Version: 7.16
Stable322 changelog entries across 86 component(s)
2024-Sep-20 (1 year ago)
| Component | Change |
|---|---|
| 6to4 | fixed 6to4 tunnel LL address generation after system reboot; |
| 6to4 | improved system stability when using 6to4 tunnel without specified remote-address; |
| 6to4 | limit keepalive timeout maximum value; |
| address | added "S" flag for addresses that belong to a slave interface; |
| arm64 | fixed "disable-running-check" for ARM64 UEFI; |
| arm64 | increased reserved storage space for bootloader; |
| arm64/x86 | added rtl8111/8168/8411 firmware; |
| arp | fixed possible issue with invalid entries; |
| bgp | fixed BGP sessions missing vpnv6 afi; |
| bgp | fixed cluster-list and originator-id; |
| bgp | fixed corrupted as-path when received update with empty AS_PATH attribute (introduced in v7.15); |
| bgp | fixed minor logging typo; |
| bgp | fixed vpnv6 safi; |
| bgp | small logging improvements; |
| bridge | added dynamic tagged entry when VLAN interface is created on vlan-filtering bridge; |
| bridge | added forward-reserved-addresses property which controls forwarding of MAC 01:80:C2:00:00:0x range (separated from "protocol-mode=none" functionality, disabled by default after upgrade); |
| bridge | added L2 MDB support for IGMP snooping; |
| bridge | added max-learned-entries property for bridge; |
| bridge | added message about who created a dynamic VLAN entry; |
| bridge | added MVRP support for VLANs assigned to bridge; |
| bridge | do not allow duplicate ports; |
| bridge | fixed BPDU address when using "ether-type=0x88a8" configuration; |
| bridge | fixed MVRP leave; |
| bridge | fixed port "point-to-point" status after first link change; |
| bridge | fixed typo in filter and NAT error message; |
| bridge | improved system stability when removing MLAG configuration; |
| bridge | show invalid flag for ports that fails to be added to bridge (e.g. maximum port limit of 1024 is reached); |
| bth | improved stability on system time change; |
| certificate | added no-key-export parameter for import; |
| certificate | added support for cloud-dns challenge validation for sn.mynetname.net (CLI only); |
| certificate | automatically parse uppercase symbols to lowercase when registering domain on Let's Encrypt; |
| certificate | improved DNS challenge error reporting for Let's Encrypt; |
| certificate | improved RSA key signature processing speed; |
| certificate | show validity beyond year 2038; |
| chr | added support for licensing over IPv6 network; |
| chr | fixed incorrect disk size for ARM64; |
| console | added "about" filters for "find" and "print where" commands; |
| console | added "verbose=progress" mode for import status updates, and verbose output only on failures; |
| console | added additional byte-array option to :convert command; |
| console | added dry-run parameter to simulate import of files and find syntax errors without making configuration changes (verbose only); |
| console | added limits for dst-start and dst-end clock properties; |
| console | added lock screen via :lock command; |
| console | added uppercase and lowercase transform modes to :convert command; |
| console | disallow ping command with empty address; |
| console | display hint when requesting specific argument syntax; |
| console | do not show default boot-os setting in export; |
| console | fixed an issue where certain MAC address can be interpreted as time value; |
| console | fixed negative values for gmt-offset clock property; |
| console | fixed output of ping command in certain cases; |
| console | fixed typo in firewall error message; |
| console | improved :serialize and :deserialize commands and added support for DSV (delimiter separated values) format; |
| console | improved large import file handling, error detection and stability; |
| console | improved stability when pasting a large input; |
| console | improved stability when removing script; |
| console | increased default width for bitrate type of columns; |
| console | removed follow-strict parameter; |
| console | show rest-api name for active user connections; |
| container | clear VETH address on container exit and mark interface as running only when VETH is in use; |
| defconf | configure the default-route property for PPP clients only on devices with a built-in modem; |
| detnet | properly detect "Internet" status when multiple detnet instances preset in network; |
| dhcp | added comment property for matchers, options and option sets; |
| dhcp | improved DHCP IPv4 and IPv6 client/relay/server underlying interface state change handling; |
