Search changelog entries
| Component | Change |
|---|---|
| capsman | improved stability when running background scan on CAP; |
| console | updated copyright notice; |
| firewall | fixed IRC NAT helper (CVE-2022-2663); |
| hotspot | improved stability when receiving bogus packets; |
| smb | fixed SMB2 file list reporting; |
| snmp | fixed IPsec-SA byte and packet counter reporting; |
| Component | Change |
|---|---|
| bgp | improved BGP VPN selection; |
| bridge | added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips; |
| bridge | fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall"; |
| certificate | fixed bogus log messages; |
| chr | fixed public SSH key pulling when running on AWS; |
| console | added "/task" submenu (CLI only); |
| console | added option to create new files using "/file add" command (CLI only); |
| console | improved stability when doing "/console inspect" in certain menus; |
| console | improved stability when editing long strings; |
| console | improved system stability; |
| console | removed bogus "reset" command from "/system resource usb" menu; |
| console | rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu; |
| console | replaced "fingerprint" with "skid" in "/certificate print"; |
| console | show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation; |
| container | fixed invoking "container shell" more than once; |
| container | improved "container pull" to support OCI manifest format; |
| defconf | added CAPs mode script for wifiwave2 devices; |
| detnet | fixed interface state detection after reboot; |
| dhcp | changed the default lease time for newly created DHCP servers to 30 minutes; |
| dhcpv4-server | release lease if "check-status" reveals no conflict; |
| disk | improved system stability when removing USB while formatting; |
| ethernet | fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices; |
| filesystem | fixed partition "copy-to" function; |
| firewall | added "connection-nat-state" to IPv6 mangle and filter rules; |
| general | mpls- fixed LDP "preferred-afi" parameter; |
| health | added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices; |
| health | fixed bogus value reporting for CRS510 device; |
| ike2 | fixed minor logging typo; |
| ipsec | added error log message when peer ID does not match certificate; |
| ipsec | fixed packet processing by hardware encryption engine on RB850Gx2 device; |
| ipsec | refactor X.509 implementation; |
| ipv6 | added "valid" and "lifetime" parameters for SLAAC IPv6 addresses; |
| ipv6 | send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated; |
| l3hw | improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips; |
| leds | disable LEDs after "/system shutdown"; |
| lte | capped maximum lifetime of SLAAC address to 1 hour; |
| lte | fixed CA band clearing on RAT mode change; |
| lte | fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used; |
| lte | fixed LTE interface not showing up when resetting RouterOS configuration; |
| lte | fixed passthrough mode when used together with another APN for Chateau 5G; |
| lte | fixed R11-LTE-US in LTE passthrough mode; |
| lte | fixed R11e-LTE-US reporting of RSSI in LTE mode; |
| lte | fixed re-attach in some cases where module would stay in not-running state after network detach; |
| lte | fixed second modem halt on dual R11e-LTE6 setup; |
| lte | improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8); |
| netinstall-cli | improved device reinstall on failed attempt; |
| netwatch | added "startup-delay" setting (CLI only); |
| netwatch | improved ICMP status evaluation when no reply was present; |
| netwatch | limit "start-delay" range; |
| ospf | fixed processing of fragmented LSAs; |
| ovpn | added support for OVPN server configuration export and client configuration import from .ovpn file; |
| ovpn | improved system stability for Tile devices; |
| quickset | fixed displaying of "SINR" when value is 0; |
| rose-storage | added option to nvme-discover with hostname (CLI only); |
| rose-storage | fixed crash on nvme-tcp disable; |
| rose-storage | fixed rsync transfer permissions; |
| rose-storage | various stability fixes; |
| route | fixed "dynamic-id" for VRF tables; |
| route | improved system stability when making routing decision; |
| route | show SLAAC routes under the "/routing route" menu; |
| route-filter | improved stability when matching blackhole routes; |
| routerboot | added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only); |
| sfp | added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| sfp | allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| sfp | allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| sfp | fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8); |
| sfp | fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch; |
| sfp | improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| sfp | improved SFP28 interface stability with some optical modules for CRS518 switch; |
| sfp | improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| snmp | fixed SNMPv3 "Reportable" flag behavior; |
| snmp | improved outputting of routes; |
| socks | added VRF support; |
| ssh | added Ed25519 host key support; |
| ssh | added support for Ed25519 key export and import in PKCS8 format; |
| ssh | do not allow SHA1 usage with strong crypto enabled; |
