+7 495 320-55-52
- Назад
- Телефоны
- +7 495 320-55-52
- Заказать звонок
info@mikrotik.moscow
г. Москва, ул. Бакунинская, 84
Пн-Пт: 09-00 до 18-00
Сб-Вс: выходной

Changelogs

Версия 7.9rc5 2023-04-28

What's new in 7.9rc5 (2023-Apr-28 11:52):

Changes in this release:

*) console - fixed password prompt (introduced in v7.9beta4);
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) wifiwave2 - fixed a compatibility issue when using OWE authentication (introduced in v7.8);

Other changes since v7.8:

*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;

Версия 7.9rc5 2023-04-28

Версия 7.9rc4 2023-04-25

What's new in 7.9rc4 (2023-Apr-24 16:34):

Changes in this release:

*) defconf - added CAPs mode script for wifiwave2 devices;
*) ovpn - improved system stability for Tile devices;
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved WPS connection speed;

Other changes since v7.8:

*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;

Версия 7.9rc4 2023-04-25

Версия 7.9rc3 2023-04-13

What's new in 7.9rc3 (2023-Apr-12 15:53):

Changes in this release:

*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);

Other changes since v7.8:

*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;

Версия 7.9rc3 2023-04-13

Версия 7.9rc2 2023-04-06

What's new in 7.9rc2 (2023-Apr-05 13:56):

Changes in this release:

*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);

Other changes since v7.8:

*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;

Версия 7.9rc2 2023-04-06

Версия 7.9rc1 2023-03-31

What's new in 7.9rc1 (2023-Mar-30 16:42):

Changes in this release:

*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) netinstall-cli - improved device reinstall on failed attempt;
*) snmp - improved outputting of routes;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) timezone - updated timezone information from "tzdata2023c" release;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) winbox - fixed changing slot name under "System/Disk" menu;

Other changes since v7.8:

*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;

Версия 7.9rc1 2023-03-31

Версия 7.9beta4 2023-03-24

What's new in 7.9beta4 (2023-Mar-23 15:01):

Changes in this release:

*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;

Версия 7.9beta4 2023-03-24

Версия 7.8rc3 2023-02-22

What's new in 7.8rc3 (2023-Feb-20 16:32):

Changes in this release:

*) vxlan - fixed MAC learning when using FastPath (introduced in v7.8beta3);

Other changes since v7.7:

!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;

Версия 7.8rc3 2023-02-22

Версия 7.8rc2 2023-02-15

What's new in 7.8rc2 (2023-Feb-14 11:50):

Changes in this release:

*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) conntrack - improved system stability when PPTP helper is used;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);

Other changes since v7.7:

!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;

Версия 7.8rc2 2023-02-15

Версия 7.8rc1 2023-02-10

What's new in 7.8rc1 (2023-Feb-08 20:03):

Changes in this release:

!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) console - added "as-string" parameter to the ":execute" command;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) vxlan - added "max-fdb-size" parameter;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);

Other changes since v7.7:

*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;

Версия 7.8rc1 2023-02-10

Версия 7.8beta3 2023-02-03

What's new in 7.8beta3 (2023-Feb-01 16:10):

Important note!!!

Version is not recommended on CRS3xx devices.

Changes in this release:

!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed adding disabled MSTI;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved multiple certificate import process;
*) console - improved ":execute" command to output a string when a file is not specified;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) dns - fixed CNAME reading from the cache;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) led - fixed signal reading for KNOT device;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) pppoe - fixed PPPoE client scan showing only one server;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added FastPath support;
*) webfig - improved terminal operation;
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing cipher properties for OVPN server and client;
*) winbox - added missing filtering properties under "Tools/Packet Sniffer" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) zeroter - fixed routes after VRF change;

Other changes since v7.7:

*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;

Версия 7.8beta3 2023-02-03

Версия 7.8beta2 2023-01-20

What's new in 7.8beta2 (2023-Jan-20 12:27):

Important note!!!

Version is not recommended on CRS3xx devices.

