|
backup
|
added support for new backup file encryption (AES128-CTR) with signatures (SHA256); |
|
backup
|
generate proper file name when devices identity is longer than 32 symbols; |
|
bridge
|
add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled; |
|
bridge
|
added an option to manually specify ports that have a multicast router (CLI only); |
|
bridge
|
added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled; |
|
bridge
|
added ingress filtering options to bridge interface; |
|
bridge
|
added initial Q-in-Q support; |
|
bridge
|
added more options to fine-tune IGMP Snooping enabled bridges (CLI only); |
|
bridge
|
added per-port based "tag-stacking" feature; |
|
bridge
|
added support for BPDU Guard; |
|
bridge
|
added support for DHCP Option 82; |
|
bridge
|
added support for DHCP Snooping; |
|
bridge
|
added support for IGMP Snooping fast-leave feature (CLI only); |
|
bridge
|
fixed dynamic VLAN table entries when using ingress filtering; |
|
bridge
|
fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing; |
|
bridge
|
forward LACPDUs when "protocol-mode=none"; |
|
bridge
|
ignore tagged BPDUs when bridge VLAN filtering is used; |
|
bridge
|
improved packet handling; |
|
bridge
|
improved packet processing when bridge port changes states; |
|
bridge
|
improved performance when bridge VLAN filtering is used without hardware offloading; |
|
bridge
|
renamed option "vlan-protocol" to "ether-type"; |
|
capsman
|
added ability to use chain 3 for "HT TX chains" and "HT RX chains" selections (CLI only); |
|
capsman
|
allow to change "radio-name" (CLI only); |
|
capsman
|
increase timeout for the CAP to CAPsMAN communication; |
|
certificate
|
added "expires-after" parameter; |
|
certificate
|
do not allow to perform "undo" on certificate changes; |
|
certificate
|
fixed RA "server-url" setting; |
|
check-installation
|
improved system integrity checking; |
|
chr
|
added checksum offload support for Hyper-V installations; |
|
chr
|
added large send offload support for Hyper-V installations; |
|
chr
|
added multiqueue support on Xen installations; |
|
chr
|
added support for multiqueue feature on "virtio-net"; |
|
chr
|
added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions); |
|
chr
|
by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no"; |
|
chr
|
do not show IRQ entries from removed devices; |
|
chr
|
fixed interface name assign process when running CHR on Hyper-V; |
|
chr
|
fixed interface name order when "virtio-net is not being used on KVM installations; |
|
chr
|
fixed MTU changing process when running CHR on Hyper-V; |
|
chr
|
fixed NIC hotplug for "virtio-net"; |
|
chr
|
improved balooning process; |
|
chr
|
improved boot time for Hyper-V installations; |
|
chr
|
provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V; |
|
chr
|
reduced RAM memory required per interface; |
|
cloud
|
added simultaneous IPv4/IPv6 support; |
|
cloud
|
close local UDP port if no activity; |
|
console
|
added "dont-require-permissions" parameter for scripts; |
|
console
|
added error log message when netwatch tries to execute script with insufficient permissions; |
|
console
|
added error log message when scheduler tries to execute script with insufficient permissions; |
|
console
|
do not show spare parameters on ping command; |
|
console
|
made "once" parameter mandatory when using "as-value" on "monitor" commands; |
|
console
|
removed automatic swapping of "from=" and "to=" in "for" loops; |
|
crs317
|
fixed Ethernet inteface stuck on 100 Mbps speed; |
|
crs326/crs328
|
fixed packet forwarding when port changes states with IGMP Snooping enabled; |
|
crs328
|
fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces; |
|
crs3xx
|
added hardware support for DHCP Snooping and Option 82; |
|
crs3xx
|
added Q-in-Q hardware offloading support; |
|
crs3xx
|
do not report SFP interface as running when interface on opposite side is disabled; |
|
crs3xx
|
fixed ACL rate rules (introduced in v6.41rc27); |
|
crs3xx
|
fixed flow control; |
|
crs3xx
|
fixed SwOS config import; |
|
defconf
|
fixed default configuration for RBSXTsq5nD; |
