Changelog 6.43 – MikroTik Changelog Tracker

Component	Change
backup	added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
backup	generate proper file name when devices identity is longer than 32 symbols;
bridge	add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
bridge	added an option to manually specify ports that have a multicast router (CLI only);
bridge	added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
bridge	added ingress filtering options to bridge interface;
bridge	added initial Q-in-Q support;
bridge	added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
bridge	added per-port based "tag-stacking" feature;
bridge	added support for BPDU Guard;
bridge	added support for DHCP Option 82;
bridge	added support for DHCP Snooping;
bridge	added support for IGMP Snooping fast-leave feature (CLI only);
bridge	fixed dynamic VLAN table entries when using ingress filtering;
bridge	fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
bridge	forward LACPDUs when "protocol-mode=none";
bridge	ignore tagged BPDUs when bridge VLAN filtering is used;
bridge	improved packet handling;
bridge	improved packet processing when bridge port changes states;
bridge	improved performance when bridge VLAN filtering is used without hardware offloading;
bridge	renamed option "vlan-protocol" to "ether-type";
capsman	added ability to use chain 3 for "HT TX chains" and "HT RX chains" selections (CLI only);
capsman	allow to change "radio-name" (CLI only);
capsman	increase timeout for the CAP to CAPsMAN communication;
certificate	added "expires-after" parameter;
certificate	do not allow to perform "undo" on certificate changes;
certificate	fixed RA "server-url" setting;
check-installation	improved system integrity checking;
chr	added checksum offload support for Hyper-V installations;
chr	added large send offload support for Hyper-V installations;
chr	added multiqueue support on Xen installations;
chr	added support for multiqueue feature on "virtio-net";
chr	added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
chr	by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
chr	do not show IRQ entries from removed devices;
chr	fixed interface name assign process when running CHR on Hyper-V;
chr	fixed interface name order when "virtio-net is not being used on KVM installations;
chr	fixed MTU changing process when running CHR on Hyper-V;
chr	fixed NIC hotplug for "virtio-net";
chr	improved balooning process;
chr	improved boot time for Hyper-V installations;
chr	provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
chr	reduced RAM memory required per interface;
cloud	added simultaneous IPv4/IPv6 support;
cloud	close local UDP port if no activity;
console	added "dont-require-permissions" parameter for scripts;
console	added error log message when netwatch tries to execute script with insufficient permissions;
console	added error log message when scheduler tries to execute script with insufficient permissions;
console	do not show spare parameters on ping command;
console	made "once" parameter mandatory when using "as-value" on "monitor" commands;
console	removed automatic swapping of "from=" and "to=" in "for" loops;
crs317	fixed Ethernet inteface stuck on 100 Mbps speed;
crs326/crs328	fixed packet forwarding when port changes states with IGMP Snooping enabled;
crs328	fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
crs3xx	added hardware support for DHCP Snooping and Option 82;
crs3xx	added Q-in-Q hardware offloading support;
crs3xx	do not report SFP interface as running when interface on opposite side is disabled;
crs3xx	fixed ACL rate rules (introduced in v6.41rc27);
crs3xx	fixed flow control;
crs3xx	fixed SwOS config import;
defconf	fixed default configuration for RBSXTsq5nD;
defconf	fixed missing bridge ports after configuration reset;
dhcp	added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
dhcp	reduced resource usage of DHCP services;
dhcpv4-client	fixed DHCP client that was stuck on invalid state;
dhcpv4-client	fixed double ACK packet handling;
dhcpv4-server	added "allow-dual-stack-queue" implementation (CLI only);
dhcpv4-server	do not allow override lease "always-broadcast" value based on offer type;
dhcpv4-server	improved performance when "rate-limit" and/or "address-list" setting is present;
dhcpv6-client	added missing "Server identifier" parameter in release message;
dhcpv6-client	fixed "add-default-route" parameter;
dhcpv6-client	fixed option handling;
dhcpv6-client	improved dynamic IPv6 pool addition process;
dhcpv6-server	added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
dhcpv6-server	added "allow-dual-stack-queue" implementation (CLI only);
dhcpv6-server	added initial dynamic simple queue support;
dhcpv6-server	do not allow to run DHCPv6 server on slave interface;
dhcpv6-server	fixed dynamic simple queue creation for RADIUS bindings;
dns	fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
