Version: 6.45.1
Stable164 changelog entries across 55 component(s)
2019-Jun-27 (6 years ago)
| Component | Change |
|---|---|
| bridge | correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used; |
| bridge | correctly handle bridge host table; |
| bridge | fixed log message when hardware offloading is being enabled; |
| bridge | improved stability when receiving traffic over USB modem with bridge firewall enabled; |
| capsman | fixed CAP system upgrading process for MMIPS; |
| capsman | fixed interface-list usage in access list; |
| ccr | improved packet processing after overloading interface; |
| certificate | added "key-type" field; |
| certificate | added support for ECDSA certificates (prime256v1, secp384r1, secp521r1); |
| certificate | fixed self signed CA certificate handling by SCEP client; |
| certificate | made RAM the default CRL storage location; |
| certificate | removed DSA (D) flag; |
| certificate | removed "set-ca-passphrase" parameter; |
| chr | legacy adapters require "disable-running-check=yes" to be set; |
| cloud | added "replace" parameter for backup "upload-file" command; |
| conntrack | fixed GRE protocol packet connection-state matching (CVE-2014-8160); |
| conntrack | significant stability and performance improvements; |
| crs317 | fixed known multicast flooding to the CPU; |
| crs3xx | added ethernet tx-drop counter; |
| crs3xx | correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate; |
| crs3xx | fixed auto negotiation when 2-pair twisted cable is used (downshift feature); |
| crs3xx | fixed "tx-drop" counter; |
| crs3xx | improved switch-chip resource allocation on CRS326, CRS328, CRS305; |
| defconf | added "custom-script" field that prints custom configuration installed by Netinstall; |
| defconf | automatically set "installation" parameter for outdoor devices; |
| defconf | changed default configuration type to AP for cAP series devices; |
| defconf | fixed channel width selection for RU locked devices; |
| dhcp | create dual stack queue based on limitations specified on DHCPv4 server lease configuration; |
| dhcp | do not require lease and binding to have the same configuration for dual-stack queues; |
| dhcp | show warning in log if lease and binding dual-stack related parameters do not match and create separate queues; |
| dhcpv4-server | added "client-mac-limit" parameter; |
| dhcpv4-server | added IP conflict logging; |
| dhcpv4-server | added RADIUS accounting support with queue based statistics; |
| dhcpv4-server | added "vendor-class-id" matcher (CLI only); |
| dhcpv4-server | improved stability when performing "check-status" command; |
| dhcpv4-server | replaced "busy" lease status with "conflict" and "declined"; |
| dhcpv6-client | added option to disable rapid-commit; |
| dhcpv6-client | fixed status update when leaving "bound" state; |
| dhcpv6-server | added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time"; |
| dhcpv6-server | added "address-list" support for bindings; |
| dhcpv6-server | added "insert-queue-before" and "parent-queue" parameters; |
| dhcpv6-server | added RADIUS accounting support with queue based statistics; |
| dhcpv6-server | added "route-distance" parameter; |
| dhcpv6-server | fixed dynamic IPv6 binding without proper reference to the server; |
| dhcpv6-server | override prefix pool and/or DNS server settings by values received from RADIUS; |
| discovery | correctly create neighbors from VLAN tagged discovery messages; |
| discovery | fixed CDP packets not including address on slave ports (introduced in v6.44); |
| discovery | improved neighbour's MAC address detection; |
| discovery | limit max neighbour count per interface based on total RAM memory; |
| discovery | show neighbors on actual mesh ports; |
| include "message-id" identification field in e-mail header; | |
| properly release e-mail sending session if the server's domain name can not be resolved; | |
| ethernet | added support for 25Gbps and 40Gbps rates; |
| ethernet | fixed running (R) flag not present on x86 interfaces and CHR legacy adapters; |
| ethernet | increased loop warning threshold to 5 packets per second; |
| fetch | added SFTP support; |
| fetch | improved user policy lookup; |
| firewall | fixed fragmented packet processing when only RAW firewall is configured; |
| firewall | process packets by firewall when accepted by RAW with disabled connection tracking; |
| gps | fixed missing minus close to zero coordinates in dd format; |
| gps | make sure "direction" parameter is upper case; |
| gps | strip unnecessary trailing characters from "longtitude" and "latitude" values; |
| gps | use "serial0" as default port on LtAP mini; |
| hotspot | added "interface-mac" variable to HTML pages; |
| hotspot | moved "title" HTML tag after "meta" tags; |
| ike1 | adjusted debug packet logging topics; |
| ike2 | added support for ECDSA certificate authentication (rfc4754); |
| ike2 | added support for IKE SA rekeying for initiator; |
| ike2 | do not send "User-Name" attribute to RADIUS server if not provided; |
| ike2 | improved certificate verification when multiple CA certificates received from responder; |
| ike2 | improved child SA rekeying process; |
| ike2 | improved XAuth identity conversion on upgrade; |
| ike2 | prefer SAN instead of DN from certificate for ID payload; |
| ippool | improved logging for IPv6 Pool when prefix is already in use; |
| ipsec | added dynamic comment field for "active-peers" menu inherited from identity; |
| ipsec | added "ph2-total" counter to "active-peers" menu; |
| ipsec | added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods; |
| ipsec | added traffic statistics to "active-peers" menu; |
