Version: 7.18
Stable246 changelog entries across 77 component(s)
2025-Feb-24 (11 months ago)
| Component | Change |
|---|---|
| 60ghz | improved system stability; |
| bgp | fixed certain affinity options not working properly; |
| bgp | improved system stability when printing BGP advertisements; |
| bgp | make NO_ADVERTISE, NO_EXPORT, NO_PEER communities work; |
| bond | added transmit hash policies for encapsulated traffic; |
| bridge | added MLAG heartbeat property; |
| bridge | avoid duplicate VLAN entries with dynamic wifi VLANs; |
| bridge | do not reset MLAG peer port on heartbeat timeout (log warning instead); |
| bridge | fixed endless MAC update loop (introduced in v7.17); |
| bridge | fixed missing S flag on interface configuration changes; |
| bridge | improved stability when using MLAG with MSTP (introduced in v7.17); |
| bridge | improvements to MLAG host table updates; |
| bridge | process more DHCP message types (decline, NAK, inform); |
| bridge | removed controller-bridge (CB) and port-extender (PE) support; |
| bridge | show VXLAN remote-ip in host table; |
| btest | allow limiting access to server by IP address; |
| certificate | fixed localized text conversion to UTF-8 on certificate creation; |
| chr | fixed limited upgrades for expired instances; |
| chr/x86 | added network driver for Huawei SP570/580 NIC; |
| chr/x86 | fixed error message on bootup; |
| chr/x86 | fixed GRE issues with ice network driver; |
| chr/x86 | Realtek r8169 updated driver; |
| cloud | added "Back To Home Files" feature; |
| cloud,bth | use in-interface matcher for masquerade rule; |
| console | added dsv.remap to :serialize command to unpack array of maps from print as-value; |
| console | added file-name parameter to :serialize; |
| console | allow ISO timezone format in :totime command; |
| console | allow tab as dsv delimiter; |
| console | allow to toggle script error logging with "/console settings log-script-errors"; |
| console | do not autocomplete arguments when match is both exact and ambiguous; |
| console | do not show numbering in print follow; |
| console | fixed "get" and "proplist" for certain settings; |
| console | fixed issue where ping command displays two lines at the same time; |
| console | fixed issue with disappearing global variable; |
| console | implement scriptable safe-mode commands and safe-mode handler; |
| console | improved hints; |
| console | log errors within scripts to the system log; |
| console | make non-pseudo terminals work with imports; |
| console | put !empty sentence when API query returns nothing; |
| console | renamed "back-to-home-users" to "back-to-home-user"; |
| container | add default registry-url=https://lscr.io; |
| container | allow HTTP redirects when accessing container registry; |
| container | allow specifying registry using remote-image property; |
| container | improved image arch choice; |
| container | use parent directory of container root-dir for unpack by default, so that container layer files are downloaded directly on target disk; |
| defconf | added IPv6 FastTrack configuration; |
| device-mode | do not allow changing CPU frequency if "routerboard" is not allowed by device mode (introduced in v7.17); |
| device-mode | fixed feature and mode update via power-reset on PPC devices; |
| dhcpv4-client | allow selecting to which routing tables add default route; |
| dhcpv4-client | fixed default option export output; |
| dhcpv4-server | fixed "active-mac-address" update when client has changed MAC address; |
| dhcpv4-server | fixed framed-route removal; |
| dhcpv4-server | fixed lease assigning when server address is not bind to server interface (introduced in v7.17); |
| dhcpv6-client | added "validate-server-duid" option; |
| dhcpv6-client | allow specifying custom DUID; |
| dhcpv6-client | do not run script on prefix renewal; |
| dhcpv6-relay | added option to create routes for bindings passing through relay; |
| dhcpv6-server | respond to client in case of RADIUS reject; |
| discovery | advertise IPv6 capabilities based on "Disable IPv6" global setting; |
| discovery | improved stability during configuration changes; |
| discovery | report actual PSE power-pair with LLDP; |
| discovery | use power-via-mdi-short LLDP TLV only on pse-type1 802.3af; |
| disk | add disk trim command (/disk format-drive diskx file-system=trim); |
