li>
+<li>Fix passwords using Unicode characters not recognized in text mode.</li>
+<li>Make sector size mismatch error when mounting disks more verbose.</li>
+<li>Speedup SHA256 in 64-bit mode by using assembly code.</li>
+<li>Link against latest wxWidgets version 3.1.3</li>
+</ul>
+</li>
+</ul>
+
 
 <p><strong style="text-align:left">1.24-Hotfix1 </strong>(October 27<sup>rd</sup>, 2019):</p>
 <ul>
@@ -124,7 +575,7 @@
 <li>Enable selection of Quick Format for file containers creation. Separate Quick Format and Dynamic Volume options in the wizard UI.</li>
 <li>Fix editor of EFI system encryption configuration file not accepting ENTER key to add new lines.</li>
 <li>Avoid simultaneous calls of favorites mounting, for example if corresponding hotkey is pressed multiple times.</li>
-<li>Ensure that only one thread at a time can create a secure desktop.</li> 
+<li>Ensure that only one thread at a time can create a secure desktop.</li>
 <li>Resize some dialogs in Format and Mount Options to to fix some text truncation issues with non-English languages.</li>
 <li>Fix high CPU usage when using favorites and add switch to disable periodic check on devices to reduce CPU load.</li>
 <li>Minor UI changes.</li>
@@ -608,4 +1059,4 @@ incorrect Impersonation Token Handling. </li></ul>
 <li>Correct issue while creating hidden operating system. </li><li>Minor improvements and bug fixes. </li></ul>
 </li></ul>
 </div>
-</div><div class="ClearBoth"></div></body></html>
-\ No newline at end of file
+</div><div class="ClearBoth"></div></body></html>