Changes in this release:

!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;

Версия 7.8beta2 2023-01-20

Версия 7.7rc5 2023-01-11

What's new in 7.7rc5 (2023-Jan-11 13:20):

Changes in this release:

*) dns - fixed CNAME reading from the cache (introduced in v7.7rc3);
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - fixed R11e-LTE6 port mapping;

Other changes since v7.6:

*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;

Версия 7.7rc5 2023-01-11

Версия 7.7rc4 2023-01-04

What's new in 7.7rc4 (2023-Jan-03 13:13):

Changes in this release:

*) bgp - fixed BGP advertisement PCAP saver;
*) console - updated copyright notice;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) ospf - fixed simple authentication checksum calculation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) timezone - updated timezone information from "tzdata2022g" release;

Other changes since v7.6:

*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;

Версия 7.7rc4 2023-01-04

Версия 7.7rc3 2022-12-22

What's new in 7.7rc3 (2022-Dec-21 17:12):

Changes in this release:

*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);

Other changes since v7.6:

*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;

Версия 7.7rc3 2022-12-22

Версия 7.7rc2 2022-12-19

What's new in 7.7rc2 (2022-Dec-16 20:23):

Changes in this release:

*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - improved service stability when CNAME points to a FWD entry;
*) hotspot - improved limitation of maximum allowed connections;
*) ipsec - improved IKE payload processing;
*) snmp - improved stability when receiving bogus packets;
*) wifiwave2 - improved compliance with regulatory domain information;

Other changes since v7.6:

*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;

Версия 7.7rc2 2022-12-19

Версия 7.7rc1 2022-12-12

What's new in 7.7rc1 (2022-Dec-08 16:38):

Changes in this release:

*) certificate - improved Let's Encrypt logging and error recovery;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) ike1 - disallow "remote-id" setting for identity;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - properly show leading zeros in MCC and MNC strings;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - fixed assigning of explicit null label for IPv6;
*) ovpn - added support for IPv6 tunneling;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) swos - fixed SwOS configuration changes from RouterOS;
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;

Other changes since v7.6:

*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;

Версия 7.7rc1 2022-12-12

Версия 7.7beta9 2022-12-01

What's new in 7.7beta9 (2022-Nov-30 14:54):

Changes in this release:

*) bgp - added comment functionality for BGP VPN (CLI only);
*) bluetooth - added unique advertise message filtering;
*) bridge - fixed master port conversion;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike2 - fixed rekey notify creation;
*) interface - do not allow adding invalid "veth" interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) lte - added AT channel support for Telit FN990;
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - increased the maximum value of "rate" for ACL rules;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;

Other changes since v7.6:

*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - improved certificate payload parsing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;

Версия 7.7beta9 2022-12-01

Версия 7.7beta8 2022-11-24

What's new in 7.7beta8 (2022-Nov-23 09:19):

Changes in this release:

*) branding - fixed identity setting from branding package;
*) bridge - fixed host moving with fast-path;
*) bridge - removed "age" monitoring property from the host table;
*) container - fixed tar extracting;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike2 - improved certificate payload parsing;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - fixed error handling on opening AT control channel;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i <interface>" parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) sfp - added 2.5G SFP module support for RB5009;
*) ssh - added support for Ed25519 key exchange;
*) ssh - fixed handling of non standard size RSA keys;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - fixed displaying of VRF routes;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;

Other changes since v7.6:

*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;

Версия 7.7beta8 2022-11-24

Версия 7.7beta6 2022-11-07

What's new in 7.7beta6 (2022-Nov-04 15:59):

Changes in this release:

*) bgp - improved BGP session load distribution across multiple CPU cores;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed access to "/dev/stderr" from containers;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ipsec - added hardware acceleration support for IPQ-6010;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) swos - improved default SwOS backup file name;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - improved WEB caching capabilities;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - improved system stability when multiple virtual AP are configured;

Other changes since v7.6:

*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;

Версия 7.7beta6 2022-11-07

Версия 7.7beta4 2022-10-28

What's new in 7.7beta4 (2022-Oct-27 09:00):

Changes in this release:

*) conntrack - improved system stability when PPTP helper is used;
*) hotspot - fixed maximum allowed connections limitation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) ospf - fixed MD5 checksum calculation;
*) sfp - added 2.5G SFP module support for RB5009;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;

Other changes since v7.6:

*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;

Версия 7.7beta4 2022-10-28

Версия 7.7beta3 2022-10-26

What's new in 7.7beta3 (2022-Oct-26 11:31):

Changes in this release:

*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;

Версия 7.7beta3 2022-10-26

Версия 7.6rc3 2022-10-14

What's new in 7.6rc3 (2022-Oct-14 12:44):

Changes in this release:

*) certificate - improved certificate management, signing and storing processes;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;

Other changes since v7.5:

*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;