| ssh | improved service responsiveness when changing SSH service settings; |
| ssh | improved SSH key import process; |
| storage | mount RAM drive for devices with 32MB flash; |
| supout | added DHCP server network section; |
| switch | fixed ACL rules matching IPv6 packets when using only IPv4 matchers; |
| switch | improved system stability during rapid MAC flapping for 98DXxxxx switches; |
| switch | improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches; |
| timezone | updated timezone information from "tzdata2023c" release; |
| vrrp | added "self" value for "group-master" setting; |
| vxlan | added forwarding table; |
| vxlan | fixed packet drops when host moves between remote VTEPs; |
| webfig | added inline comments; |
| webfig | fixed "Destination" value under "MPLS/Forwarding-Table" menu; |
| webfig | fixed issue where "Certificate" value disappears under "IP/Services" menu; |
| webfig | fixed issue where entries might be missing under "IP/DHCP-Server" menu; |
| webfig | various stability fixes; |
| wifiwave2 | added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only); |
| wifiwave2 | added ability to configure antenna gain; |
| wifiwave2 | added ability to configure beacon interval and DTIM period; |
| wifiwave2 | added information on additional interface capabilities to radio parameters; |
| wifiwave2 | automatically add a VLAN-tagged interface to the appropriate bridge VLAN; |
| wifiwave2 | exit sniffer command and return error when trying to sniff on an unsupported channel; |
| wifiwave2 | fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since; |
| wifiwave2 | fixed issue of some supported channels not being listed in the radio parameters; |
| wifiwave2 | fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs; |
| wifiwave2 | fixed key handshake timeout for re-associating client devices on 802.11ac interfaces; |
| wifiwave2 | fixed VLAN tagging for unencrypted (open) APs; |
| wifiwave2 | improved general interface stability; |
| wifiwave2 | improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax; |
| wifiwave2 | improved WPS connection speed; |
| wifiwave2 | increased maximum value for "channel.frequency" to 7300; |
| wifiwave2 | show information on captured packets and added ability to save them locally in a pcap file; |
| winbox | added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu; |
| winbox | added "Preferred AFI" property under "MPLS/LDP-Instance" menu; |
| winbox | added "S" flag under "IPv6/Firewall/Connections" menu; |
| winbox | added "Tx Power" property under "Wifiwave2/Status" menu; |
| winbox | added "Tx Queue Drops" property under interface settings "Traffic" tab; |
| winbox | added "Username" and "Password" properties under "Container/Config" menu; |
| winbox | added "Valid" and "Preferred" properties under "IPv6/Address" menu; |
| winbox | added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu; |
| winbox | changed route flag name from "invalid" to "inactive"; |
| winbox | fixed "TLS" property under "Tools/Email" menu; |
| winbox | fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed; |
| winbox | fixed changing slot name under "System/Disk" menu; |
| winbox | fixed default value for "Allow managed" property under "Zerotier" menu; |
| winbox | fixed duplicate "My ID" column under "IP/IPsec/Identities" menu; |
| winbox | fixed minor typo in "WifiWave2/Radios" menu; |
| winbox | fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8); |
| winbox | improved Ethernet advertise, speed and duplex settings; |
| winbox | only show permitted countries for wifiwave2 interfaces; |
| winbox | show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu; |
| www | allow unsecure HTTP access to REST API; |
| x86 | fixed changing software-id (introduced in v7.7); |
| zerotier | upgraded to version 1.10.3; |
| Component | Change |
|---|---|
| bgp | fixed setting of "default-prepend" parameter; |
| bridge | fixed adding disabled MSTI; |
| bridge | fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall"; |
| bridge | fixed possible DHCP packet corruption when using DHCP snooping; |
| bridge | fixed PVID warning typo; |
| bridge | improved HW offloading logic; |
| certificate | fixed export of a certificate when the last line of the certificate is exactly 64 bytes long; |
| certificate | fixed PBES2 certificate import; |
| certificate | improved certificate management, signing and storing processes; |
| certificate | improved multiple certificate import process; |
| conntrack | improved system stability when changing connection tracking state; |
| conntrack | improved system stability when PPTP helper is used; |
| console | added "as-string" parameter to the ":execute" command; |
| container | added authentication option for registry (CLI only); |
| container | fixed ".type" file ownership; |
| container | fixed file ownership after system upgrade for containers running on internal disk; |
| container | fixed multiple container automatic startup on boot; |
| dhcpv4-client | send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used; |
| disk | limit maximum TMPFS size; |
| dns | added configurable DoH concurrent query limitation parameters; |
| dns | do not cache results from ":resolve" command with specific server; |
| dns | fixed CNAME reading from the cache; |