| dhcp | improved insert-queue-before, parent-queue and allow-dual-stack-queue behavior; |
| dhcpv4-client | execute script on DNS server or gateway address change; |
| dhcpv4-server | added "class-id" parameter for DHCP server leases; |
| dhcpv4-server | added matcher ability to match substring; |
| dhcpv4-server | added name for "User-Class" option (77), "Authentication" option (90), "SIP-Servers-DHCP-Option" option (120) and "Unassigned" option (163-174) in debug logs; |
| dhcpv4-server | fixed setting and getting "next-server" property; |
| dhcpv4-server | increased lease offer timeout to 120 seconds; |
| dhcpv4-server | remove corresponding dynamic leases if their address-pool gets removed; |
| dhcpv4-server | show active-server and host-name in print active command; |
| dhcpv6-client | do not add default gateway twice when both prefix and address is acquired; |
| dhcpv6-client | fixed T1, T2, valid-lifetime and preferred-lifetime compliance with RFC8415 by using value 0; |
| dhcpv6-client | pause client and remove dynamically installed objects while it becomes invalid; |
| dhcpv6-client | release client on failed renew attempt; |
| dhcpv6-client | update gateway address for default route on renew; |
| dhcpv6-server | improved system stability; |
| discovery | added discover-interval setting; |
| discovery | added LLDP Port VLAN ID, Port And Protocol VLAN ID, VLAN Name TLVs support; |
| discovery | added LLDP-MED timeout; |
| discovery | changed default discover-interval setting from 60s to 30s; |
| discovery | set unknown bit for any unspecified link type in MAC/PHY TLV; |
| disk | added "wipe-quick" file-system option to format-drive command (CLI only); |
| disk | added log message when disks get added or removed; |
| disk | added simple test command to test device and filesystem speeds (CLI only); |
| disk | improved system stability; |
| disk | remove dummy "slot1" entries on CHR; |
| dns | added support for DoH with adlist; |
| dns | added support for DoH with static FWD entries; |
| dns | added support for mDNS proxy; |
| dns | improved imported adlist parsing; |
| dns | refactored adlist service internal processes and improved logging; |
| dns | refactored DNS service internal processes; |
| dns | show static entry type "A" field in console; |
| dude | fixed map element RouterOS package upgrade functionality; |
| ethernet | fixed port speed downshift functionality for CRS354 devices; |
| ethernet | improved system stability for Alpine CPUs when dealing with unexpected non-UDP/TCP packet transmit; |
| fetch | handle HTTP 401 status correctly; |
| fetch | improved logging; |
| file | renamed "creation-time" to "last-modified"; |
| filesystem | improved boot speed after device is rebooted without proper shutdown; |
| filesystem | refactored internal processes to minimize sector writes; |
| firewall | added message when interface belonging to VRF is added in filter rules; |
| firewall | fixed an issue with unsetting src-address-type; |
| firewall | fixed IPv6 "nth" matcher showing up twice in help; |
| firewall | fixed issue that prevents restoring src-address-list and dst-addres-list properties using undo command; |
| firewall | removed unnecessary TLS host matcher from NAT tables; |
| health | fixed board-temperature for KNOT device (introduced in v7.15); |
| health | fixed bogus CPU temperature spikes for CCR2216 device; |
| health | fixed missing health for CRS112-8G-4S device (introduced in v7.15); |
| health | improved voltage measurements for RB912UAG-6HPnD and RB912UAG-5HPnD devices; |
| health | removed unnecessary health settings for RB921 and RB922 devices; |
| health | upgraded fan controller firmware to latest version; |
| hotspot | properly escape all reserved URI characters; |
| ike1 | removed unsupported NAT-D drafts with invalid payload numbers; |
| ike2 | improved performance by balancing multicore CPU usage for key exchange calculation; |
| install | allow to save old configuration during cdrom install; |
| install | fixed ARM64 cdrom install (introduced in v7.15); |
| iot | added an option to delete default LoRa servers and a button to recover them if needed; |
| iot | added an option to log LoRa filtered packets; |
| iot | added LoRa NetID and JoinEUI filtering for LNS and CUPS connections; |
| iot | added LoRa option to filter out proprietary packets; |
| iot | fixed incorrect LoRa filter export behavior; |
| iot | fixed LoRa inability to set SSL for LoRa servers via command line; |
| iot | fixed LoRa inability to use variables for GPS-spoofing setting; |
| ip | added max-sessions property for services; |
| ip/ipv6 | added multipath hash policy settings; |
| ipip6 | make IPv6 LL address random; |
