The fixes include:

• Removal of the GOST 28147-89 encryption option entirely. The implementation was unsafe. Functionality for decryption of volumes that used this cipher is still in place, but new volumes cannot be created using this cipher.
• Removal of XZip and XUnzip. These were replaced with modern and more secure zip libraries (libzip).
• Fixes implemented for the vulnerability described in section 5.1 (password length can be determined in classic bootloader).
• Fixes implemented for the vulnerability described in section 7.1 for the new bootloader. (keystrokes not erased after authentication)
• Fixes implemented for the vulnerability described in section 7.2 for the new bootloader. (sensitive data not correctly erased)
• Fixes implemented for the vulnerability described in section 7.3 for the new bootloader. (memory corruption)
• Fixes implemented for the vulnerability described in section 7.4 for the new bootloader. (null pointer, dead code, inconsistent data reads by ConfigRead, bad pointer in EFIGetHandles, null pointer dereference in the graphic library.)
• Updates to user documentation for other vulnerabilities that can be closed by user practices.