| dns | limited "DoH max concurrent queries reached" logging messages to once per minute; |
| dns | respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server; |
| firewall | fixed bridge priority target; |
| firewall | fixed DSCP priority target for IPv6 Mangle; |
| firewall | fixed netmap range maximum address calculation for IPv6 NAT; |
| graphing | fixed hiding of target queues when "allow-target" is disabled; |
| graphing | fixed sorting of interface and queue graphs; |
| graphing | properly handle disabled and static-binding interface graphs; |
| graphing | removed "move" command for graphing rules; |
| health | fixed "temperature" and "power-consumption" readings for RB1100AHx4; |
| hotspot | fixed setting of "address" parameter for IP binding; |
| hotspot | restore cookie timeout on reboot; |
| ike2 | added support for "address", "key-id" and "dn" for Remote ID matching (CLI only); |
| ike2 | fixed active SA flush on responder after an unsuccessful peer connection attempt; |
| ipsec | added support for "Framed-Route" RADIUS attribute support; |
| ipsec | do not match incoming IKE requests by unresolved DNS name peers; |
| ipsec | fixed peer matcher for incoming connection with unresolved DNS; |
| ipv6 | added "pref64" option configuration for RA; |
| ipv6 | improved handling of "advertise" IPv6 address status changes; |
| ipv6 | limited "hop-limit" parameter value range to 255; |
| ipv6 | made distributed DNS lifetime RFC8106 compliant; |
| l3hw | added destination MAC address check for offloaded FastTrack connections; |
| led | fixed signal reading for KNOT device; |
| leds | always require to set interface name when setting "modem-signal" indication; |
| lte | added AT support for Telit LE910C4 in MBIM mode; |
| lte | fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems; |
| lte | fixed automatic antenna selection on Chateau LTE12/LTE18; |
| lte | fixed dialing for Fibocom L850-GL module; |
| lte | fixed displaying of "subscriber-number"; |
| lte | fixed possible memory leak when using passthrough mode on Chateau 5G; |
| lte | improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems; |
| lte | improved modem detection speed in lower mini-PCIe slot on LtAP; |
| lte | improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout; |
| lte | LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required); |
| lte | parse USSD even if encoding is unsupported; |
| mpls | fixed handling of more than 9 VRF's; |
| mpls | fixed LDP listen socket creation before IPv6 address is ready for use; |
| mpls | improved stability when neighboring router reboots; |
| ospf | fixed "ospf-type" parameter for OSPFv3 routes; |
| ospf | fixed simple auth for OSPFv3; |
| ovpn | added AES-GCM and multicore encryption support; |
| ovpn | improved server stability; |
| ovpn | improved TLS-related error logging; |
| pimsm | improved system stability; |
| poe | added LLDP power management support for 802.3at PSE; |
| poe | properly turn off power when link not detected on hAP ax2 and hAP ax3; |
| port | fixed modem channel number on KNOT; |
| pppoe | fixed PPPoE client scan showing only one server; |
| resource | show filesystem related statistics on CCR2004; |
| route | fixed IPv6 default route presence when received from RA; |
| route | fixed printing of routing table's "count-only" parameter; |
| route | show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes; |
| routerboot | fixed format storage for RBM33G device ("/system routerboard upgrade" required); |
| routerboot | fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required); |
| sfp | fixed false link detection with S+RJ10 on RB5009; |
| sfp | fixed reading of SFP EEPROM on single SFP port devices; |
| sfp | improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices; |
| sms | improved reporting of SMS sending errors; |
| sms | log USSD response when USSD is sent over MBIM; |
| sniffer | added additional filtering parameters; |
| snmp | do not show identity in LLDP when branding is used with hide SNMP data; |
| snmp | fixed handling of disabled routes; |
| snmp | fixed reporting of total number of routes counter; |
| ssh | hard-coded "localhost" address for forwarding requests; |
| ssh | improved system stability when processing none-crypto SSH connection; |
| sstp | fixed TLS session establishment when "connect-to" is DNS name; |
| switch | fixed SFP rate select for CRS354 devices; |
| switch | improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches; |
| switch | improved system stability for 98DXxxxx switch chips; |
| swos | removed "/system swos" menu for CRS5xx series switches; |
| torch | allow "without-paging" parameter for Torch; |
| traffic-generator | increased maximum allowed stream count; |
| upgrade | show error message when license prohibits upgrade; |
| usb | changed USB auto detect behavior to default to the external USB, when no internal USB devices detected; |
| vxlan | added "dont-fragment" setting that allows managing fragmentation; |
| vxlan | added "max-fdb-size" parameter; |
| vxlan | added FastPath support; |
| webfig | allow setting numeric values in time interval fields; |
| webfig | fixed accessing of WebFig when "Interface" menu is disabled by skin; |
| webfig | fixed editing of multi-field parameters with "not" checkbox; |
| webfig | fixed handling of empty skin files; |
