|
bridge
|
correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used; |
|
bridge
|
correctly handle bridge host table; |
|
bridge
|
fixed log message when hardware offloading is being enabled; |
|
bridge
|
improved stability when receiving traffic over USB modem with bridge firewall enabled; |
|
capsman
|
fixed CAP system upgrading process for MMIPS; |
|
capsman
|
fixed interface-list usage in access list; |
|
ccr
|
improved packet processing after overloading interface; |
|
certificate
|
added "key-type" field; |
|
certificate
|
added support for ECDSA certificates (prime256v1, secp384r1, secp521r1); |
|
certificate
|
fixed self signed CA certificate handling by SCEP client; |
|
certificate
|
made RAM the default CRL storage location; |
|
certificate
|
removed DSA (D) flag; |
|
certificate
|
removed "set-ca-passphrase" parameter; |
|
chr
|
legacy adapters require "disable-running-check=yes" to be set; |
|
cloud
|
added "replace" parameter for backup "upload-file" command; |
|
conntrack
|
fixed GRE protocol packet connection-state matching (CVE-2014-8160); |
|
conntrack
|
significant stability and performance improvements; |
|
crs317
|
fixed known multicast flooding to the CPU; |
|
crs3xx
|
added ethernet tx-drop counter; |
|
crs3xx
|
correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate; |
|
crs3xx
|
fixed auto negotiation when 2-pair twisted cable is used (downshift feature); |
|
crs3xx
|
fixed "tx-drop" counter; |
|
crs3xx
|
improved switch-chip resource allocation on CRS326, CRS328, CRS305; |
|
defconf
|
added "custom-script" field that prints custom configuration installed by Netinstall; |
|
defconf
|
automatically set "installation" parameter for outdoor devices; |
|
defconf
|
changed default configuration type to AP for cAP series devices; |
|
defconf
|
fixed channel width selection for RU locked devices; |
|
dhcp
|
create dual stack queue based on limitations specified on DHCPv4 server lease configuration; |
|
dhcp
|
do not require lease and binding to have the same configuration for dual-stack queues; |
|
dhcp
|
show warning in log if lease and binding dual-stack related parameters do not match and create separate queues; |
|
dhcpv4-server
|
added "client-mac-limit" parameter; |
|
dhcpv4-server
|
added IP conflict logging; |
|
dhcpv4-server
|
added RADIUS accounting support with queue based statistics; |
|
dhcpv4-server
|
added "vendor-class-id" matcher (CLI only); |
|
dhcpv4-server
|
improved stability when performing "check-status" command; |
|
dhcpv4-server
|
replaced "busy" lease status with "conflict" and "declined"; |
|
dhcpv6-client
|
added option to disable rapid-commit; |
|
dhcpv6-client
|
fixed status update when leaving "bound" state; |
|
dhcpv6-server
|
added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time"; |
|
dhcpv6-server
|
added "address-list" support for bindings; |
|
dhcpv6-server
|
added "insert-queue-before" and "parent-queue" parameters; |
|
dhcpv6-server
|
added RADIUS accounting support with queue based statistics; |
|
dhcpv6-server
|
added "route-distance" parameter; |
|
dhcpv6-server
|
fixed dynamic IPv6 binding without proper reference to the server; |
|
dhcpv6-server
|
override prefix pool and/or DNS server settings by values received from RADIUS; |
|
discovery
|
correctly create neighbors from VLAN tagged discovery messages; |
|
discovery
|
fixed CDP packets not including address on slave ports (introduced in v6.44); |
|
discovery
|
improved neighbour's MAC address detection; |
|
discovery
|
limit max neighbour count per interface based on total RAM memory; |
|
discovery
|
show neighbors on actual mesh ports; |
|
e-mail
|
include "message-id" identification field in e-mail header; |
|
e-mail
|