|
defconf
|
fixed missing bridge ports after configuration reset; |
|
dhcp
|
added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address; |
|
dhcp
|
reduced resource usage of DHCP services; |
|
dhcpv4-client
|
fixed DHCP client that was stuck on invalid state; |
|
dhcpv4-client
|
fixed double ACK packet handling; |
|
dhcpv4-server
|
added "allow-dual-stack-queue" implementation (CLI only); |
|
dhcpv4-server
|
do not allow override lease "always-broadcast" value based on offer type; |
|
dhcpv4-server
|
improved performance when "rate-limit" and/or "address-list" setting is present; |
|
dhcpv6-client
|
added missing "Server identifier" parameter in release message; |
|
dhcpv6-client
|
fixed "add-default-route" parameter; |
|
dhcpv6-client
|
fixed option handling; |
|
dhcpv6-client
|
improved dynamic IPv6 pool addition process; |
|
dhcpv6-server
|
added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time"; |
|
dhcpv6-server
|
added "allow-dual-stack-queue" implementation (CLI only); |
|
dhcpv6-server
|
added initial dynamic simple queue support; |
|
dhcpv6-server
|
do not allow to run DHCPv6 server on slave interface; |
|
dhcpv6-server
|
fixed dynamic simple queue creation for RADIUS bindings; |
|
dns
|
fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42); |
|
dude
|
fixed client auto upgrade (broken since 6.43rc17); |
|
ethernet
|
do not show "combo-state" field if interface is not SFP or copper; |
|
ethernet
|
properly handle Ethernet interface default configuration; |
|
export
|
do not show w60g password on "hide-sensitive" type of export; |
|
fetch
|
added "as-value" output format; |
|
fetch
|
fixed address and DNS verification in certificates; |
|
filesystem
|
fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43); |
|
filesystem
|
improved software crash handling on devices with FLASH type memory; |
|
health
|
added missing parameters from export; |
|
health
|
fixed voltage measurements for RB493G devices; |
|
health
|
improved speed of health measurement readings; |
|
hotspot
|
allow to properly configure Hotspot directory on external disk for devices that have flash type storage; |
|
hotspot
|
fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id"; |
|
ike1
|
added unsafe configuration warning for main mode with pre-shared-key authentication; |
|
ike1
|
purge both SAs when timer expires; |
|
ike1
|
zero out reserved bytes in NAT-OA payload; |
|
ike2
|
fixed initiator first policy selection; |
|
ike2
|
fixed rekeyed child deletion during another exchange; |
|
ike2
|
improved basic exchange logging readability; |
|
ike2
|
use "/32" netmask by default on initiator if not provided by responder; |
|
interface
|
improved interface "last-link-down-time" and "last-link-up-time" values; |
|
interface
|
improved reliability on dynamic interface handling; |
|
ippool
|
improved used address error message; |
|
ipsec
|
added "responder" parameter for "mode-config" to allow multiple initiator configurations; |
|
ipsec
|
added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule; |
|
ipsec
|
added warning messages for incorrect peer configuration; |
|
ipsec
|
do not allow removal of "proposal" and "mode-config" entries that are in use; |
|
ipsec
|
fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM; |
|
ipsec
|
fixed AES-CTR and AES-GCM key size proposing as initiator; |
|
ipsec
|
fixed "static-dns" value storing; |
|
ipsec
|
improved invalid policy handling when a valid policy is uninstalled; |
|
ipsec
|
improved reliability on generated policy addition when IKEv1 or IKEv2 used; |
|
ipsec
|
improved stability when using IPsec with disabled route cache; |
|
ipsec
|
install all DNS server addresses provided by "mode-config" server; |
|
ipsec
|
separate phase1 proposal configuration from peer menu; |
|
ipsec
|
use monotonic timer for SA lifetime check; |
|
kidcontrol
|
allow to edit discovered devices; |
|
l2tp
|
allow setting "max-mtu" and "max-mru" bigger than 1500; |
|
led
|
improved w60g alignment trigger; |
|
leds
|
fixed LED behaviour when bonding is configured on SFP+ interfaces; |