| webfig | improved navigation responsiveness; |
| webfig | improved skin file parsing; |
| webfig | improved terminal operation; |
| webfig | properly escape all reserved URI characters; |
| webfig | updated WebFig and graph web pages to HTML5; |
| wifiwave2 | added wireless sniffer tool to capture wireless transmissions (CLI only); |
| wifiwave2 | adjust monitoring of station interfaces to report when an interface is authorized, not just connected; |
| wifiwave2 | enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax; |
| wifiwave2 | fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21; |
| wifiwave2 | fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4); |
| wifiwave2 | implement 802.11w management protection SA Query procedures; |
| wifiwave2 | improve protections from denial-of-service attacks on WPA3; |
| winbox | added "Connect" button under "WifiWave2/Scan" menu; |
| winbox | added "Disable/Enable" buttons under "WifiWave2" menu; |
| winbox | added "Match Subdomain" parameter under "IP/DNS/Static" menu; |
| winbox | added "Provision" button under "WifiWave2" menu; |
| winbox | added "Start On Boot" checkbox under "Container" menu; |
| winbox | added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu; |
| winbox | added missing properties when setting "Use DoH Server"; |
| winbox | added missing WifiWave2 related parameters under "WifiWave2" menu; |
| winbox | added support for manual RAM file system (TMPFS) creation under "System/Disk" menu; |
| winbox | added Type "https-get" parameter under "Tools/Netwatch" menu; |
| winbox | allow selecting bridge for static entries under "Bridge/MDB" menu; |
| winbox | fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu; |
| winbox | fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu; |
| winbox | fixed displaying of flags under "System/Console" menu; |
| winbox | fixed displaying of multiple character flags; |
| winbox | fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu; |
| winbox | hide "TTL" value for static DNS entries with FWD type; |
| winbox | hide unnecessary properties for virtual interfaces under "WifiWave2" menu; |
| winbox | improved mouseover hint for "local" policy under "System/Users/Groups" menu; |
| winbox | rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu; |
| winbox | show "Gateway" column by default under "IPv6/Routes" menu; |
| x86 | added support for TP-Link TG-3468; |
| x86 | fixed SR-IOV support for Intel X710 series NIC; |
| x86 | improved Intel 500 series 10G SFP module support; |
| x86 | improved stability for Intel X550 series NIC with SR-IOV; |
| zerotier | fixed routes after VRF change; |
| Component | Change |
|---|---|
| bgp | added comment functionality for BGP VPN (CLI only); |
| bgp | do not reflect route back to sender; |
| bgp | fixed BGP advertisement PCAP saver; |
| bgp | fixed connection establishment using link-local addresses; |
| bgp | improved BGP advertisement printing; |
| bgp | improved BGP session load distribution across multiple CPU cores; |
| bgp | properly set "bgp-ext-communities" from "communities" list; |
| bluetooth | added unique advertise message filtering; |
| bonding | properly detect VPLS interface state changes; |
| branding | fixed identity setting from branding package; |
| bridge | added support for static MDB entries; |
| bridge | disallow port-controller while the bridge has MSTP enabled; |
| bridge | fixed "edge=yes" setting for MSTP; |
| bridge | fixed MSTP compatibility with STP; |
| bridge | fixed R/M/STP bridge identifier on protocol-mode change; |
| bridge | fixed RSTP BCP with bridged PPP interfaces; |
| bridge | fixed STP blocking state on port-controller; |
| bridge | fixed host moving with fast-path; |
| bridge | fixed incorrect root port blocking for MSTP; |
| bridge | fixed master port conversion; |
| bridge | fixed mst-override port priority for MSTP; |
| bridge | fixed port priority for STP and RSTP; |
| bridge | improved port-controller system stability; |
| bridge | improved system stability when using MSTP and many VLAN mappings; |
| bridge | removed "age" monitoring property from the host table; |
| certificate | improved Let's Encrypt logging and error recovery; |
| certificate | improved certificate management, signing and storing processes; |
| conntrack | improved system stability when PPTP helper is used; |
| conntrack | improved system stability when processing SCTP connections on TILE; |
| console | updated copyright notice; |
| container | fixed access to "/dev/stderr" from containers; |
| container | fixed handling of groups and usernames from Dockerfile; |
| container | fixed tar extracting; |
| container | made "ram" and "tmp" directories use tmpfs; |
| crs1xx/2xx | fixed "new-customer-pcp" setting for ACL rules; |
| dhcpv6-client | handle receiving of invalid T1 and T2 times; |
| discovery | added "discovered-by" parameter to indicate which protocol discovered the neighbor; |
| discovery | added "mode" parameter for discovery configuration; |
| discovery | fixed neighbor discovery on Mesh interfaces; |
| discovery | report IPv6 LL address if global address does not exist; |
| disk | added support for manual RAM file system (TMPFS) creation (CLI only); |
| disk | improved external storage file system mounting, formatting and naming; |
| dns | do not query upstream DNS servers for matched regex records; |