Версия 7.6rc3 2022-10-14

Версия 7.6rc2 2022-10-12

What's new in 7.6rc2 (2022-Oct-11 17:51):

Changes in this release:

*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) wifiwave2 - fixed enabling of unconfigured interfaces;

Other changes since v7.5:

*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;

Версия 7.6rc2 2022-10-12

Версия 7.6rc1 2022-10-05

What's new in 7.6rc1 (2022-Oct-04 18:54):

Changes in this release:

*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) lte - added support for Neoway N75-EA;
*) snmp - improved stability when receiving bogus packets;
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) winbox - added "Reset Traffic Counters" button for all interfaces;

Other changes since v7.5:

*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;

Версия 7.6rc1 2022-10-05

Версия 7.6beta8 2022-09-23

What's new in 7.6beta8 (2022-Sep-21 09:20):

Important note!!!

Version not recommended on TILE and RB5009 devices if MACsec is used;

Changes in this release:

*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - fixed SHA1 certificate name lookup;
*) dhcpv4-server - fixed matcher functionality;
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) ospf - added SHA hashing for authentication;
*) queue - improved stability for CAKE type queues;
*) snmp - improved retrieval of routing related OID's;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) tile - improved system stability when processing packets;
*) webfig - fixed hex input for "Host Uniq" field;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added MACsec support;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) wireless - disallowed using "default" as scan list or channel names;

Other changes since v7.5:

*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name for MTU debug logging message;
*) lte - added interface name in MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;

Версия 7.6beta8 2022-09-23

Версия 7.6beta7 2022-09-19

What's new in 7.6beta7 (2022-Sep-16 09:27):

*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - allow changing container related parameters while it is running;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) ospf - fixed checksum calculation;
*) ospf - improved logging when invalid configuration is detected;
*) route - fixed disappearance of inactive static routes after upgrade;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) webfig - fixed creation of new IPv6 routes;
*) winbox - changed order of tabs under "User Manager" menu;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;

Other changes since v7.5:

*) container - added "start-on-boot" parameter for automatic container startup;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;

Версия 7.6beta7 2022-09-19

Версия 7.6beta6 2022-09-07

What's new in 7.6beta6 (2022-Sep-07 12:06):

*) container - added "start-on-boot" parameter for automatic container startup;
*) dot1x - fixed incorrect error when using "mac-auth";
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) lte - fixed at-chat on Telit FN980m;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) w60g - improved system stability (introduced in v7.5);
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;

Other changes since v7.5:

*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;

Версия 7.6beta6 2022-09-07

Версия 7.6beta4 2022-09-02

What's new in 7.6beta4 (2022-Sep-01 11:35):

*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;

Версия 7.6beta4 2022-09-02

Версия 7.6beta10 2022-09-30

What's new in 7.6beta10 (2022-Sep-29 20:02):

Important note!!!

Version is not recommended for devices where VXLAN interfaces are already configured.

Changes in this release:

*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - improved certificate management, signing and storing processes;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) qsfp - added interface temperature warnings and shutdown;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) routerboard - return router's short name in "model" parameter;
*) serial - added support for newer PL2303 serial controllers;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added quick filtering option for route list;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;

Other changes since v7.5:

*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added MACsec support;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;

Версия 7.6beta10 2022-09-30

Версия 7.5rc2 2022-08-26

What's new in 7.5rc2 (2022-Aug-25 12:35):

*) container - fixed handling of mounted directories;

Other changes since v7.4.1:

*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;

Версия 7.5rc2 2022-08-26

Версия 7.5rc1 2022-08-23

What's new in 7.5rc1 (2022-Aug-19 13:23):

*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;

Версия 7.5rc1 2022-08-23

Версия 7.5beta8 2022-08-10

What's new in 7.5beta8 (2022-Aug-09 12:36):

*) bridge - fixed "new-priority" value validation for NAT rules;
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - fixed free disk space checking;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) leds - fixed wireless LED functionality on LHGG;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed UDP performance on MMIPS devices;
*) ping - improved service stability;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) ssh - added AES support for PEM decryption;
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;

Other changes since v7.4.1:

*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;

Версия 7.5beta8 2022-08-10

Версия 7.5beta5 2022-08-01

What's new in 7.5beta5 (2022-Jul-28 10:59):

*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;

Other changes since v7.4:

*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;

Версия 7.5beta5 2022-08-01

Версия 7.5beta4 2022-07-26

What's new in 7.5beta4 (2022-Jul-22 12:46):