| ipsec | changed default dpd-interval from 2 minutes to 8 seconds and dpd-maximum-failures from 5 to 4; |
| ipsec | improved installed SA statistics update; |
| ipv6 | added "d" deprecated flag for expired IPv6 SLAAC addresses; |
| ipv6 | allow to properly disable address when it is generated from pool; |
| ipv6 | allow to properly move IPv6 address from slave interface to a bridge interface; |
| ipv6 | do not allow adding address with invalid prefix when using pool; |
| ipv6 | do not allow to manually delete LL address; |
| ipv6 | fixed "no-dad" functionality; |
| ipv6 | fixed dynamic duplicate address showing when static address is already configured; |
| ipv6 | fixed pool allocated addresses missing after reboot; |
| ipv6 | fixed SLAAC address dynamic appearance; |
| ipv6 | improved handling of IPv6 address information; |
| ipv6 | improved LL address generation process; |
| ipv6 | properly initialize default ND "interface=all" entry; |
| ipv6 | respect APN settings for "add-default-route" and "use-peer-dns" also when "accept-router-advertisements=yes"; |
| ipv6 | warn user that reboot is required in order to properly apply accept-router-advertisements changes; |
| isis | fixed filter-chain and filter-select settings; |
| isis | install IPv6 link-local gateways correctly; |
| l2tp | improved system stability; |
| l3hw | added per-VLAN packet and byte counters to compatible switches; |
| l3hw | disable L3HW on bonding modes that do not support it; |
| log | added basic validation for "disk-file-name" property; |
| lte | fixed possible crash when enabling/disabling config-less modem interface; |
| lte | fixed R11e-LTE no traffic flow when modem with older firmware version is used; |
| lte | fixed support for Fibocom modem fm150-na; |
| lte | improved modem AT/modem port open; |
| lte | improvements to "/interface/lte/show-capabilities" command; |
| lte | added "sms-protocol" setting in "/interface lte" menu (CLI only); |
| lte | fixed "at-chat" for DELL T99W175 (PID: 0x05c6 VID: 0x90d5); |
| lte | fixed cases where LTE interface would take long time to become ready after bootup for Chateau 5G and Chateau 5G R16 (introduced in v7.15); |
| lte | fixed cases where modem could be handled by multiple dialer instances; |
| lte | fixed modem firmware upgrade for Chateau 5G and Chateau 5G R16 (introduced in v7.15); |
| media | improved file indexing for DLNA; |
| modem | added authentication functionality to EC200A; |
| modem | fixed PPP link recovery when port unexpectedly removed and returned due to modem firmware crash; |
| modem | fixed unresponsive PPP link recovery when TX bandwidth was exceeding link capacity; |
| modem | improved support for KNOT BG77 modem firmware update; |
| mqtt | broker password is no longer exported unless "show-sensitive" flag is used; |
| netinstall-cli | added check for device and package architectures match; |
| netinstall-cli | added support for multiple device install; |
| netinstall-cli | allow mixed package architectures; |
| netwatch | added DNS probe; |
| netwatch | added ttl and accept-icmp-time-exceeded properties for ICMP probe; |
| netwatch | use time format according to ISO standard; |
| ospf | improved system stability during LSA monitoring; |
| ovpn | improved system stability; |
| pimsm | improved system stability; |
| poe-out | fixed low-voltage detection while PD is connected for KNOT device; |
| poe-out | fixed silent firmware upgrade fail on CRS112-8P-4S device (introduced in v7.15); |
| poe-out | upgraded firmware for SAMD20 PSE (AF/AT) controlled boards (the update will cause brief power interruption to PoE-out interfaces); |
| port | added IPv6 support for the "remote-access" feature; |
| ppp | added SIM hot-plug enable command to default init-string for KNOT and CME gateway; |
| ppp | added support for IPv6-only domain names to l2tp-client, ovpn-client and sstp-client; |
| ppp | automatically generate IPv6 firewall rules when filter-id is specified; |
| ppp | fixed dynamic queue default name (introduced in v7.15); |
| ppp | fixed PPP info parser showing error for BG77 modem running on KNOT AUX AT/modem port; |
| profiler | classify wifi processing as "wireless"; |
| ptp | added PTP support for CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ, CRS518-16XS-2XQ, CRS504-4XQ, CRS510-8XS-2XQ devices; |
| qos-hw | added H and I flags to queues; |
| qos-hw | added new monitoring properties for ports and global QoS stats; |
| qos-hw | added queue-buffers property to tx-manager; |
| qos-hw | allow port print stats, usage and pfc while QoS is disabled; |
| qos-hw | allow to set queue-buffers in bytes, percent or auto; |