| dns | fixed changing of "forward-to" parameter for FWD entries; |
| dns | fixed handling of CNAME entry pointing to another FWD entry; |
| dns | fixed handling of FWD entries where "forward-to" is a hostname; |
| dns | fixed incorrect TTL=0 reporting for cached entries; |
| dns | improved resolved static entry addition to address list; |
| dns | improved service stability when CNAME points to a FWD entry; |
| dns | query upstream DNS servers for other record types even if static entry exists; |
| dns | require "write" policy for DNS cache flushing; |
| dns | respond with lowest TTL for inner queries containing A, AAAA, CNAME chains; |
| filesystem | fixed repartition on devices with containers; |
| firewall | added "set-priority" option for IPv6 mangle firewall; |
| firewall | made "dynamic" parameter settable for IPv4 address lists; |
| hotspot | added "install-hotspot-queue" parameter to control dynamic queue creation; |
| hotspot | fixed maximum allowed connections limitation; |
| hotspot | fixed minor memory leak after each successful login from WEB; |
| hotspot | improved limitation of maximum allowed connections; |
| hotspot | improved system stability when clients migrate between bridge ports or VLANs; |
| ike1 | disallow "remote-id" setting for identity; |
| ike1 | fixed XAuth responder trying to recreate phase 1; |
| ike1 | improved expired IPsec-SA processing; |
| ike2 | added support for ChaChaPoly1305 encryption; |
| ike2 | added support for DH Group 31 (EC25519) (CLI only); |
| ike2 | fixed rekey notify creation; |
| ike2 | improved certificate payload parsing; |
| interface | do not allow adding invalid "veth" interfaces; |
| interface | improved system stability when handling large packets on CCR2216; |
| interface | show RTL8153 CDC Modem Device as ethernet; |
| ipsec | added "current-address" parameter for peers with DNS address; |
| ipsec | added hardware acceleration support for IPQ-6010; |
| ipsec | added support for AVX optimized SHA acceleration; |
| ipsec | improved "H" (hw-aead) flag presence for accelerated SA's; |
| ipsec | improved IKE payload processing; |
| ipsec | improved configuration of IPsec proposal auth-algorithms; |
| ipsec | removed Blowfish and Camellia encryption algorithms for IKE; |
| ipv6 | do not generate LL addresses for VPN interfaces when IPv6 is disabled; |
| ipv6 | do not use invalid/disabled global addresses for IPv6 ND; |
| l2tp | added VRF support for L2TP Ether interfaces; |
| l3hw | fixed host offloading in a case of MAC address change; |
| l3hw | fixed offloaded NAT for CRS309 switch; |
| l3hw | improved system stability when disabling or enabling L3HW offloading; |
| leds | fixed default LED configuration on netFiber 9; |
| leds | fixed turning off LEDs after system shutdown; |
| lte | added AT channel support for Telit FN990; |
| lte | added CA information in 5G mode; |
| lte | fixed error handling on opening AT control channel; |
| lte | fixed new MTU value validation; |
| lte | improved stability when LTE passthrough is enabled on Chateau 5G; |
| lte | properly show leading zeros in MCC and MNC strings; |
| lte | show band number in "ca-band" in NSA mode on Chateau 5G; |
| lte | use RSRP value reported by MBIM signal for MBIM type modems; |
| macsec | fixed packet duplication on Ethernet interface; |
| macsec | fixed packet transmission using traffic-generator; |
| macsec | fixed packet validation; |
| modem | added USB tethering support for Google Pixel 7 devices; |
| mpls | added VPLS LDP information in remote/local-mappings; |
| mpls | fixed assigning of explicit null label for IPv6; |
| netinstall | added "-i " parameter for Netinstall (CLI Linux); |
| netinstall | fixed Netinstall procedure on RouterBOOT versions from 3.27 to 6.41; |
| netinstall | improved automatic netbooting interface selection; |
| netwatch | added support for "https-get" type (CLI only); |
| netwatch | fixed reporting of VRF name in logging messages; |
| netwatch | improved "interval" and "packet-interval" coexistence for ICMP type; |
| ntp | log error message when server is unreachable; |
| ospf | fixed MD5 checksum calculation; |
| ospf | fixed simple authentication and checksums for NBMA and PTMP links; |
| ospf | fixed simple authentication checksum calculation; |
| ospf | fixed virtual-link address selection for PTP links; |
| ovpn | added "CBC" postfix to AES cipher names; |
| ovpn | added "route-nopull" option for client side; |
| ovpn | added hardware acceleration support for IPQ-6010; |
| ovpn | added support for IPv6 tunneling; |
| ovpn | fixed "Called-Station-Id" usage in RADIUS requests; |
| package | fixed missing menus when both "lora" and "wifiwave2" packages are installed; |
| ping | fixed ARP ping; |
| port | added serial port support for Telit FN990 modem; |
| port | do not show unusable USB port on hAP ax^2; |
| port | fixed R11e-LTE6 port mapping; |
| ppp | changed default lease time of dynamic DHCPv6 server to 1 day; |
| ppp | do not inherit routing mark for encapsulated packets; |
| ppp | fixed displaying of "info" command for PPP client; |
| ppp | improved authentication method negotiation; |
| pppoe | improved service stability when establishing PPPoE sessions; |
| quickset | fixed addition of bridge filter rules in bridged mode; |