*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;

Версия 7.5beta4 2022-07-26

Версия 7.5beta11 2022-08-17

What's new in 7.5beta11 (2022-Aug-17 13:14):

*) bgp - improved stability when "default-originate" is configured;
*) console - fixed automatic command completion with <TAB> keypress;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) hotspot - improved stability when receiving bogus packets;
*) interface - fixed default interface naming on RB1100x2;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) webfig - allow to specify NTP server as domain name;
*) winbox - enabled all filters by default under "Tools/Torch" menu;

Other changes since v7.4.1:

*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;

Версия 7.5beta11 2022-08-17

Версия 7.4rc2 2022-07-08

What's new in 7.4rc2 (2022-Jul-07 15:29):

*) chr - fixed booting with added additional SCSI disk;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) mpls - improved stability with enabled loop-detect;
*) netwatch - added support for more advanced probing;
*) routerboard - do not try exporting WPS button configuration on devices that does not have it (introduced in v7.4beta5);
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;

Версия 7.4rc2 2022-07-08

Версия 7.4rc1 2022-07-05

What's new in 7.4rc1 (2022-Jul-04 11:18):

*) certificate - fixed new CRL updating;
*) mqtt - fixed log flooding with disconnect messages;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) radius - added VRF support for RADIUS client;
*) route - expose all valid routes to route select filter from BGP;
*) route - fixed log messages when changing routing configuration;
*) rpki - fix potential memory leak;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) vpls - improved system stability with enabled connection tracking;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - improved WPA3 support stability;
*) winbox - added "VRF" parameter under "Tools/E-mail" menu;

Версия 7.4rc1 2022-07-05

Версия 7.4beta5 2022-06-27

What's new in 7.4beta5 (2022-Jun-27 10:39):

*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) lte - validate LTE attached IP type in MBIM mode;
*) netwatch - added support for more advanced probing;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route-filter - fixed route select filter rules;
*) upgrade - ignore same version packages during upgrade procedure;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "Routing/GMP" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;

Версия 7.4beta5 2022-06-27

Версия 7.4beta4 2022-06-16

What's new in 7.4beta4 (2022-Jun-15 14:04):

*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dot1x - fixed "undo" command for server instances;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) route - changed "mode" setting to "exclude" for group management protocol (CLI only);
*) route - made export run faster on tables with a large number of dynamic routes;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - made "do-jump" work in select rules;
*) ssh - fixed host key generation (introduced in v7.3);
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) w60g - improved interface initialization after being inactive for a while;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - fixed filename dropdown value filtering;
*) x86 - fixed Broadcom NIC support;

Версия 7.4beta4 2022-06-16

Версия 7.4beta2 2022-06-07

What's new in 7.4beta2 (2022-Jun-07 12:08)

*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) cloud - print critical log message when system clock gets synchronised;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) dns - convert the domain name to lowercase before matching regex;
*) e-mail - added VRF support (CLI only);
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules (CLI only);
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialisation stage;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu, CLI only)
*) route - fixed false route type detection as blackhole;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - fixed regexp community matcher;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) vxlan - allow to specify MAC address manually;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;

Версия 7.4beta2 2022-06-07

Версия 7.3rc2 2022-06-03

What's new in 7.3rc2 (2022-Jun-02 15:26):

*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) l2tp - fixed L2TP session handling from iOS clients (introduced in v7.3beta40);
*) ssh - fixed corrupt host key automatic regeneration;

Версия 7.3rc2 2022-06-03

Версия 7.3rc1 2022-05-31

What's new in 7.3rc1 (2022-May-27 11:50):

*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) capsman - fixed bridge disabling when using L2 connection;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) chr - fixed Cloud DDNS update after license renewal;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) lhgg - improved system stability (introduced in v7.2);
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) mpls - made LDP bindings work on PPP interfaces;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support;
*) ssh - fixed private key usage after downgrade;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) ww2 - general stability and throughput improvements;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);

Версия 7.3rc1 2022-05-31

Версия 7.3beta40 2022-05-13

What's new in 7.3beta40 (2022-May-11 12:18):