| qos-hw | enabling ECN forces WRED (unless share is disabled); |
| qos-hw | fixed egress-rate limit validation; |
| qos-hw | fixed global buffer limits for 98DX8212 and 98DX8332 switches; |
| qos-hw | fixed WRED thresholds; |
| qos-hw | improved behavior when changing ports tx-manger; |
| qos-hw | limit WRED to queues with enabled shared buffers; |
| queue | improved system stability; |
| quickset | removed Basic AP mode; |
| rose-storage | fixed "/file sysnc status" parameter to be read-only; |
| rose-storage | moved "/rsync-daemon" to "/file rsync-daemon; |
| rose-storage | renamed sync "remote-addr" property to "remote-address"; |
| route | added ability to redistribute isis routes; |
| route | fixed incorrectly handled route distinguisher and route targets (introduced in v7.15); |
| route | fixed memory leak (introduced in v7.15); |
| route | fixed some missing route parameters when printing (introduced in v7.15); |
| route | improved route attribute handling (may increase memory usage); |
| route | improved routing table update performance; |
| route | improved stability when getting entries from large routing tables; |
| route | place static route in the correct VRF when vrf-interface parameter is used; |
| route | rename route type from is-is to isis; |
| routerboard | improved Etherboot stability for CRS320-8P-8B-4S+ device ("/system routerboard upgrade" required); |
| routerboard | improved Etherboot stability for IPQ-40xx devices ("/system routerboard upgrade" required); |
| routerboot | improved boot process ("/system routerboard upgrade" required); |
| rpki | fixed preference sorting; |
| sfp | fixed calculated link length based on EEPROM in certain cases; |
| sfp | fixed missing traffic after reboot with S-RJ01 module running at 10/100 Mbps rate on CCR2004-16G-2S+ device; |
| sfp | fixed SFP28 interface with fec74 mode on CCR2004-1G-2XS-PCIe device; |
| sfp | fixed SFP28 jumbo frame processing on CCR2004-1G-2XS-PCIe device; |
| sms | added polling setting so that RouterOS itself checks SMS instead of relying on URC messages; |
| snmp | added support for KNOT BG77 modem cellular signal info; |
| snmp | fixed LAST-UPDATED format in MIKROTIK-MIB; |
| ssh | fixed SSH cryptographic accelerator selection for GCM cipher (introduced in v7.14); |
| ssh | fixed unsupported user SSH public key import (introduced in v7.15); |
| ssh | improved system stability when SSH tries to bind to non-existing interface; |
| supout | added detnet section; |
| supout | added monitor command for all wifi interfaces; |
| supout | added netwatch section; |
| supout | added user SSH keys section; |
| supout | increased console output width; |
| supout | limit address-list and connection tracking entries to 999 in supout.rif; |
| supout | rename "store" section to "disk"; |
| switch | fixed an issue where half-duplex links could occupy Tx resources for 98DX8xxx, 98DX4xxx, 98DX325x switch chips; |
| switch | fixed an issue with Ethernet port group hang for CRS354 devices; |
| switch | fixed Ethernet interface counter 32bit overflow for CRS354 devices; |
| switch | fixed limited Tx traffic on Ethernet ports for CRS354 devices (introduced in v7.15); |
| switch | improved switch reset; |
| switch | improved system stability on CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| system | added "clock" logging topic for time change related messages; |
| system | added critical log message when not enough space to store new configuration; |
| system | added log message if device failed to reboot gracefully; |
| system | added more details to user initiated reboot (reset, upgrade, downgrade); |
| system | added support for upgrade over IPv6 network; |
| system | do not cancel package upgrade if another architecture packages found on the router; |
| system | do not download packages scheduled for uninstall; |
| system | do not start IPsec and certificate processes when not necessary; |
| system | fixed "free disk space" error message on system upgrade/downgrade; |
| system | fixed an issue where routing configuration was missing after performing a reset, adding a new configuration and then upgrading (introduced in v7.15); |
| system | fixed empty logs after reboot in certain cases; |
| system | improved internal system services messaging; |
| system | improved performance for TCP input; |
| system | improved reporting of total memory size; |
| system | improved system stability for CCR2004-1G-2XS-PCIe device; |
| system | improved system stability for RBSXTsq5nD and RBLDF-5nD; |
| system | improved system stability; |
| system | improved watchdog and kernel panic reporting; |