| quickset | fixed interface list member table on configuration changes; |
| quickset | update DNS server IP address when changing router's IP address; |
| rb4011 | fixed reporting of current CPU frequency and changed default frequency to "auto"; |
| sfp | added 2.5G SFP module support for RB5009; |
| sfp | allow usage of "10G Base-LR" mode for XS+31LC10D module; |
| snmp | added support for "lldpRemLocalPortNum" OID's; |
| snmp | improved stability when receiving bogus packets; |
| ssh | added support for Ed25519 key exchange; |
| ssh | do not allow SHA1 usage with strong crypto enabled; |
| ssh | fixed handling of non standard size RSA keys; |
| supout | added MSTI and mst-override monitor for bridge MSTP; |
| supout | added missing IPv6 firewall sections; |
| switch | avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches; |
| switch | fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches; |
| switch | fixed egress mirror for 98DX4310 and 98DX8525 switches; |
| switch | hide invalid settings for 98DX3255 and 98DX8525 switch chips; |
| switch | improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches; |
| switch | improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches; |
| switch | improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches; |
| switch | improved 10Gbps Ethernet interface stability for 98DX8212 switch; |
| switch | improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6); |
| switch | increased the maximum value of "rate" for ACL rules; |
| swos | fixed "allow-from-ports" setting; |
| swos | fixed SwOS configuration changes from RouterOS; |
| swos | improved default SwOS backup file name; |
| system | allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE; |
| system | improved handling of user policies; |
| timezone | updated timezone information from "tzdata2022g" release; |
| tr069-client | updated data model to version 2.15; |
| traffic-flow | fixed sending of sampling interval; |
| tunnels | added VRF support for EoIP, IPIP and GRE tunnels; |
| vpls | expose VPLS related debug logs to "vpls" logging topic; |
| vrrp | always use slave interface MTU; |
| vrrp | improved interface stability on configuration changes; |
| vxlan | added "local-address" parameter support; |
| vxlan | added VRF support; |
| w60g | improved system stability for Cube Pro devices; |
| webfig | ensure login page is displayed after each log out; |
| webfig | fixed accessing of WebFig when "Interface" menu is disabled by skin; |
| webfig | fixed displaying of VRF routes; |
| webfig | fixed input validation for "VPLS ID" parameter; |
| webfig | fixed setting of "DHCP Option Set" parameter; |
| webfig | improved WEB caching capabilities; |
| webfig | properly detect current location for navigation buttons; |
| webfig | properly show limited number of available options; |
| wifiwave2 | added "datapath" settings to configure data forwarding for an interface (CLI only); |
| wifiwave2 | added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT; |
| wifiwave2 | added "provisioning" menu to automatically assign interface configurations to radios (CLI only); |
| wifiwave2 | added disable/enable commands to configuration profile sub-menus (CLI only); |
| wifiwave2 | added information of per-station throughput in the registration table; |
| wifiwave2 | added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only); |
| wifiwave2 | added interworking/Hotspot 2.0 support (CLI only); |
| wifiwave2 | added more informative log messages on configuration profile changes; |
| wifiwave2 | added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only); |
| wifiwave2 | do not permit a client device to be connected to more than one interface at a time; |
| wifiwave2 | fixed "radio-mac" provisioning matcher; |
| wifiwave2 | fixed 4-way handshake with TKIP; |
| wifiwave2 | improved compliance with regulatory domain information; |
| wifiwave2 | improved general system stability; |
| wifiwave2 | improved system stability when multiple virtual AP are configured; |
| wifiwave2 | properly report interface on which traffic is received when multiple station interfaces are used concurrently; |
| wifiwave2 | released packages for MMIPS, PPC, TILE and x86; |
| wifiwave2 | removed maximum limit for group key update interval and changed the default to 1 day; |
| winbox | added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces; |
| winbox | added "Make Static" button to "IP/DHCP Server/Leases" menu; |
| winbox | added "bus" parameter for "USB Power Reset" command on Chateau ax; |
| winbox | added missing "force" parameter for new "IP/DHCP Server/Options" entries; |
| winbox | added missing "vlan-id" column under "IP/Hotspot/Hosts" table; |
| winbox | do not show LACP related status parameters for other bonding types; |
| winbox | fixed default MTU value for CAP interfaces; |
| winbox | fixed minor typo in "Zerotier" menu; |
| winbox | improved handling of large WinBox protocol messages; |
| winbox | increased maximum number of Winbox read-only sessions 5->25; |
| winbox | properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file; |
| winbox | removed bogus VRF tab from "Interface" menu; |
| winbox | show "Switch" menu on Chateau 5G ax; |
| winbox | show "Switch" menu on NetFiber 9; |
| winbox | show "System/Health/Settings" only on boards that have configurable values; |