dude	fixed client auto upgrade (broken since 6.43rc17);
ethernet	do not show "combo-state" field if interface is not SFP or copper;
ethernet	properly handle Ethernet interface default configuration;
export	do not show w60g password on "hide-sensitive" type of export;
fetch	added "as-value" output format;
fetch	fixed address and DNS verification in certificates;
filesystem	fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
filesystem	improved software crash handling on devices with FLASH type memory;
health	added missing parameters from export;
health	fixed voltage measurements for RB493G devices;
health	improved speed of health measurement readings;
hotspot	allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
hotspot	fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
ike1	added unsafe configuration warning for main mode with pre-shared-key authentication;
ike1	purge both SAs when timer expires;
ike1	zero out reserved bytes in NAT-OA payload;
ike2	fixed initiator first policy selection;
ike2	fixed rekeyed child deletion during another exchange;
ike2	improved basic exchange logging readability;
ike2	use "/32" netmask by default on initiator if not provided by responder;
interface	improved interface "last-link-down-time" and "last-link-up-time" values;
interface	improved reliability on dynamic interface handling;
ippool	improved used address error message;
ipsec	added "responder" parameter for "mode-config" to allow multiple initiator configurations;
ipsec	added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule;
ipsec	added warning messages for incorrect peer configuration;
ipsec	do not allow removal of "proposal" and "mode-config" entries that are in use;
ipsec	fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
ipsec	fixed AES-CTR and AES-GCM key size proposing as initiator;
ipsec	fixed "static-dns" value storing;
ipsec	improved invalid policy handling when a valid policy is uninstalled;
ipsec	improved reliability on generated policy addition when IKEv1 or IKEv2 used;
ipsec	improved stability when using IPsec with disabled route cache;
ipsec	install all DNS server addresses provided by "mode-config" server;
ipsec	separate phase1 proposal configuration from peer menu;
ipsec	use monotonic timer for SA lifetime check;
kidcontrol	allow to edit discovered devices;
l2tp	allow setting "max-mtu" and "max-mru" bigger than 1500;
led	improved w60g alignment trigger;
leds	fixed LED behaviour when bonding is configured on SFP+ interfaces;
log	fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
log	show interface name on OSPF "different MTU" info log messages;
lte	added additional D-Link PIDs;
lte	added additional ID support for SIM7600 modem;
lte	added additional low endpoint SIM7600 PIDs;
lte	added eNB ID to info command;
lte	added extended LTE signal info for SIM7600 modules;
lte	added extended signal information for Quectel LTE EC25 and EP06 modem;
lte	added ICCID reading for info command R11e-LTE and R11e-LTE-US;
lte	added "registration-status" parameter under "/interface lte info" command;
lte	added roaming status reading for info command;
lte	added "sector-id" to info command;
lte	added support for alternative SIM7600 PID;
lte	added support for Novatel USB730LN modem with new ID;
lte	added support for Quanta 1k6e modem;
lte	allow to execute concurrent internal AT commands;
lte	allow to use multiple PLS modems at the same time;
lte	do not allow to remove default APN profile;
lte	do not allow to send "at-chat" commands for configless modems;
lte	expose GPS channel for PLS modems;
lte	fixed LTE registration in 2G/3G mode;
lte	fixed SIM7600 registration info;
lte	fixed SIM7600 series module support with newer device IDs;
lte	ignore empty MAC addresses during Passthrough discovery phase;
lte	improved modem event processing;
lte	improved r11e-LTE and r11e-LTE-US dialling process;
lte	improved r11e-LTE configuration exchange process;
lte	improved reading of SMS message after entering running state;
lte	improved readings of info command results for the SXT LTE;
lte	improved stability of USB LTE interface detection process;
lte	properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
lte	renamed LTE scan tool field "scan-code" to "mcc-mnc";
lte	show UICC in correct format for SXT LTE devices;
lte	use "/32" address for the Passthrough feature when R11e-LTE module is used;
lte	use alphanumeric operator format in info command;
mac-telnet	improved reliability when connecting from RouterOS versions prior 6.43;
multicast	allow to add more than one RP per IP address for PIM;
ntp	allow to specify link-local address for NTP server;
ospf	improved link-local LSA flooding;
ospf	improved stability when originating LSAs with OSPFv3;
package	renamed "current-version" to "installed-version" under "/system package install";
ppp	added support for additional ID for E3531 modem;
ppp	added support for Alfa Network U4G modem;
