Do not package veracrypt-symbolic.svg under hicolor symbolic icons, as KDE may prefer it for AppIndicator tray items and render a black monochrome icon.
Remove the obsolete symbolic icon during generic installer upgrades and refresh the hicolor icon cache after install or uninstall cleanup.
Validate SecureBoot firmware data before trusting fallback selection and mark the unsupported-db helper as noreturn.
Record unsupported Secure Boot db refusals in EFI loader diagnostics, and avoid stale rescue-disk prompts after a refusal.
Reuse the central EFI loader selection policy for elevated signing-support checks instead of duplicating fallback/refusal logic.
Translate unsupported Secure Boot db failures across elevation without duplicate generic dialogs, surface stored-PIM refresh failures, and log unattended loader update failures.
Skip desktop/MIME cache refresh for console installers, where no desktop integration files are installed.
Guard update-mime-database and update-desktop-database calls so minimal systems without desktop-file-utils do not print post-install errors.
Apply the same best-effort cache refresh behavior to FreeBSD generic scripts for parity.
Also fix the FreeBSD uninstall script to remove the per-resolution PNG icons from /usr/local/share/icons, matching where they are installed.
Bundle the FUSE2 userspace library inside the AppImage AppDir and make AppRun prefer APPDIR/usr/lib. This lets the bundled VeraCrypt binary resolve libfuse.so.2 on systems where FUSE2 userspace packages are no longer installed by default.
Name AppImage artifacts according to the GTK backend detected during the build. GTK3 builds keep the default VeraCrypt-<version>-<arch>.AppImage name, while GTK2 builds use a gtk2-legacy suffix to distinguish the legacy compatibility artifact.
Include immintrin.h in the Argon2 AVX2 implementation so GCC toolchains such as the one on CentOS 7 see the AVX2 intrinsic types when compiling with -mavx2.
Refs: https://github.com/veracrypt/VeraCrypt/issues/1595
Embed both Microsoft UEFI CA 2011 and 2023 signed DCS EFI sets and select the 2023 set only when the firmware db trusts the required 2023 third-party CAs.
Fall back to the 2011 EFI set when firmware db state cannot be determined, preserving pre-existing compatibility behavior and recording the reason in HKLM diagnostics.
Refresh installed ESP modules during PostOOBE repair, keep backups before replacing existing DCS modules, and use the selected EFI set when creating rescue media.
Record the selected EFI bootloader resource set and selection reason in HKLM, allow larger firmware db variables on systems with many Secure Boot certificates, and remove diagnostic registry keys on uninstall.
Fix MSI SetupDLL COM typelib version constants so unregister targets the current Main and Format COM typelib versions.
References: https://github.com/veracrypt/VeraCrypt/issues/1655
The commit 9ea5ccc4aa introduced this bug
by creating a translation key named "DISABLE_SCREEN_PROTECTION_WARNING"
but used the key "DISABLE_SCREEN_PROTECTION_HELP" into the installation
wizard.
Update the old logo with a simplified one without extra label text.
.ico and .icns are updated on Windows and macOS, and .png, .svg
are added on Linux and FreeBSD.
Original logo design by Andreas Becker, recreated by danielwerg with
some edits and symbolic version by me.
This update introduces a screen protection mechanism that leverages the Windows Display Affinity API to prevent screen capture, screen recording, and inclusion in the Windows 11 Recall feature. By default, all VeraCrypt windows, menus, and tooltips are protected. Users can enable or disable this feature through a new setting available in the application Preferences, as well as in the installer and MSI configurations.
This enhances user privacy by mitigating potential leaks of sensitive interface content.
Note: Due to a regression in Windows 11 affecting layered windows, ComboBox dropdowns cannot currently be protected by this mechanism.
This patch moves away from gnome-terminal -e options which is deprecated
and subject to possibly be removed in the future. The -- option is nearly
equivalent in behaviour. Also ensures that uninstallation script has correct
privileges, adds window title to xmessage and ensures correct files are
used during installation.
* refactor: use UNMOUNT instead of DISMOUNT in code
This change updates the term DISMOUNT in constants to UNMOUNT.
Other occurrences (e.g. variable names) are left alone for now.
* refactor(ui): use unmount instead of dismount
This change updates the GUI text and replaces dismount with unmount.
* docs: update term dismount -> unmount
* refactor(cmdline): add unmount
This change adds an argument 'unmount' for command line usage, while
trying to deprecate the old disnount argument.
The current dismount argument/flag will still work to not introduce
a breaking change.
* docs: mention that /dismount is deprecated
This change fixes the shorthand version of the argument /unmount
It also adds back the info for /dismount and that it is deprecated.
During a Windows upgrade, ownership of veracrypt.sys is set to TrustedInstaller, preventing VeraCrypt from accessing the file during an update.
This commit resolves the issue by temporarily taking ownership of the file to rename it, allowing the new file to be copied. The setup process now obtains additional privileges for this operation, which are properly dropped once the file copying is complete.