diff --git a/.gitignore b/.gitignore
index 98d7d8cc..db67535c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -70,6 +70,7 @@ test/crypt-des
 test/crypt-gost-yescrypt
 test/crypt-kat
 test/crypt-md5
+test/crypt-multithread
 test/crypt-nthash
 test/crypt-pbkdf1-sha1
 test/crypt-scrypt
diff --git a/NEWS b/NEWS
index 23de6891..c0a1c16b 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,15 @@ Please send bug reports, questions and suggestions to
 <https://github.com/besser82/libxcrypt/issues>.
 
 Version 4.4.38
+* crypt and crypt_gensalt now use per-thread storage areas for their
+  output, allocated upon the first call in each thread that uses them.
+  This makes it safe to call these functions from multiple threads
+  simultaneously (but consecutive calls will still clobber the
+  previous output).
+  This feature is a safety net against sloppy coding.  Programs are
+  still strongly encouraged to use the reentrant functions instead,
+  because this safety net is not guaranteed by any standard
+  (although we are informed that Solaris also does this).
 
 Version 4.4.37
 * Several fixes to the manpages (issue #185).
diff --git a/TODO.md b/TODO.md
index e6b8f257..269cf782 100644
--- a/TODO.md
+++ b/TODO.md
@@ -67,15 +67,6 @@ It was last updated 20 October 2018.
     * If we do, should it know how to trigger the trusted-path
       password prompt in modern GUI environments? (probably)
 
-  * Make the crypt and crypt_gensalt static state thread-specific?
-    * Solaris 11 may have done this (its `crypt(3)` manpage describes
-      it as MT-Safe and I don’t see any other way they could have
-      accomplished that).
-    * if allocated on first use, this would also shave 32kB of
-      data segment off the shared library
-    * alternatively, add a global lock and *crash the program* if we
-      detect concurrent calls
-
   * Allow access to more of yescrypt’s tunable parameters and ROM
     feature, in a way that’s generic enough that we could also use it
     for e.g. Argon2’s tunable parameters