| system | reduced RAM usage for ARM64 devices; |
| system | set flash-boot mode as "boot-device" after system reset initiated by reset button ("/system routerboard upgrade" required); |
| system | set flash-boot mode as "boot-device" after system reset initiated from software; |
| traceroute | do not stop traceroute after 5 consecutive unreachable hops; |
| tunnel | allow specifying IPv6 LL address as "remote-address" for EoIPv6, GRE6 and IPIP6 tunnels; |
| user | added inactivity timeout for non-GUI sessions; |
| user-manager | updated logo; |
| vxlan | added comment support to VTEPs; |
| vxlan | prevent creating multiple VTEPs with same IP/port combination; |
| webfig | allow to enter time that exceeds 23:59:59; |
| webfig | correctly display default value for number type; |
| webfig | enabled hotlock mode for terminal; |
| webfig | fixed an issue where wrong menu title was shown; |
| webfig | fixed issue with incorrectly applying optional fields; |
| webfig | fixed sorting by datetime; |
| webfig | use "any" argument by default for Torch "Port" property; |
| wifi | added "slave-name-format"; |
| wifi | added interface provisioning logs; |
| wifi | adjusted virtual interface naming when provisioning local radios; |
| wifi | do not allow frequency-scan on virtual interfaces; |
| wifi | do not unset radio-mac and master-interface properties on reset; |
| wifi | enable creating virtual wifi interfaces using "copy-from" setting; |
| wifi | fixed packet receive when having multiple station interfaces; |
| wifi | fixed signal strength reporting during association (introduced in v7.15); |
| wifi | fixed typo in log message; |
| wifi | improve regulatory compliance for Chateau ax devices; |
| wifi | improved interface stability when receiving invalid FT authentication frames; |
| wifi | improved system stability after interface hang; |
| wifi | improved WPA3 PMKSA handling when access-lists with custom passphrases are used; |
| wifi | make sniffer tool return an error when attempting to sniff with a radio which does not support it; |
| wifi | send channel switch announcements to clients when switching channels at requested re-select intervals; |
| wifi | use name-format also for local interfaces when provisioning; |
| wifi-qcom | add spectral-scan and spectral-history tools (CLI only); |
| wifi-qcom-ac | count dropped packets to "tx-drop" instead of "tx-error"; |
| wifi-qcom-ac | improved memory allocating process; |
| winbox | added "Import Router ID" parameter under "Routing/BGP/VPN" menu; |
| winbox | added "Switch/QoS" menu for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices; |
| winbox | added "Trace" column under "System/History" menu; |
| winbox | added configuration settings for ROSE; |
| winbox | added extra "File System" under "Format Drive" button; |
| winbox | added missing "Default Name" property for interfaces; |
| winbox | do not show "Last Logged In" and "Expire Password" when creating new system user; |
| winbox | fixed "Authority" property under "System/Certificates/Requests" menu; |
| winbox | fixed duplicated "MVRP Attributes" table; |
| winbox | fixed false invalid flag under "System/Ports/Remote Access" menu; |
| winbox | fixed issue with skin file appearing as unknown in user group menu (introduced in v7.15); |
| winbox | fixed signal bar "excellent" tooltip; |
| winbox | fixed Switch menu for RB1100AHx4 device; |
| winbox | improved QR code display; |
| winbox | moved DHCPv6 Server "Allow Dual Stack Queue" property from General to Queues tab; |
| winbox | moved Switch menu tabs to individual menus; |
| winbox | properly display available address-pools for DHCPv6 server configuration; |
| winbox | removed deprecated x86/CHR specific settings under "System/Resources" menu; |
| winbox | removed spare argument for "PFS Group" property under "IP/IPsec/Proposals" menu; |
| winbox | renamed configurable wifi property "Tx Power" to "Max Tx Power"; |
| winbox | separated different Watchdog settings into logical tabs; |
| winbox | use CAP serial number with "Set Identity" button under "WiFi/Remote CAP" menu; |
| winbox | use correct default value for "Partition Offset" property; |
| winbox/webfig | fixed skins (introduced in v7.15); |
| wireless | allow unsetting signal-range and ssid-regext properties for capsman access-list; |
| wireless | fixed dynamic VLAN assignments for vlan-filtering bridge in certain cases; |
| wireless | limit antenna-gain property to 100; |
| www | log out inactive REST API users; |
| x86 | added missing PCI ids for bnx2x driver; |
| x86 | added RTL8156 driver support; |
| x86 | fixed missing serial ports with MCS9900; |