!) queue - do not allow using CAKE type in simple and tree setups (already configured queues will be disabled);
*) bgp - added "name" parameter for connections;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - improved traffic processing over CAP communication tunnels:
*) chr - fixed Cloud DDNS update after license renewal;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server system stability during authentication;
*) ipsec - fixed printing of active peer statistics;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) lte - added SMS sending support for MBIM protocol;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) mpls - improved LDP AF selection process and behavior;
*) ntp - do not allow setting port number in "server" parameter;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - improved server stability under continous overload;
*) ovpn - reply with the same IP address that the connection was established to;
*) ppp - added support for VRF;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed IPv6 /127 route nexthop resolution;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) sfp - fixed link flap for QSFP+ and QSFP28 ports connected with a breakout cable, in cases where the base interface changes "running" state (introduced in v7.3beta33);
*) sfp - hide empty monitor values in console;
*) snmp - added VRF support (CLI only);
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - removed DSA public key authentication support;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - fixed "switch-cpu" port stats for 98DXxxxx and 98PX1012 switches (introduced in v7.3beta37);
*) switch - fixed missing stats in traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed Kernel timer consistency;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;

Версия 7.3beta40 2022-05-13

Версия 7.3beta37 2022-04-26

What's new in 7.3beta37 (2022-Apr-25 15:29):

*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) dot1x - improved server stability when using re-authentication;
*) fetch - improved full disk detection;
*) gps - fixed minor value unit typo;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) led - fixed QSFP+, QSFP28 activity LEDs when using 40Gbps modules (introduced in v7.3beta33);
*) lte - disabled wait for LTE auto attach;
*) mpls - fixed MPLS MTU and path MTU selection;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.3beta34);
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;

Версия 7.3beta37 2022-04-26

Версия 7.3beta34 2022-04-20

What's new in 7.3beta34 (2022-Apr-20 08:23):

*) bgp - improved stability when editing BGP template;
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed minor logging typo;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) lte - disabled extended signal info query for Telit LN940 module;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed active sessions sometimes getting stuck;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) ssh - fail non-interactive client after first invalid password;
*) supout - added IGMP-Proxy section;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - show correct file system type under "System/Disks" menu;

Версия 7.3beta34 2022-04-20

Версия 7.3beta33 2022-04-13

What's new in 7.3beta33 (2022-Apr-11 14:09):

*) bgp - added initial support for prefix limit;
*) bonding - added "lacp-user-key" setting;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) gps - added GPS package support for Chateau devices;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added MCS, CQI and RI value reporting for Fibocom FG621;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) port - do not loose "parity" setting;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) system - fixed IP service initialization in VRF after system startup;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;

Версия 7.3beta33 2022-04-13

Версия 7.2rc7 2022-03-31

What's new in 7.2rc7 (2022-Mar-30 15:21):

*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;

Версия 7.2rc7 2022-03-31

What's new in 7.2rc7 (2022-Mar-30 15:21):

*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;

Версия 7.2rc7 2022-03-31

What's new in 7.2rc7 (2022-Mar-30 15:21):

*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;

Версия 7.2rc6 2022-03-30

What's new in 7.2rc6 (2022-Mar-30 10:56):

*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) dude - fixed The Dude compatibility with ARM64;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - improved stability when modem disappears during firmware upgrade;
*) ntp - improved source address usage for reply packets;
*) ospf - properly set VRF for gateway;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) x86 - fixed VLAN tagged packet transmit;

Версия 7.2rc6 2022-03-30

Версия 7.2rc5 2022-03-23

What's new in 7.2rc5 (2022-Mar-23 12:04):

*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) dhcpv6 - added VRF support;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) log - added warning message when connection tracking table is full;
*) lte - add IPv6 address on interface as well;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - send notifies for neighbors;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP route removal;
*) route - general stability improvements;
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smips - improved RAM allocation;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) www - fixed "tls-version" for SSL;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) zerotier - fixed IPv6 support;

Версия 7.2rc5 2022-03-23

Версия 7.2rc4 2022-02-23

What's new in 7.2rc4 (2022-Feb-22 13:37):

*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed IP address on untagged bridge interface when vlan-filtering is enabled (introduced in v7.2rc2);
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) console - fixed terminal repainting on F5 and CTRL+L key press (introduced in v7.2rc2);
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route-filters - renamed "*-set" to "*-list";
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) ups - fixed UPS support;
*) vxlan - fixed "group" and "interface" setting reset after upgrade (introduced in v7.2rc2);
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wifiwave2 - added "client-isolation" feature;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - improved nv2 link stability;

Версия 7.2rc4 2022-02-23

Версия 7.2rc3 2022-01-28

What's new in 7.2rc3 (2022-Jan-28 16:33):

