Updated component versions.

JAG3D:
Confidence level of the parameters has been separated and decoupled from the settings for hypothesis tests
SQL table columns of Helmert's error ellipse have been renamed and standardized to avoid confusion

update beast prompt for openai models

Fixed program flickering issue.

Added a new mode: Agents (OpenAI) and integrated openai-agents into the app (beta).

Bugfixes:
Fixed an issue with the used volume letter checks in the PE Helper where they would not work correctly.
New features:
Preinstallation Environment Helper:
The startup screen in HotInstall is now localized
The Driver Installation Module (DIM) has seen a minor design refresh to let you select items more easily, with grid lines
PowerShell script execution policy settings have been off-loaded from the DT PE startup code and put into the ISO creation script. This can present startup time improvements
When configuring DNS settings for Active Directory Domain Services join, you can now verify the syntax of DNS addresses. You will later see a report featuring the types of the addresses that have been specified. For invalid addresses, you will also see why they were marked as such.
You can now remove the answer files from your image easily.
Help Documentation:
The DISMTools Tour is now finalized. As a reminder, you can access it from the Help menu or the Getting Started page in the Help documentation
The Tour can now be launched automatically when you first set up DISMTools
Image tasks:
DISMTools now uses pnputil to add drivers on active installations
Miscellaneous:
CODE: Registry actions are now carried out by the new Registry Helper

1. Another directory traversal vulnerability, differing from that
in WinRAR 7.12, has been fixed.

When extracting a file, previous versions of WinRAR, Windows versions
of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked
into using a path, defined in a specially crafted archive,
instead of user specified path.

Unix versions of RAR, UnRAR, portable UnRAR source code
and UnRAR library, also as RAR for Android, are not affected.

We are thankful to Anton Cherepanov, Peter Kosinar, and Peter Strycek
from ESET for letting us know about this security issue.

2. Bugs fixed:

a) WinRAR 7.12 "Import settings from file" command failed to restore
settings, saved by WinRAR versions preceding 7.12;

b) WinRAR 7.12 set a larger than specified recovery size for compression
profiles, created by WinRAR 5.21 and older.

apu: Bail from audio sink callback on app exit

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed

This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$8000][426054987] High CVE-2025-8292: Use after free in Media Stream. Reported by Anonymous on 2025-06-19

patch: fix ubuntu 24 build and flash issues - bump electron-forge to 7.8.1 - bump electron to 37.2.4 - stop producing broken appimage [Edwin Joassart]
patch: fix windows build and flash issues - downgrade flasher's node to 20.11.1 on windows - bump windows GHA runner to 2022 - bump winusb-driver-generator to 2.1.9 [Edwin Joassart]
patch: refactor permission code [Edwin Joassart]

Always generate stubs for <native-messaging> as command-line apps

-------------
+ Update Italian translation
+ MPEG-4 : Support of Spherical Video 2
+ MPEG-4 : Spherical Video improvements
+ MPEG-4: Support of location in mdta
+ MPEG-4: Parse XMP metadata (thanks to cjee21)
+ MPEG-4: Better support of Auro-Cx 3D audio (thanks to cjee21)
+ Matroska : Improvement of Spherical Video
+ Matroska: TimecodeXML output
+ AV1: Display of HDR10+ (thanks to cjee21)
+ CAF: Improved support (thanks to cjee21)
+ APE tags: Map more tags (thanks to cjee21)
+ WavPack: Display MD5 sum of raw audio data (thanks to cjee21)
+ FLAC: Map Arranger and Lyricist (thanks to cjee21)
+ DTS: More DTS:X detection
+ PNG/HEIF: Parse ISO 21496-1 Gain map metadata (thanks to cjee21)
+ XMP: Parse Adobe/UltraHDR Gain map metadata (thanks to cjee21)
+ JPEG/TIFF: Show thumbnails information, Exif style (thanks to cjee21)
+ JPEG/TIFF/HEIF: Parse Exif (location, dates, model name...) metadata (thanks to cjee21)
+ JPEG: Show thumbnails information, MPF style (thanks to cjee21)
+ TIFF/JPEG: Parse IPTC-NAA, XMP, PSIR, PSD metadata and more (thanks to cjee21)
+ JPEG/PNG: Support of C2PA (thanks to cjee21)
+ C2PA: Parsing of thumbnails
+ JPEG: Support of GContainer with or without MPF, for more HDR related info (thanks to cjee21)
+ Model names: Map to marketing names e.g SM-S931B becomes Samsung S25 (thanks to cjee21)
+ XMP: GIMP version + improve multi CreateDate handling and more (thanks to cjee21)
+ ICC: Information from profile description (thanks to cjee21)
+ PNG: Split image size from metadata size
+ PNG: Parse metadata at the end of the file
+ DNG: Detection of DNG rather than generic TIFF (thanks to cjee21)
+ PNG: Encoded date
+ JPG: Writing library name
+ PNG: Support of MNG and JNG
+ Thumbnails: Add a dedicated image track for thumbnails and covers
+ PAC: Option for default frame rate
+ Dates: Normalize dates from different formats
+ HTML output: Display cover image (thanks to cjee21)
x I2360, MPEG4: fix crash on HEIC files
x H263: Fix potential bad compute of frame size
x FFV1: Fix parsing of initial_state_delta tables leading to wrong full frame parsing
x ADM: Don't consider comments as not permitted
x EXR : Fix comment not displayed
x JNA: Fix Java to Native integer conversion
x Supported platforms: this is the last version compatible with Android 4.x

This is a bugfix and security release.

Changes/fixes:
Pale Moon no longer accepts nameless cookies. See implementation notes.
Improved the "copy as curl" command in devtools further, partially rolling back the DiD changes in previous versions since we aren't offering cross-platform commands and it caused potential issues with overzealous escaping.
Fixed a potential use-after-free scenario in the CSS parser.
Fixed uninitialized use of fontconfig scenarios for Linux/GTK.
Adjusted CSP URI reporting to more closely match the current spec and common browser behavior.
Fixed a potential crash in font handling.
Adjusted the size of WASM compiled table size limits to match V8/Gecko.
Increased restrictions on the types of data loads <object> elements are allowed to trigger, to match the fetch spec more closely.
Fixed build issues for PPC architectures.
Security issues addressed: CVE-2025-8031, CVE-2025-8028 (DiD), CVE-2025-8037 (and related), CVE-2025-8029, and several others that do not have a CVE number.
Implementation notes:
From this version forward we no longer accept nameless cookies. If a cookie has no name and starts with an equal sign, it is outright rejected. If a cookie consists only of a string with no equal sign, it is interpreted as a valueless cookie with the name set to the string. This departs from our inherited Mozilla behavior where this was previously treated as a nameless cookie with the string as the value.
RFC 6265 forbids cookies without an equal sign (§5.2 step 2), but browsers accept them anyway for web compatibility reasons (poor web design). Moreover, §5.2 step 5 explicitly forbids nameless cookies.
Valueless names also make more sense in web context: Set-cookie: itself supports secure and httponly as valueless attributes, and HTML supports valueless attributes as well.
Our new behavior therefore makes more logical sense, is closer to the spec and general principles, aligns with webkit/Safari and solves a whole class of potential sec bugs like CVE-2025-8037. Apologies if this causes web compat issues, but it's the sane thing to do when encountering non-compliant cookies.