|
log
|
fixed false log warnings about system status after power on for CRS328-4C-20S-4S+; |
|
log
|
show interface name on OSPF "different MTU" info log messages; |
|
lte
|
added additional D-Link PIDs; |
|
lte
|
added additional ID support for SIM7600 modem; |
|
lte
|
added additional low endpoint SIM7600 PIDs; |
|
lte
|
added eNB ID to info command; |
|
lte
|
added extended LTE signal info for SIM7600 modules; |
|
lte
|
added extended signal information for Quectel LTE EC25 and EP06 modem; |
|
lte
|
added ICCID reading for info command R11e-LTE and R11e-LTE-US; |
|
lte
|
added "registration-status" parameter under "/interface lte info" command; |
|
lte
|
added roaming status reading for info command; |
|
lte
|
added "sector-id" to info command; |
|
lte
|
added support for alternative SIM7600 PID; |
|
lte
|
added support for Novatel USB730LN modem with new ID; |
|
lte
|
added support for Quanta 1k6e modem; |
|
lte
|
allow to execute concurrent internal AT commands; |
|
lte
|
allow to use multiple PLS modems at the same time; |
|
lte
|
do not allow to remove default APN profile; |
|
lte
|
do not allow to send "at-chat" commands for configless modems; |
|
lte
|
expose GPS channel for PLS modems; |
|
lte
|
fixed LTE registration in 2G/3G mode; |
|
lte
|
fixed SIM7600 registration info; |
|
lte
|
fixed SIM7600 series module support with newer device IDs; |
|
lte
|
ignore empty MAC addresses during Passthrough discovery phase; |
|
lte
|
improved modem event processing; |
|
lte
|
improved r11e-LTE and r11e-LTE-US dialling process; |
|
lte
|
improved r11e-LTE configuration exchange process; |
|
lte
|
improved reading of SMS message after entering running state; |
|
lte
|
improved readings of info command results for the SXT LTE; |
|
lte
|
improved stability of USB LTE interface detection process; |
|
lte
|
properly detect interface state when running for IPv6 only connection for R11e-LTE modem; |
|
lte
|
renamed LTE scan tool field "scan-code" to "mcc-mnc"; |
|
lte
|
show UICC in correct format for SXT LTE devices; |
|
lte
|
use "/32" address for the Passthrough feature when R11e-LTE module is used; |
|
lte
|
use alphanumeric operator format in info command; |
|
mac-telnet
|
improved reliability when connecting from RouterOS versions prior 6.43; |
|
multicast
|
allow to add more than one RP per IP address for PIM; |
|
ntp
|
allow to specify link-local address for NTP server; |
|
ospf
|
improved link-local LSA flooding; |
|
ospf
|
improved stability when originating LSAs with OSPFv3; |
|
package
|
renamed "current-version" to "installed-version" under "/system package install"; |
|
ppp
|
added support for additional ID for E3531 modem; |
|
ppp
|
added support for Alfa Network U4G modem; |
|
ppp
|
added support for Telit LM940 modem; |
|
ppp
|
improved modem mode switching; |
|
ppp
|
show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected; |
|
quickset
|
recognize 160 MHz channel as HomeAP mode; |
|
rb1100ahx4
|
added DES and 3DES hardware acceleration support; |
|
romon
|
fixed RoMON services becoming unavailable after disabled once during active scanning process; |
|
romon
|
properly classify RoMON sessions in log and active users list; |
|
routerboard
|
allow to fill up to half of the RAM memory with files on devices with FLASH storage; |
|
routerboard
|
fixed "protected-routerboot" feature (introduced in v6.42); |
|
routerboard
|
fixed wrongly reported RAM size on ARM devices; |
|
routerboot
|
removed RAM test from TILE devices (routerboot upgrade required); |
|
sfp
|
fixed default advertised link speeds; |
|
smb
|
fixed valid request handling when additional options are used; |
|
sms
|
converted "keep-max-sms" feature to "auto-erase"; |
|
sms
|
do not require "port" and "interface" parameters when sending SMS if already present in configuration; |
|
sms
|
improved reliability on SMS reader; |
|
snmp
|
added CAPsMAN "remote-cap" table; |
|
snmp
|
added EAP identity to CAPsMAN registration table; |
|
snmp
|
added "phy-rate" reading for "station-bridge" mode; |
|
snmp
|
added "temp-exception" trap; |
|
snmp
|