| winbox | show "System/RouterBOARD/Mode Button" on devices that have such feature; |
| winbox | show "USB Power Reset" menu on Chateau 5G ax; |
| winbox | show dynamic comment in WifiWave2 registration table; |
| wireless | fixed "nstreme" related parameter control in skins; |
| wireless | fixed setting of realms interworking parameter if realms-raw is unset; |
| x86 | added support for SUN 10G NICs; |
| x86 | improved igc driver support; |
| Component | Change |
|---|---|
| bgp | added support for BGP advertisement displaying (CLI only); |
| bgp | fixed reporting of session uptime; |
| bgp | improved session establishment speed after bootup; |
| bonding | fixed ARP monitor packets with bond's MAC address; |
| bonding | improved interface stability on slave configuration changes; |
| bonding | reduce "actual-mtu" according to interface "l2mtu"; |
| branding | execute "autorun.scr" file when installing branding package; |
| capsman | fixed RADIUS accounting when EAP is used; |
| certificate | fixed SHA1 certificate name lookup; |
| certificate | improved certificate management, signing and storing processes; |
| certificate | restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes; |
| container | added "start-on-boot" parameter for automatic container startup; |
| container | allow changing container related parameters while it is running; |
| container | fixed usage of non-authenticated registries; |
| dhcpv4-server | fixed matcher functionality; |
| dhcpv4-server | fixed RADIUS accounting for local leases; |
| dhcpv4-server | improved service stability when removing dynamic leases; |
| dhcpv6-client | fixed false error status reporting when server offers T1 or T2 value as 0; |
| dns | added "match-subdomain" option for static entries (CLI only); |
| dot1x | fixed incorrect error when using "mac-auth"; |
| ethernet | added "5Gbps" option for speed setting; |
| firewall | added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu; |
| firewall | disable IRC NAT helper on upgrade; |
| firewall | fixed IPv6 filtering with "in/out-interface" matcher that is in VRF; |
| firewall | fixed IRC NAT helper (CVE-2022-2663); |
| firewall | fixed usage of "netmap" action for IPv6 source NAT; |
| health | fixed fan speed and temperature reporting on CCR1072; |
| health | improved voltage reading on RBmAP-2nD; |
| hotspot | fixed service initialization when HTML directory configured on an external disk; |
| hotspot | fixed SSL usage on all HotSpot pages; |
| hotspot | improved stability when receiving bogus packets; |
| hotspot | limit maximum allowed connections based on free RAM resources; |
| hotspot | removed "routerboard.com" URL from default HotSpot advertise; |
| interface | added warning when interface has configured "mtu" higher than "l2mtu"; |
| ipsec | added "invalid-packets" counter for Installed SA's menu; |
| ipsec | fixed packet processing by hardware encryption engine on MMIPS devices; |
| l3hw | added "l3hw-settings" sub menu under the switch menu; |
| l3hw | added support for IPv6 route offloading (disabled by default); |
| l3hw | fixed "H" flag presence for accelerated connection tracking entries; |
| l3hw | fixed possible packet loss when using HW offloaded NAT; |
| l3hw | improved connected host offloading on startup; |
| l3hw | improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips; |
| l3hw | improved system stability; |
| l3hw | made route offloading selection work only on unicast; |
| lte | added interface name in MTU debug logging message; |
| lte | added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems; |
| lte | added support for Neoway N75-EA; |
| lte | added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems; |
| lte | disabled RPLMN on Chateau 5G; |
| lte | fixed at-chat on Telit FN980m; |
| lte | fixed handover from UMTS to LTE when PS activation had failed for MBIM modems; |
| lte | fixed MBIM modem initialization; |
| lte | fixed re-attaching on PS detach for MBIM modems; |
| lte | removed reconnect delay after receiving DETACH notification for MBIM modems; |
| mac-telnet | respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox; |
| macsec | added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging; |
| macsec | added logging support with "debug" and "dot1x" topics; |
| macsec | added support for MTU and L2MTU; |
| macsec | fixed interface after Ethernet link down; |
| macsec | fixed interface statistics and missing properties; |
| macsec | fixed interface status; |
| macsec | fixed multiple interface creation on different Ethernet ports |
| macsec | improved interface stability; |
| macsec | improved system stability for TILE and RB5009 devices; |
| macsec | removed interface from SMIPS devices; |
| netwatch | fixed string variable values in script; |
| ntp | improved initial synchronization speed after bootup; |
| ospf | added SHA hashing for authentication; |
| ospf | fixed area "no-summary" setting; |
| ospf | fixed checksum calculation; |
| ospf | fixed displaying of VRF interface in related logs; |
| ospf | fixed transmit of LSA/ACK's on p2p interfaces; |
| ospf | improved logging when invalid configuration is detected; |
| ospf | refresh OSPFv3 interface configuration when IPv6 network becomes available; |
| ovpn | added IPv6 support; |
| ovpn | added VRF support for client; |