*) bridge - fixed filter and NAT "set-priority" action;
*) queue - fixed traffic processing (introduced in v7.2rc2);

Версия 7.2rc3 2022-01-28

What's new in 7.2rc3 (2022-Jan-28 16:33):

*) bridge - fixed filter and NAT "set-priority" action;
*) queue - fixed traffic processing (introduced in v7.2rc2);

Версия 7.2rc3 2022-01-28

What's new in 7.2rc3 (2022-Jan-28 16:33):

*) bridge - fixed filter and NAT "set-priority" action;
*) queue - fixed traffic processing (introduced in v7.2rc2);

Версия 7.2rc2 2022-01-28

What's new in 7.2rc2 (2022-Jan-28 11:00):

*) arm - fixed "shutdown" command on hAP ac^2;
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) capsman - improved stability when running background scan on CAP;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - improved console responsiveness when processing received characters;
*) console - updated copyright notice;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed optical SFP+ linking (introduced in v7.2rc1);
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved SFP+/QSFP+ link stability for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v7.2rc1);
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) firewall - improved system stability when using address lists (introduced in v7.2rc1);
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed user LED on RB750Gr3;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - improved logging;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ovpn - improved UDP session handling;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) smb - fixed SMB2.0 disk size reporting;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) wireless - improved wireless connection stability during background scans;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - made MAC and MTU values read-only;

Версия 7.2rc2 2022-01-28

Версия 7.2rc1 2021-12-21

What's new in 7.2rc1 (2021-Dec-17 21:54):

*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - do not export default BGP values;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - fixed "print" command with additional "where" condition;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) ipsec - added hardware acceleration support for CCR2116;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) poe - update PoE firmware only on devices that support it;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) queue - improved system stability when processing traffic;
*) route - fixed "min-prefix" configuration when set to 0;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for wireless client uptime reporting;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) zerotier - properly handle IP address change;

Версия 7.2rc1 2021-12-21

Версия 7.12beta9 2023-09-26

What's new in 7.12beta9 (2023-Sep-25 15:19):

Changes in this release:

!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) health - removed "temperature" health entry from boards, where it was the same as "sfp-temperature";
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) bfd - improved system stability;
*) bgp - fixed "input.filter-chain" argument selection in VPN configuration;
*) bgp - improved logging;
*) bluetooth - added basic support for connecting to BLE peripheral devices;
*) console - export required properties with default values;
*) console - improved system stability;
*) console - restrict permissions to "read,write,reboot,ftp,romon,test" for scripts executed by DHCP, Hotspot, PPP and Traffic-Monitor services;
*) l3hw - fixed IPv6 route suppression;
*) led - fixed "interface-status" configuration for virtual interfaces;
*) lora - added LNS protocol support;
*) lte - changed R11e-LTE ARP behavior to NoArp;
*) lte - fixed sub-interface auto-removal in multiple APN setups;
*) lte - show correct data class when connected to 5G SA network;
*) mqtt - added on-message feature for subscribed topics;
*) mqtt - added parallel-scripts-limit parameter to set maximum allowed number of scripts executed at the same time;
*) mqtt - added wildcard topic subscription support;
*) netinstall - added option to discard branding package;
*) netinstall - display package filename in GUI Descption column if package description is not specified;
*) netinstall-cli - added option to discard branding package;
*) netinstall-cli - allow ".rsc" script filenames;
*) poe-out - driver optimization for AF/AT controlled boards;
*) poe-out - fixed rare CRS328 poe-out menu and poe-out port config loss after reboot;
*) route - added "single-process" configuration setting, enabled by default on devices with 64MB or less RAM memory (CLI only);
*) route - added "suppress-hw-offload" setting for IPv6 routes;
*) route - reverse community "delete" and "filter" command behavior;
*) routerboard - added "reset-button" support for RB800, RB1100 and RB1100AHx2 devices;
*) sfp - fixed 25Gbps link with FEC91 (introduced in v7.12beta7);
*) snmp - changed "mtxrGaugeValue" type to integer;
*) switch - fixed packet forwarding between Ethernet ports for CRS354 switches (introduced in v7.12beta7);
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) wifiwave2 - correctly add interface to specified "datapath.interface-list";
*) wifiwave2 - fixed re-connection failures for 802.11ax interfaces in station mode;
*) wifiwave2 - limit L2MTU to 1560 until a fix is available for a bug causing interfaces to fail transmitting larger frames than that;
*) wifiwave2 - log more information regarding authentication failures;
*) winbox - added "Host Key Type" setting under "IP/SSH" menu;
*) winbox - added "Key Owner" setting under "System/User/SSH Keys" and "System/User/SSH Private Keys" menus;
*) winbox - added "Remote Min Tx" parameter under "Routing/BFD/Session" menu;
*) winbox - added "Startup Delay" setting under "Tools/Netwatch" menu;
*) winbox - added "Use BFD" setting under "Routing/RIP/Interface-Template" menu;
*) winbox - added MQTT subscription menu;
*) winbox - allow to specify server as DNS name under "Tools/Email" menu;
*) winbox - rename "DSCP" setting to "DSCP (+ECN)" under "Tools/Traffic-Generator/Packet-Templates" menu;
*) winbox - rename "Name" setting to "List" under "IP,IPv6/Firewall/Address-List" menu;
*) winbox - rename "Password" button to "Change Now" under "System/Password" menu;
*) wireguard - added "auto" parameter for "private-key" and "presharde-key" parameters;
*) wireguard - request public or private key to be specified in order to create peer;
*) x86 - igb updated driver to 5.14.16 version;
*) x86 - igbvf updated driver from in-tree Linux kernel;
*) x86 - updated latest available pci.ids;