fixed interface speed reporting for predefined rates; |
|
snmp
|
fixed "remote-cap" peer MAC address format; |
|
ssh
|
disconnect all active connections when device gets rebooted or turned off; |
|
ssh
|
strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1); |
|
supout
|
added "files" section to supout file; |
|
supout
|
added info log message when supout file is created; |
|
supout
|
added monitored bridge VLAN table to supout file; |
|
supout
|
added "w60g" section to supout file; |
|
switch
|
added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip; |
|
switch
|
added support for port isolation by switch chip; |
|
switch
|
fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips; |
|
swos
|
implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only); |
|
tile
|
added DES and 3DES hardware acceleration support; |
|
tile
|
fixed false HW offloading flag for MPLS; |
|
tr069-client
|
allow editing of "provisioning-code" attribute; |
|
tr069-client
|
fixed setting of "DeviceInfo.ProvisioningCode" parameter; |
|
tr069-client
|
use SNI extension for HTTPS; |
|
upgrade
|
fixed RouterOS upgrade process from RouterOS v5 on PowerPC; |
|
ups
|
improved UPS serial parsing stability; |
|
usb
|
fixed modem initialisation on LtAP mini; |
|
usb
|
fixed power-reset for hAP ac^2 devices; |
|
user
|
all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades); |
|
userman
|
fixed "shared-secret" parameter requiring "sensitive" policy; |
|
vrrp
|
improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled; |
|
w60g
|
added "beamforming-event" stats counter; |
|
w60g
|
fixed random disconnects; |
|
w60g
|
general stability and performance improvements; |
|
watchdog
|
added "ping-timeout" setting; |
|
webfig
|
do not automatically re-log in after logging out; |
|
webfig
|
fixed occasional authentication failure when logging in; |
|
webfig
|
fixed www service becoming unresponsive; |
|
webfig
|
properly display time interval within Kid Control menu; |
|
webfig
|
properly handle double clicking when logging in or out; |
|
webfig
|
properly show NTP clients "last-adjustment" value; |
|
winbox
|
added bridge Fast Forward statistics counters; |
|
winbox
|
added "poe-fault" LED trigger; |
|
winbox
|
added "tag-stacking" option to "Bridge/Ports"; |
|
winbox
|
allow to specify LTE interface when sending SMS; |
|
winbox
|
fixed arrow key handling within table filter fields; |
|
winbox
|
fixed "bad-blocks" value presence under "System/Resources"; |
|
winbox
|
fixed bridge port MAC learning parameter values; |
|
winbox
|
fixed "IP/IPsec/Peers" section sorting; |
|
winbox
|
fixed "write-sect-since-reboot" value presence under "System/Resources"; |
|
winbox
|
properly close session when uploading multiple files to the device at the same time; |
|
winbox
|
removed duplicate "20/40/80MHz" value from "channel-width" setting options; |
|
winbox
|
renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab; |
|
winbox
|
show HT MCS tab when "5ghz-n/ac" band is used; |
|
winbox
|
show "Switch" menu on hAP ac^2 devices; |
|
winbox
|
show "System/RouterBOARD/Mode Button" on devices that has such feature; |
|
wireless
|
accept only valid path for sniffer output file parameter; |
|
wireless
|
added "czech republic 5.8" regulatory domain information; |
|
wireless
|
added "etsi2" regulatory domain information; |
|
wireless
|
added option for RADIUS "called-station-id" format selection; |
|
wireless
|
added option to disable PMKID for WPA2; |
|
wireless
|
do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00"; |
|
wireless
|
fixed "/interface wireless sniffer packet print follow" output; |
|
wireless
|
fixed wireless interface lockup after period of inactivity; |
|
wireless
|
improved Nv2 reliability on ARM devices; |
|
wireless
|
improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices; |
|
wireless
|
require "sniff" policy for wireless sniffer; |
|
wireless
|
updated "czech republic" regulatory domain information; |
|
wireless
|
updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information; |
|
x86
|
improved Ethernet driver for Davicom DM9x0x; |