| disk | allow to add swap space without container package; |
| disk | allow to set only type=raid devices as raid-master; |
| disk | cleanup raid members mountpoint, improve default name of file base block-device; |
| disk | do not allow adding device in raid when major settings mismatch in superblock and config; |
| disk | do not allow configuring empty slot as raid member; |
| disk | fix detecting disks on virtual machines; |
| disk | fixed removing device from raid while resyncing; |
| disk | fixed setting up dependent devices when file-based block-device becomes available; |
| disk | fixed showing free space on tmpfs (introduced in v7.17); |
| disk | improved stability; |
| disk | improved system stability when SMB interface list is used (introduced in v7.17); |
| disk | mount multi-device btrfs filesystems more reliably at startup; |
| disk | set non-empty fs label when formatting by default; |
| dns | do not show warning messages for DNS static entries when they are not needed; |
| ethernet | fixed issue with default-names for RB4011, RB1100Dx4, RB800 devices; |
| ethernet | fixed link-down on startup for ARM64 devices (introduced in v7.16); |
| ethernet | improved link speed reporting on 2.5G-baseT and 10Gbase-T ports; |
| fetch | added "http-max-redirect-count" parameter, allows to follow redirects; |
| fetch | do not require "content-length" or "transfer-encoding" for HTTP; |
| file | added "recursive" and "relative" parameters to "/file/print" for use in conjunction with "path" parameter; |
| file | allow printing specific directories via path parameter; |
| file | improved handling of filesystems with many files; |
| firewall | allow in-interface/in-bridge-port/in-bridge matching in postrouting chains; |
| firewall | fixed incorrectly inverted hotspot value configuration; |
| firewall | increased maximum connection tracking entry count based on device total RAM size; |
| hotspot | fixed an issue where extra "flash/" is added to html-directory for devices with flash folders (introduced in v7.17); |
| igmp-proxy | fixed multicast routing after upstream interface flaps (introduced in v7.17); |
| iot | added new "iot-bt-extra" package for ARM, ARM64 which enables use of USB Bluetooth adapters (LE 4.0+); |
| iot | improvements to LoRa logging and stability; |
| iot | limited MQTT payload size to 32 KB; |
| ip | added support for /31 address; |
| ippool | added pool usage statistics; |
| ipsec | added hardware acceleration support for hEX refresh; |
| ipsec | fixed chacha20 poly1305 proposal; |
| ipsec | fixed installed SAs update process when SAs are removed; |
| ipv6 | added ability to disable dynamic IPv6 LL address generation on non-VPN interfaces; |
| ipv6 | added FastTrack support; |
| ipv6 | added routing FastPath support (enabled by default); |
| ipv6 | added support for neighbor removal and static entries; |
| ipv6 | fixed configuration loss due to conflicting settings after upgrade (introduced in v7.17); |
| l2tp | added IPv6 FastPath support; |
| l3hw | added initial HW offloading for VXLAN on compatible switches; |
| l3hw | added neigh-dump-retries property; |
| l3hw | fixed /32 (IPv6 /128) route offloading when using interface as gateway; |
| l3hw | fixed partial route offloading for 98DX224S, 98DX226S, 98DX3236 switches; |
| l3hw | respect interface specifier (%) when matching a gateway; |
| log | added CEF format support for remote logging; |
| log | added option to select TCP or UDP for remote logging; |
| lte | added confirmation-code parameter for eSIM provisioning; |
| lte | added initial eSIM management support; |
| lte | fixed cases where the MBIM dialer could get stuck; |
| lte | fixed Huawei ME909s-120 support; |
| lte | fixed interface recovery in mixed multiapn setup for MBIM modems; |
| lte | fixed missing 5G info for "/interface lte print" command; |
| lte | fixed missing IPv6 prefix advertisement on renamed LTE interfaces; |
| lte | fixed prolonged reboots on Chateau 5G ax; |
| lte | fixed SIM slot initialization with multi-APN setups; |
| lte | improved automatic link recovery and modem redial functions; |
| lte | improved initialization for external USB modems; |
| lte | lte monitor, show CQI when modem reports it as 0 - undetectable, no RX/down-link resource block assigned to modem by provider; |