properly release e-mail sending session if the server's domain name can not be resolved; |
|
ethernet
|
added support for 25Gbps and 40Gbps rates; |
|
ethernet
|
fixed running (R) flag not present on x86 interfaces and CHR legacy adapters; |
|
ethernet
|
increased loop warning threshold to 5 packets per second; |
|
fetch
|
added SFTP support; |
|
fetch
|
improved user policy lookup; |
|
firewall
|
fixed fragmented packet processing when only RAW firewall is configured; |
|
firewall
|
process packets by firewall when accepted by RAW with disabled connection tracking; |
|
gps
|
fixed missing minus close to zero coordinates in dd format; |
|
gps
|
make sure "direction" parameter is upper case; |
|
gps
|
strip unnecessary trailing characters from "longtitude" and "latitude" values; |
|
gps
|
use "serial0" as default port on LtAP mini; |
|
hotspot
|
added "interface-mac" variable to HTML pages; |
|
hotspot
|
moved "title" HTML tag after "meta" tags; |
|
ike1
|
adjusted debug packet logging topics; |
|
ike2
|
added support for ECDSA certificate authentication (rfc4754); |
|
ike2
|
added support for IKE SA rekeying for initiator; |
|
ike2
|
do not send "User-Name" attribute to RADIUS server if not provided; |
|
ike2
|
improved certificate verification when multiple CA certificates received from responder; |
|
ike2
|
improved child SA rekeying process; |
|
ike2
|
improved XAuth identity conversion on upgrade; |
|
ike2
|
prefer SAN instead of DN from certificate for ID payload; |
|
ippool
|
improved logging for IPv6 Pool when prefix is already in use; |
|
ipsec
|
added dynamic comment field for "active-peers" menu inherited from identity; |
|
ipsec
|
added "ph2-total" counter to "active-peers" menu; |
|
ipsec
|
added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods; |
|
ipsec
|
added traffic statistics to "active-peers" menu; |
|
ipsec
|
disallow setting "src-address" and "dst-address" for transport mode policies; |
|
ipsec
|
do not allow adding identity to a dynamic peer; |
|
ipsec
|
fixed policies becoming invalid after changing priority; |
|
ipsec
|
general improvements in policy handling; |
|
ipsec
|
properly drop already established tunnel when address change detected; |
|
ipsec
|
renamed "remote-peers" to "active-peers"; |
|
ipsec
|
renamed "rsa-signature" authentication method to "digital-signature"; |
|
ipsec
|
replaced policy SA address parameters with peer setting; |
|
ipsec
|
use tunnel name for dynamic IPsec peer name; |
|
ipv6
|
improved system stability when receiving bogus packets; |
|
ltap
|
renamed SIM slots "up" and "down" to "2" and "3"; |
|
lte
|
added initial support for Vodafone R216-Z; |
|
lte
|
added passthrough interface subnet selection; |
|
lte
|
added support for manual operator selection; |
|
lte
|
allow setting empty APN; |
|
lte
|
allow to specify URL for firmware upgrade "firmware-file" parameter; |
|
lte
|
do not show error message for info commands that are not supported; |
|
lte
|
fixed session reactivation on R11e-LTE in UMTS mode; |
|
lte
|
improved firmware upgrade process; |
|
lte
|
improved "info" command query; |
|
lte
|
improved R11e-4G modem operation; |
|
lte
|
renamed firmware upgrade "path" command to "firmware-file" (CLI only); |
|
lte
|
show alphanumeric value for operator info; |
|
lte
|
show correct firmware revision after firmware upgrade; |
|
lte
|
use default APN name "internet" when not provided; |
|
lte
|
use secondary DNS for DNS server configuration; |
|
m33g
|
added support for additional Serial Console port on GPIO headers; |
|
ospf
|
added support for link scope opaque LSAs (Type 9) for OSPFv2; |
|
ospf
|
fixed opaque LSA type checking in OSPFv2; |
|
ospf
|
improved "unknown" LSA handling in OSPFv3; |
|
ovpn
|
added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066); |