ppp	added support for Telit LM940 modem;
ppp	improved modem mode switching;
ppp	show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
quickset	recognize 160 MHz channel as HomeAP mode;
rb1100ahx4	added DES and 3DES hardware acceleration support;
romon	fixed RoMON services becoming unavailable after disabled once during active scanning process;
romon	properly classify RoMON sessions in log and active users list;
routerboard	allow to fill up to half of the RAM memory with files on devices with FLASH storage;
routerboard	fixed "protected-routerboot" feature (introduced in v6.42);
routerboard	fixed wrongly reported RAM size on ARM devices;
routerboot	removed RAM test from TILE devices (routerboot upgrade required);
sfp	fixed default advertised link speeds;
smb	fixed valid request handling when additional options are used;
sms	converted "keep-max-sms" feature to "auto-erase";
sms	do not require "port" and "interface" parameters when sending SMS if already present in configuration;
sms	improved reliability on SMS reader;
snmp	added CAPsMAN "remote-cap" table;
snmp	added EAP identity to CAPsMAN registration table;
snmp	added "phy-rate" reading for "station-bridge" mode;
snmp	added "temp-exception" trap;
snmp	fixed interface speed reporting for predefined rates;
snmp	fixed "remote-cap" peer MAC address format;
ssh	disconnect all active connections when device gets rebooted or turned off;
ssh	strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
supout	added "files" section to supout file;
supout	added info log message when supout file is created;
supout	added monitored bridge VLAN table to supout file;
supout	added "w60g" section to supout file;
switch	fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
switch	added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
switch	added support for port isolation by switch chip;
swos	implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
tile	added DES and 3DES hardware acceleration support;
tile	fixed false HW offloading flag for MPLS;
tr069-client	allow editing of "provisioning-code" attribute;
tr069-client	fixed setting of "DeviceInfo.ProvisioningCode" parameter;
tr069-client	use SNI extension for HTTPS;
upgrade	fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
ups	improved UPS serial parsing stability;
usb	fixed modem initialisation on LtAP mini;
usb	fixed power-reset for hAP ac^2 devices;
user	all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
userman	fixed "shared-secret" parameter requiring "sensitive" policy;
vrrp	improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
w60g	added "beamforming-event" stats counter;
w60g	fixed random disconnects;
w60g	general stability and performance improvements;
watchdog	added "ping-timeout" setting;
webfig	do not automatically re-log in after logging out;
webfig	fixed occasional authentication failure when logging in;
webfig	fixed www service becoming unresponsive;
webfig	properly display time interval within Kid Control menu;
webfig	properly handle double clicking when logging in or out;
webfig	properly show NTP clients "last-adjustment" value;
winbox	added bridge Fast Forward statistics counters;
winbox	added "poe-fault" LED trigger;
winbox	added "tag-stacking" option to "Bridge/Ports";
winbox	allow to specify LTE interface when sending SMS;
winbox	fixed arrow key handling within table filter fields;
winbox	fixed "bad-blocks" value presence under "System/Resources";
winbox	fixed bridge port MAC learning parameter values;
winbox	fixed "IP/IPsec/Peers" section sorting;
winbox	fixed "write-sect-since-reboot" value presence under "System/Resources";
winbox	properly close session when uploading multiple files to the device at the same time;
winbox	removed duplicate "20/40/80MHz" value from "channel-width" setting options;
winbox	renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
winbox	show HT MCS tab when "5ghz-n/ac" band is used;
winbox	show "Switch" menu on hAP ac^2 devices;
winbox	show "System/RouterBOARD/Mode Button" on devices that has such feature;
wireless	accept only valid path for sniffer output file parameter;
wireless	added "czech republic 5.8" regulatory domain information;
wireless	added "etsi2" regulatory domain information;
wireless	added option for RADIUS "called-station-id" format selection;
wireless	added option to disable PMKID for WPA2;
wireless	do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
wireless	fixed "/interface wireless sniffer packet print follow" output;
wireless	fixed wireless interface lockup after period of inactivity;
wireless	improved Nv2 reliability on ARM devices;
wireless	improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
wireless	require "sniff" policy for wireless sniffer;
wireless	updated "czech republic" regulatory domain information;
wireless	updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
x86	improved Ethernet driver for Davicom DM9x0x;