| lte | R11eL-EC200A-EU fixed online firmware upgrade and added support for firmware update from local file; |
| lte | R11eL-EC200A-EU improved failed connection handling and recovery; |
| lte | reduce modem initialization time for R11e-LTE-US; |
| lte | reduced SIM slot switchover time for modems with AT control channel (except R11e-LTE); |
| lte | removed nonexistent CQI reading for EC200A-EU modem; |
| lte | added at-chat support for EC21EU; |
| lte | added basic support for Quectel RG255C-GL modem in "at+qcfg="usbnet",0" USB composition; |
| net | added initial support for automatic multicast tunneling (AMT) interface; |
| netinstall | try to re-create socket if link status changes; |
| netinstall-cli | fixed DHCP magic cookie; |
| ospf | fixed DN bit not being set; |
| ospfv3 | fixed ignored metric for intra-area routes; |
| ovpn | added requirement for server name when exporting configuration; |
| ovpn | disable hardware accelerator for GCM on Alpine CPUs (introduced in v7.17); |
| ovpn-client | added 1000 character limit for password; |
| pimsm | fixed incorrect neighbor entry when using lo interface; |
| poe-out | added "power-pair" info to poe-out monitor (CLI only); |
| poe-out | added console hints; |
| poe-out | added new modes "forced-on-a" and "forced-on-bt" (CLI only); |
| poe-out | upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces); |
| port | improved handling of USB device plug/unplug events; |
| ppc | fixed HW encryption (introduced in v7.17); |
| ppp | add support for configuration of upload/download queue types in profile; |
| ppp | added support for random UDP source ports; |
| ppp | fixed setting loss when adding new ppp-client interface for BG77 modem from CLI; |
| ppp | properly cleanup failed inactive sessions on pppoe-server; |
| ptp | do not send packets on STP blocked ports; |
| ptp | improved system stability; |
| qos-hw | fixed global buffer limits for 98CX8410 switch; |
| queue | improved system stability when many simple queues are added (introduced in v7.17); |
| queue | improved system stability; |
| queue | prevent CAKE bandwidth config from potentially causing lost connectivity to a device; |
| resolver | fixed static FQDN resolving (introduced in v7.17); |
| rip | fixed visibility of added key-chains in interface-template; |
| rose-storage | add btrfs filesystem add-device/remove-device/replace-device/replace-cancel commands to add/remove/replace disks to/from a live filesystem; |
| rose-storage | add btrfs filesystem balance-start/cancel commands; |
| rose-storage | add btrfs filesystem scrub-start, scrub-cancel commands (CLI only); |
| rose-storage | add btrfs transfers, supports send/receive into/from file for transferring subvolumes across btrfs filesystems; |
| rose-storage | add support to add/remove btrfs subvolumes/snapshots; |
| rose-storage | added support for advanced btrfs features: multi-disk support, subvolumes, snapshots, subvolume send/receive, data/metadata profiles, compression, etc; |
| rose-storage | allow to separately mount any btrfs subvolumes; |
| rose-storage | fixes for btrfs server; |
| rose-storage | update rsync to 3.4.1; |
| rose-storage,ssh | support btrfs send/receive over ssh; |
| route | added /ip/route/check tool; |
| route | added subnet length validation on route add; |
| route | do not use disabled addresses when selecting routing id; |
| route | fixed busy loops (route lockups); |
| route | fixed incorrect H flag usage; |
| route | improved stability when polling static routes via SNMP; |
| route | properly resolve imported BGP VPN routes; |
| routerboot | disable packet switching during etherboot for hEX refresh ("/system routerboard upgrade" required); |
| routerboot | improved stability for IPQ8072 ("/system routerboard upgrade" required); |
| routing-filter | improved stability when using large address lists (>5000); |
| routing-filter | improved usage of quotes in filter rules; |
| sfp | fixed missing "1G-baseX" supported rate for NetMetal ac2 and hEX S devices; |
| sfp | improved linking with certain QSFP modules on CRS354 devices; |
| sfp | improved system stability with some GPON modules for CCR2004 and CCR2116 devices; |
| sfp,qsfp | improved initialization and linking; |
| smb | fixed connection issues with clients using older SMB versions (introduced in v7.17); |
| smb | fixes for SMB server; |
| smb | improved system stability; |