|
ppp
|
added initial support for Quectel BG96; |
|
proxy
|
increased minimal free RAM that can not be used for proxy services; |
|
rb3011
|
improved system stability when receiving bogus packets; |
|
rb4011
|
fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required); |
|
rb921
|
improved system stability ("/system routerboard upgrade" required); |
|
routerboard
|
renamed 'sim' menu to 'modem'; |
|
sfp
|
fixed S-35LC20D transceiver DDMI readouts after reboot; |
|
sms
|
added USSD message functionality under "/tool sms" (CLI only); |
|
sms
|
allow specifying multiple "allowed-number" values; |
|
sms
|
improved delivery report logging; |
|
snmp
|
added "dot1dStpPortTable" OID; |
|
snmp
|
added OID for neighbor "interface"; |
|
snmp
|
added "write-access" column to community print; |
|
snmp
|
allow setting interface "adminStatus"; |
|
snmp
|
fixed "send-trap" not working when "trap-generators" does not contain "temp-exception"; |
|
snmp
|
fixed "send-trap" with multiple "trap-targets"; |
|
snmp
|
improved reliability on SNMP service packet validation; |
|
snmp
|
properly return multicast and broadcast packet counters for IF-MIB OIDs; |
|
ssh
|
accept remote forwarding requests with empty hostnames; |
|
ssh
|
added new "ssh-exec" command for non-interactive command execution; |
|
ssh
|
fixed non-interactive multiple command execution; |
|
ssh
|
improved remote forwarding handling (introduced in v6.44.3); |
|
ssh
|
improved session rekeying process on exchanged data size threshold; |
|
ssh
|
keep host keys when resetting configuration with "keep-users=yes"; |
|
ssh
|
use correct user when "output-to-file" parameter is used; |
|
sstp
|
improved stability when received traffic hits tarpit firewall; |
|
supout
|
added IPv6 ND section to supout file; |
|
supout
|
added "kid-control devices" section to supout file; |
|
supout
|
added "pwr-line" section to supout file; |
|
supout
|
changed IPv6 pool section to output detailed print; |
|
switch
|
properly reapply settings after switch chip reset; |
|
tftp
|
added "max-block-size" parameter under TFTP "settings" menu (CLI only); |
|
tile
|
improved link fault detection on SFP+ ports; |
|
tr069-client
|
added LTE CQI and IMSI parameter support; |
|
tr069-client
|
fixed potential memory corruption; |
|
tr069-client
|
improved error reporting with incorrect firware upgrade XML file; |
|
traceroute
|
improved stability when sending large ping amounts; |
|
traffic-generator
|
improved stability when stopping traffic generator; |
|
tunnel
|
removed "local-address" requirement when "ipsec-secret" is used; |
|
userman
|
added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only); |
|
w60g
|
do not show unused "dmg" parameter; |
|
w60g
|
prefer AP with strongest signal when multiple APs with same SSID present; |
|
w60g
|
show running frequency under "monitor" command; |
|
winbox
|
added "System/SwOS" menu for all dual-boot devices; |
|
winbox
|
do not allow setting "dns-lookup-interval" to "0"; |
|
winbox
|
show "LCD" menu only on boards that have LCD screen; |
|
wireless
|
fixed frequency duplication in the frequency selection menu; |
|
wireless
|
fixed incorrect IP header for RADIUS accounting packet; |
|
wireless
|
improved 160MHz channel width stability on rb4011; |
|
wireless
|
improved DFS radar detection when using non-ETSI regulated country; |
|
wireless
|
improved installation mode selection for wireless outdoor equipment; |
|
wireless
|
set default SSID and supplicant-identity the same as router's identity; |
|
wireless
|
updated "china" regulatory domain information; |
|
wireless
|
updated "new zealand" regulatory domain information; |
|
www
|
improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473); |