backup

added support for new backup file encryption (AES128-CTR) with signatures (SHA256);

backup

generate proper file name when devices identity is longer than 32 symbols;

bridge

add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;

bridge

added an option to manually specify ports that have a multicast router (CLI only);

bridge

added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;

bridge

added ingress filtering options to bridge interface;

bridge

added initial Q-in-Q support;

bridge

added more options to fine-tune IGMP Snooping enabled bridges (CLI only);

bridge

added per-port based "tag-stacking" feature;

bridge

added support for BPDU Guard;

bridge

added support for DHCP Option 82;

bridge

added support for DHCP Snooping;

bridge

added support for IGMP Snooping fast-leave feature (CLI only);

bridge

fixed dynamic VLAN table entries when using ingress filtering;

bridge

fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;

bridge

forward LACPDUs when "protocol-mode=none";

bridge

ignore tagged BPDUs when bridge VLAN filtering is used;

bridge

improved packet handling;

bridge

improved packet processing when bridge port changes states;

bridge

improved performance when bridge VLAN filtering is used without hardware offloading;

bridge

renamed option "vlan-protocol" to "ether-type";

capsman

added ability to use chain 3 for "HT TX chains" and "HT RX chains" selections (CLI only);

capsman

allow to change "radio-name" (CLI only);

capsman

increase timeout for the CAP to CAPsMAN communication;

certificate

added "expires-after" parameter;

certificate

do not allow to perform "undo" on certificate changes;

certificate

fixed RA "server-url" setting;

check-installation

improved system integrity checking;

chr

added checksum offload support for Hyper-V installations;

chr

added large send offload support for Hyper-V installations;

chr

added multiqueue support on Xen installations;

chr

added support for multiqueue feature on "virtio-net";

chr

added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);

chr

by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";

chr

do not show IRQ entries from removed devices;

chr

fixed interface name assign process when running CHR on Hyper-V;

chr

fixed interface name order when "virtio-net is not being used on KVM installations;

chr

fixed MTU changing process when running CHR on Hyper-V;

chr

fixed NIC hotplug for "virtio-net";

chr

improved balooning process;

chr

improved boot time for Hyper-V installations;

chr

provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;

chr

reduced RAM memory required per interface;

cloud

added simultaneous IPv4/IPv6 support;

cloud

close local UDP port if no activity;

console

added "dont-require-permissions" parameter for scripts;

console

added error log message when netwatch tries to execute script with insufficient permissions;

console

added error log message when scheduler tries to execute script with insufficient permissions;

console

do not show spare parameters on ping command;

console

made "once" parameter mandatory when using "as-value" on "monitor" commands;

console

removed automatic swapping of "from=" and "to=" in "for" loops;

crs317

fixed Ethernet inteface stuck on 100 Mbps speed;

crs326/crs328

fixed packet forwarding when port changes states with IGMP Snooping enabled;

crs328

fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;

crs3xx

added hardware support for DHCP Snooping and Option 82;

crs3xx

added Q-in-Q hardware offloading support;

crs3xx

do not report SFP interface as running when interface on opposite side is disabled;

crs3xx

fixed ACL rate rules (introduced in v6.41rc27);

crs3xx

fixed flow control;

crs3xx

fixed SwOS config import;

defconf

fixed default configuration for RBSXTsq5nD;

defconf

fixed missing bridge ports after configuration reset;

dhcp

added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;

dhcp

reduced resource usage of DHCP services;

dhcpv4-client

fixed DHCP client that was stuck on invalid state;

dhcpv4-client

fixed double ACK packet handling;

dhcpv4-server

added "allow-dual-stack-queue" implementation (CLI only);

dhcpv4-server

do not allow override lease "always-broadcast" value based on offer type;

dhcpv4-server

improved performance when "rate-limit" and/or "address-list" setting is present;

dhcpv6-client

added missing "Server identifier" parameter in release message;

dhcpv6-client

fixed "add-default-route" parameter;

dhcpv6-client

fixed option handling;

dhcpv6-client

improved dynamic IPv6 pool addition process;

dhcpv6-server

added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";

dhcpv6-server

added "allow-dual-stack-queue" implementation (CLI only);

dhcpv6-server

added initial dynamic simple queue support;

dhcpv6-server

do not allow to run DHCPv6 server on slave interface;

dhcpv6-server

fixed dynamic simple queue creation for RADIUS bindings;

dns

fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);

dude

fixed client auto upgrade (broken since 6.43rc17);

ethernet

do not show "combo-state" field if interface is not SFP or copper;