| ipsec | disallow setting "src-address" and "dst-address" for transport mode policies; |
| ipsec | do not allow adding identity to a dynamic peer; |
| ipsec | fixed policies becoming invalid after changing priority; |
| ipsec | general improvements in policy handling; |
| ipsec | properly drop already established tunnel when address change detected; |
| ipsec | renamed "remote-peers" to "active-peers"; |
| ipsec | renamed "rsa-signature" authentication method to "digital-signature"; |
| ipsec | replaced policy SA address parameters with peer setting; |
| ipsec | use tunnel name for dynamic IPsec peer name; |
| ipv6 | improved system stability when receiving bogus packets; |
| ltap | renamed SIM slots "up" and "down" to "2" and "3"; |
| lte | added initial support for Vodafone R216-Z; |
| lte | added passthrough interface subnet selection; |
| lte | added support for manual operator selection; |
| lte | allow setting empty APN; |
| lte | allow to specify URL for firmware upgrade "firmware-file" parameter; |
| lte | do not show error message for info commands that are not supported; |
| lte | fixed session reactivation on R11e-LTE in UMTS mode; |
| lte | improved firmware upgrade process; |
| lte | improved "info" command query; |
| lte | improved R11e-4G modem operation; |
| lte | renamed firmware upgrade "path" command to "firmware-file" (CLI only); |
| lte | show alphanumeric value for operator info; |
| lte | show correct firmware revision after firmware upgrade; |
| lte | use default APN name "internet" when not provided; |
| lte | use secondary DNS for DNS server configuration; |
| m33g | added support for additional Serial Console port on GPIO headers; |
| ospf | added support for link scope opaque LSAs (Type 9) for OSPFv2; |
| ospf | fixed opaque LSA type checking in OSPFv2; |
| ospf | improved "unknown" LSA handling in OSPFv3; |
| ovpn | added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066); |
| ppp | added initial support for Quectel BG96; |
| proxy | increased minimal free RAM that can not be used for proxy services; |
| rb3011 | improved system stability when receiving bogus packets; |
| rb4011 | fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required); |
| rb921 | improved system stability ("/system routerboard upgrade" required); |
| routerboard | renamed 'sim' menu to 'modem'; |
| sfp | fixed S-35LC20D transceiver DDMI readouts after reboot; |
| sms | added USSD message functionality under "/tool sms" (CLI only); |
| sms | allow specifying multiple "allowed-number" values; |
| sms | improved delivery report logging; |
| snmp | added "dot1dStpPortTable" OID; |
| snmp | added OID for neighbor "interface"; |
| snmp | added "write-access" column to community print; |
| snmp | allow setting interface "adminStatus"; |
| snmp | fixed "send-trap" not working when "trap-generators" does not contain "temp-exception"; |
| snmp | fixed "send-trap" with multiple "trap-targets"; |
| snmp | improved reliability on SNMP service packet validation; |
| snmp | properly return multicast and broadcast packet counters for IF-MIB OIDs; |
| ssh | accept remote forwarding requests with empty hostnames; |
| ssh | added new "ssh-exec" command for non-interactive command execution; |
| ssh | fixed non-interactive multiple command execution; |
| ssh | improved remote forwarding handling (introduced in v6.44.3); |
| ssh | improved session rekeying process on exchanged data size threshold; |
| ssh | keep host keys when resetting configuration with "keep-users=yes"; |
| ssh | use correct user when "output-to-file" parameter is used; |
| sstp | improved stability when received traffic hits tarpit firewall; |
| supout | added IPv6 ND section to supout file; |
| supout | added "kid-control devices" section to supout file; |
| supout | added "pwr-line" section to supout file; |
| supout | changed IPv6 pool section to output detailed print; |
| switch | properly reapply settings after switch chip reset; |
| tftp | added "max-block-size" parameter under TFTP "settings" menu (CLI only); |
| tile | improved link fault detection on SFP+ ports; |
| tr069-client | added LTE CQI and IMSI parameter support; |
| tr069-client | fixed potential memory corruption; |
| tr069-client | improved error reporting with incorrect firware upgrade XML file; |
| traceroute | improved stability when sending large ping amounts; |
| traffic-generator | improved stability when stopping traffic generator; |
| tunnel | removed "local-address" requirement when "ipsec-secret" is used; |
| userman | added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only); |
| w60g | do not show unused "dmg" parameter; |
| w60g | prefer AP with strongest signal when multiple APs with same SSID present; |
| w60g | show running frequency under "monitor" command; |
| winbox | added "System/SwOS" menu for all dual-boot devices; |
| winbox | do not allow setting "dns-lookup-interval" to "0"; |
| winbox | show "LCD" menu only on boards that have LCD screen; |
| wireless | fixed frequency duplication in the frequency selection menu; |
| wireless | fixed incorrect IP header for RADIUS accounting packet; |
| wireless | improved 160MHz channel width stability on rb4011; |
| wireless | improved DFS radar detection when using non-ETSI regulated country; |
| wireless | improved installation mode selection for wireless outdoor equipment; |
| wireless | set default SSID and supplicant-identity the same as router's identity; |
| wireless | updated "china" regulatory domain information; |
| wireless | updated "new zealand" regulatory domain information; |
| www | improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473); |