| snmp | added "mtxrAlarmSocketStatus" OID to MIKROTIK-MIB; |
| snmp | added disk serial number through description field; |
| snmp | sort disk list and assign correct disk types; |
| ssh | improved channel resumption after rekey and eof handling; |
| supout | added IPv6 settings section; |
| supout | added per CPU load information; |
| switch | allow entering IPv6 netmask for switch rules (CLI only); |
| switch | fixed dynamic switch rules created by dot1x server (introduced in v7.17); |
| switch | fixed issues with inactive hardware-offloaded bond ports; |
| switch | improved egress-rate on QSFP28 ports; |
| switch | improved system stability for CRS304 switch; |
| switch | improvements to certain switch operations (port disable, shaper and switch initialization); |
| system | added option to list and install available packages (after using "check-for-updates"); |
| system | do not allow to install multiple wireless driver packages at the same time; |
| system | do not cause unnecessary sector writes on check-for-updates; |
| system | enable "ipv6" package on RouterOS v6 downgrade if IPv6 is enabled; |
| system | fixed a potential memory leak that occurred when resetting states after an error; |
| system | force time to be at least at package build time minus 1d; |
| system | improved HTTPS speed; |
| system | improved stability on busy systems; |
| system,arm | automatically increase boot part size on upgrade or netinstall (fixed upgrade failed due to a lack of space on kernel disk/partition); |
| tile | improved system stability; |
| traceroute | added "too many hops" error when max-hops are reached; |
| traceroute | limit max-hops maximum value to 255; |
| user | improved authentication procedure when RADIUS is not used; |
| vxlan | added disable option for VTEPs; |
| vxlan | added IPv6 FastPath support; |
| vxlan | added option to dynamically bridge interface and port settings (hw, pvid); |
| vxlan | added TTL property; |
| vxlan | changed default port to 4789; |
| vxlan | fixed unset for "group" and "interface" properties; |
| vxlan | replaced the "inherit" with "auto" option for dont-fragment property (new default); |
| webfig | added confirmation when quitting in Safe Mode; |
| webfig | do not reload form when failed to create new object; |
| webfig | fixed "TCP Flags" property when inverted flags are set in console; |
| webfig | fixed datetime setting under certain menus; |
| webfig | fixed displaying passwords; |
| webfig | fixed Switch/Ports menu not showing correctly; |
| webfig | hide certificate information in IP Services menu when not applicable; |
| webfig | remember expand/fold state; |
| wifi | added max-clients parameter; |
| wifi | avoid excessive re-transmission of SA Query action frames; |
| wifi | fix issue which made it possible for multiple concurrent WPA3 authentications to interfere with each other; |
| wifi | implement steering parameters to delay probe responses to clients in the 2.4GHz band; |
| wifi | log a warning when a client requests power save mode during association as this may prevent successful connection establishment; |
| wifi | re-word the "can't find PMKSA" log message to "no cached PMK"; |
| wifi | try to authenticate client as non-FT client if it provides incomplete set of FT parameters; |
| wifi-qcom | fix reporting of radio minimum antenna gain for hAP ax^2; |
| wifi-qcom | prevent AP from transmitting broadcast data unencrypted during authentication of first client; |
| winbox | added "Copy to Provisioning" button under "WiFi/Radios" menu; |
| winbox | added "Last Logged In/Out" and "Times Matched" properties under "WiFi/Access List" menu; |
| winbox | added "Reset Alert" button under "IP/DHCP Server/Alerts" menu; |
| winbox | added L3HW Advanced and Monitor; |
| winbox | added missing options under "System/Disk" menu; |
| winbox | added TCP settings under "Tools/Traffic Generator/Packet Templates" menu; |
| winbox | do not show 0 Tx/Rx rate under "WiFi/Registration" menu when values are not known; |
| winbox | do not show LTE "Antenna Scan" button on devices that do not support it; |
| winbox | fixed locked input fields when creating new certificate template; |
| winbox | show LTE "CA Band" field only when CA info is available; |
| winbox | show warning messages for static DNS entries; |
| x86 | fixed "unsupported speed" warning; |