ethernet

properly handle Ethernet interface default configuration;

export

do not show w60g password on "hide-sensitive" type of export;

fetch

added "as-value" output format;

fetch

fixed address and DNS verification in certificates;

filesystem

fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);

filesystem

improved software crash handling on devices with FLASH type memory;

health

added missing parameters from export;

health

fixed voltage measurements for RB493G devices;

health

improved speed of health measurement readings;

hotspot

allow to properly configure Hotspot directory on external disk for devices that have flash type storage;

hotspot

fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";

ike1

added unsafe configuration warning for main mode with pre-shared-key authentication;

ike1

purge both SAs when timer expires;

ike1

zero out reserved bytes in NAT-OA payload;

ike2

fixed initiator first policy selection;

ike2

fixed rekeyed child deletion during another exchange;

ike2

improved basic exchange logging readability;

ike2

use "/32" netmask by default on initiator if not provided by responder;

interface

improved interface "last-link-down-time" and "last-link-up-time" values;

interface

improved reliability on dynamic interface handling;

ippool

improved used address error message;

ipsec

added "responder" parameter for "mode-config" to allow multiple initiator configurations;

ipsec

added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule;

ipsec

added warning messages for incorrect peer configuration;

ipsec

do not allow removal of "proposal" and "mode-config" entries that are in use;

ipsec

fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;

ipsec

fixed AES-CTR and AES-GCM key size proposing as initiator;

ipsec

fixed "static-dns" value storing;

ipsec

improved invalid policy handling when a valid policy is uninstalled;

ipsec

improved reliability on generated policy addition when IKEv1 or IKEv2 used;

ipsec

improved stability when using IPsec with disabled route cache;

ipsec

install all DNS server addresses provided by "mode-config" server;

ipsec

separate phase1 proposal configuration from peer menu;

ipsec

use monotonic timer for SA lifetime check;

kidcontrol

allow to edit discovered devices;

l2tp

allow setting "max-mtu" and "max-mru" bigger than 1500;

led

improved w60g alignment trigger;

leds

fixed LED behaviour when bonding is configured on SFP+ interfaces;

log

fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;

log

show interface name on OSPF "different MTU" info log messages;

lte

added additional D-Link PIDs;

lte

added additional ID support for SIM7600 modem;

lte

added additional low endpoint SIM7600 PIDs;

lte

added eNB ID to info command;

lte

added extended LTE signal info for SIM7600 modules;

lte

added extended signal information for Quectel LTE EC25 and EP06 modem;

lte

added ICCID reading for info command R11e-LTE and R11e-LTE-US;

lte

added "registration-status" parameter under "/interface lte info" command;

lte

added roaming status reading for info command;

lte

added "sector-id" to info command;

lte

added support for alternative SIM7600 PID;

lte

added support for Novatel USB730LN modem with new ID;

lte

added support for Quanta 1k6e modem;

lte

allow to execute concurrent internal AT commands;

lte

allow to use multiple PLS modems at the same time;

lte

do not allow to remove default APN profile;

lte

do not allow to send "at-chat" commands for configless modems;

lte

expose GPS channel for PLS modems;

lte

fixed LTE registration in 2G/3G mode;

lte

fixed SIM7600 registration info;

lte

fixed SIM7600 series module support with newer device IDs;

lte

ignore empty MAC addresses during Passthrough discovery phase;

lte

improved modem event processing;

lte

improved r11e-LTE and r11e-LTE-US dialling process;

lte

improved r11e-LTE configuration exchange process;

lte

improved reading of SMS message after entering running state;

lte

improved readings of info command results for the SXT LTE;

lte

improved stability of USB LTE interface detection process;

lte

properly detect interface state when running for IPv6 only connection for R11e-LTE modem;

lte

renamed LTE scan tool field "scan-code" to "mcc-mnc";

lte

show UICC in correct format for SXT LTE devices;

lte

use "/32" address for the Passthrough feature when R11e-LTE module is used;

lte

use alphanumeric operator format in info command;

mac-telnet

improved reliability when connecting from RouterOS versions prior 6.43;

multicast

allow to add more than one RP per IP address for PIM;

ntp

allow to specify link-local address for NTP server;

ospf

improved link-local LSA flooding;

ospf

improved stability when originating LSAs with OSPFv3;

package

renamed "current-version" to "installed-version" under "/system package install";

ppp

added support for additional ID for E3531 modem;

ppp

added support for Alfa Network U4G modem;

