Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
Add option to use legacy maximum password length (64) instead of new one for compatibility reasons.
Use Hardware RNG based on CPU timing jitter "Jitterentropy" by Stephan Mueller as a good alternative to CPU RDRAND (
http://www.chronox.de/jent.html)
Speed optimization of XTS mode on 64-bit machine using SSE2 (up to 10% faster).
Fix detection of CPU features AVX2/BMI2. Add detection of RDRAND/RDSEED CPU features. Detect Hygon CPU as AMD one.
Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
Available only on 64-bit machines.
Disabled by default. Can be enabled using option in UI.
Less than 10% overhead on modern CPUs.Mitigate some memory attacks by making VeraCrypt applications memory inaccessible to non-admin users (based on KeePassXC implementation)
MBR Bootloader: dynamically determine boot loader memory segment instead of hardcoded values (proposed by neos6464)
MBR Bootloader: workaround for issue affecting creation of hidden OS on some SSD drives.
Fix issue related to Windows Update breaking VeraCrypt UEFI bootloader.
Add option (disabled by default) to use CPU RDRAND or RDSEED as an additional entropy source for our random generator when available.
Add mount option (both UI and command line) that allows mounting a volume without attaching it to the specified drive letter.
Update libzip to version 1.5.1
Do not create uninstall shortcut in startmenu when installing VeraCrypt. (by Sven Strickroth)
Enable selection of Quick Format for file containers creation. Separate Quick Format and Dynamic Volume options in the wizard UI.
Fix editor of EFI system encryption configuration file not accepting ENTER key to add new lines.
Avoid simultaneous calls of favorites mounting, for example if corresponding hotkey is pressed multiple times.
Ensure that only one thread at a time can create a secure desktop.
Updates and corrections to translations and documentation.
New security features:
Erase system encryption keys from memory during shutdown/reboot to help mitigate some cold boot attacks.
Add option when system encryption is used to erase all encryption keys from memory when a new device is connected to the system.
Add new driver entry point that can be called by applications to erase encryption keys from memory in case of emergency.
Several enhancements and fixes for EFI bootloader:
Implement timeout mechanism for password input. Set default timeout value to 3 minutes and default timeout action to "shutdown".
Implement new actions "shutdown" and "reboot" for EFI DcsProp config file.
Enhance Rescue Disk implementation of restoring VeraCrypt loader.
Fix ESC on password prompt during Pre-Test not starting Windows.
Add menu entry in Rescue Disk that enables starting original Windows loader.