| ppp | fixed memory leak; |
| ppp | improved service stability when multiple users disconnect simultaneously; |
| pppoe | fixed MRU negotiation even when it is set to 1500; |
| qsfp | added interface temperature warnings and shutdown; |
| queue | improved stability for CAKE type queues; |
| radius | require "policy" policy for "login" service configuration; |
| rip | fixed passwordless MD5 authentication; |
| route | fixed disappearance of inactive static routes after upgrade; |
| route | fixed memory leak; |
| route-filter | fixed filtering for multiple community routes; |
| route-filter | fixed memory allocation when moving entries; |
| routerboard | return router's short name in "model" parameter; |
| routerboard | set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required); |
| serial | added support for newer PL2303 serial controllers; |
| sfp | improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches; |
| sms | added "status-report-request" parameter for "send" command; |
| sms | fixed handling of SMS send attempts on unsupported modems; |
| snmp | improved retrieval of routing related OID's; |
| snmp | improved stability when receiving bogus packets; |
| ssh | increased key generation timeout; |
| sstp | added VRF support for client; |
| supout | added tr069-client section; |
| supout | removed duplicate "bridge-controller" section; |
| switch | improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches; |
| system | renamed error messages when trying to edit or remove dynamic entries; |
| tile | improved system stability when processing packets; |
| tr069-client | do not allow ":" symbols in username; |
| tr069-client | fixed reporting of "X_MIKROTIK_MimoRSRP" parameter; |
| user | removed unused "dude" policy; |
| user-manager | accept any username for outer authentication; |
| user-manager | added "comment" parameter for batch user creation; |
| user-manager | added support for multiple accounting sessions; |
| user-manager | added variables to print profile name and end time in voucher templates; |
| user-manager | allow specifying router's address as subnet; |
| user-manager | fixed "migrate-legacy-db" command; |
| user-manager | fixed session expiry when it is stopped by Disconnect-Request; |
| user-manager | forced username verification against client's certificate for EAP-TLS; |
| user-manager | use "Class" attribute to associate user's accounting session; |
| vrrp | fixed connection tracking synchronization on MMIPS and MIPSBE devices; |
| vxlan | added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version); |
| w60g | improved system stability (introduced in v7.5); |
| webfig | fixed creation of new IPv6 routes; |
| webfig | fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu; |
| webfig | fixed hex input for "Host Uniq" field; |
| webfig | fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu; |
| wifiwave2 | fixed enabling of unconfigured interfaces; |
| wifiwave2 | fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces; |
| wifiwave2 | fixed RADIUS accounting after fast-transition; |
| wifiwave2 | fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used; |
| winbox | added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces; |
| winbox | added "address-list" parameter under "IP/DNS/Static" menu; |
| winbox | added "File Name" option for "Load Config" parameter under "System/SwOS" menu; |
| winbox | added icon for TR069-client menu; |
| winbox | added MACsec support; |
| winbox | added quick filtering option for route list; |
| winbox | added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu; |
| winbox | added "Reset Traffic Counters" button for all interfaces; |
| winbox | added "type" and "status-report-request" parameters under "Tools/SMS" menu; |
| winbox | allow "timeout" value to be less than 1 under "Tools/Netwatch" menu; |
| winbox | allow to rename mounted disks; |
| winbox | changed order of tabs under "User Manager" menu; |
| winbox | changed "uptime" parameter format when using the wifiwave2 package; |
| winbox | do not show unavailable features on SMIPS devices; |
| winbox | fixed interface traffic graph drawing on RB5009; |
| winbox | fixed maximum allowed value for VRRP's "priority" parameter; |
| winbox | fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu; |
| winbox | fixed "Session Uptime" value under "Routing/BGP" menu; |
| winbox | fixed "System/SwOS" window refreshing after changes are detected; |
| winbox | fixed "User Manager/User Profiles" window refreshing after changes are detected; |
| winbox | made "backup.swb" the default value for SwOS backup; |
| winbox | made sessions removable in "User Manager" menu; |
| winbox | show "F" flag for failed entries under "Interfaces/VRRP" menu; |
| winbox | show "Switch" menu on Chateau LTE18 ax; |
| winbox | show "System/Health" only on boards that have health monitoring; |
| winbox | show "System/RouterBOARD/Mode Button" on devices that have such feature; |
| wireguard | strip whitespaces from keys; |
| wireless | disallowed using "default" as scan list or channel names; |
| wireless | fixed incorrectly applied ingress priority to non-wireless packets; |
| wireless | fixed missing wireless interface on some RB921GS-5HPacD devices; |
| www | improved stability when receiving bogus packets; |
| x86 | improved ixgbe driver support; |