ppp

added support for Telit LM940 modem;

ppp

improved modem mode switching;

ppp

show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;

quickset

recognize 160 MHz channel as HomeAP mode;

rb1100ahx4

added DES and 3DES hardware acceleration support;

romon

fixed RoMON services becoming unavailable after disabled once during active scanning process;

romon

properly classify RoMON sessions in log and active users list;

routerboard

allow to fill up to half of the RAM memory with files on devices with FLASH storage;

routerboard

fixed "protected-routerboot" feature (introduced in v6.42);

routerboard

fixed wrongly reported RAM size on ARM devices;

routerboot

removed RAM test from TILE devices (routerboot upgrade required);

sfp

fixed default advertised link speeds;

smb

fixed valid request handling when additional options are used;

sms

converted "keep-max-sms" feature to "auto-erase";

sms

do not require "port" and "interface" parameters when sending SMS if already present in configuration;

sms

improved reliability on SMS reader;

snmp

added CAPsMAN "remote-cap" table;

snmp

added EAP identity to CAPsMAN registration table;

snmp

added "phy-rate" reading for "station-bridge" mode;

snmp

added "temp-exception" trap;

snmp

fixed interface speed reporting for predefined rates;

snmp

fixed "remote-cap" peer MAC address format;

ssh

disconnect all active connections when device gets rebooted or turned off;

ssh

strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);

supout

added "files" section to supout file;

supout

added info log message when supout file is created;

supout

added monitored bridge VLAN table to supout file;

supout

added "w60g" section to supout file;

switch

fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;

switch

added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;

switch

added support for port isolation by switch chip;

swos

implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);

tile

added DES and 3DES hardware acceleration support;

tile

fixed false HW offloading flag for MPLS;

tr069-client

allow editing of "provisioning-code" attribute;

tr069-client

fixed setting of "DeviceInfo.ProvisioningCode" parameter;

tr069-client

use SNI extension for HTTPS;

upgrade

fixed RouterOS upgrade process from RouterOS v5 on PowerPC;

ups

improved UPS serial parsing stability;

usb

fixed modem initialisation on LtAP mini;

usb

fixed power-reset for hAP ac^2 devices;

user

all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);

userman

fixed "shared-secret" parameter requiring "sensitive" policy;

vrrp

improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;

w60g

added "beamforming-event" stats counter;

w60g

fixed random disconnects;

w60g

general stability and performance improvements;

watchdog

added "ping-timeout" setting;

webfig

do not automatically re-log in after logging out;

webfig

fixed occasional authentication failure when logging in;

webfig

fixed www service becoming unresponsive;

webfig

properly display time interval within Kid Control menu;

webfig

properly handle double clicking when logging in or out;

webfig

properly show NTP clients "last-adjustment" value;

winbox

added bridge Fast Forward statistics counters;

winbox

added "poe-fault" LED trigger;

winbox

added "tag-stacking" option to "Bridge/Ports";

winbox

allow to specify LTE interface when sending SMS;

winbox

fixed arrow key handling within table filter fields;

winbox

fixed "bad-blocks" value presence under "System/Resources";

winbox

fixed bridge port MAC learning parameter values;

winbox

fixed "IP/IPsec/Peers" section sorting;

winbox

fixed "write-sect-since-reboot" value presence under "System/Resources";

winbox

properly close session when uploading multiple files to the device at the same time;

winbox

removed duplicate "20/40/80MHz" value from "channel-width" setting options;

winbox

renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;

winbox

show HT MCS tab when "5ghz-n/ac" band is used;

winbox

show "Switch" menu on hAP ac^2 devices;

winbox

show "System/RouterBOARD/Mode Button" on devices that has such feature;

wireless

accept only valid path for sniffer output file parameter;

wireless

added "czech republic 5.8" regulatory domain information;

wireless

added "etsi2" regulatory domain information;

wireless

added option for RADIUS "called-station-id" format selection;

wireless

added option to disable PMKID for WPA2;

wireless

do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";

wireless

fixed "/interface wireless sniffer packet print follow" output;

wireless

fixed wireless interface lockup after period of inactivity;

wireless

improved Nv2 reliability on ARM devices;

wireless

improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;

wireless

require "sniff" policy for wireless sniffer;

wireless

updated "czech republic" regulatory domain information;

wireless

updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;

x86

improved Ethernet driver for Davicom DM9x0x;