Other changes since v7.11:

*) api - fixed fetching objects with warning option from REST API;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - fixed typos and missing spaces in log messages;
*) bgp - implemented IGP metric sending in BGP messages;
*) bgp - increase "hold-time" limit to 65000;
*) bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - allow to remove issued certificates when CRL is not used;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - fixed certificate auto renewal via SCEP;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - iavf updated driver to 4.9.1 version;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved multi-argument property parsing into array;
*) console - improved randomness for ":rndstr" and ":rndnum" commands;
*) console - improved stability and responsiveness;
*) console - improved stability when editing long scripts;
*) console - improved stability when using "special-login";
*) console - improved system stability through RoMON session;
*) console - improved system stability when using autocomplete;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.12beta3);
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) ike2 - improved rekey collision handling;
*) interface - added "macvlan" interface support;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) ipsec - fixed Diffie-Hellman public value encoding size;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipsec - fixed minor typo in logs;
*) ipsec - reduce disk writes when started without active configuration;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) l3hw - improved system stability during IPv6 route offloading;
*) leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
*) leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
*) log - improved logging for user actions;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed 5G data-class reporting for Chateau 5G;
*) lte - fixed APN authentification in multi APN setup for R11e-LTE6;
*) lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
*) lte - fixed RSSI for FG621-EA modem to show the correct value;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed Sierra modem initialization;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) mpls - improved FastPath next-hop selection hash algorithm;
*) netinstall-cli - added empty configuration option "-e";
*) netinstall-cli - prioritise interface option over address option;
*) netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) qsfp - added 50Gbps rate support for QSFP28 interfaces;
*) qsfp - fixed sub-interface EEPROM monitor data output (introduced in v7.12beta3);
*) qsfp - improved auto link detection for 100G CWDM4 modules and AOC cables (introduced in v7.12beta3);
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP (CLI only);
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - added station-bridge interface mode (CLI only);
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts (CLI only);
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireless - added more "radius-mac-format" options (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;

Версия 7.12beta7 2023-09-13

What's new in 7.12beta7 (2023-Sep-13 09:58):

Changes in this release:

!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) api - fixed fetching objects with warning option from REST API;
*) bgp - implemented IGP metric sending in BGP messages;
*) bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
*) certificate - allow to remove issued certificates when CRL is not used;
*) certificate - fixed certificate auto renewal via SCEP;
*) chr - iavf updated driver to 4.9.1 version;
*) console - improved randomness for ":rndstr" and ":rndnum" commands;
*) console - improved stability when using "special-login";
*) console - improved system stability through RoMON session;
*) console - improved system stability when using autocomplete;
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.12beta3);
*) ike2 - improved rekey collision handling;
*) ipsec - fixed Diffie-Hellman public value encoding size;
*) ipsec - fixed minor typo in logs;
*) ipsec - reduce disk writes when started without active configuration;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) l3hw - improved system stability during IPv6 route offloading;
*) leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
*) leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
*) log - improved logging for user actions;
*) lte - fixed 5G data-class reporting for Chateau 5G;
*) lte - fixed APN authentification in multi APN setup for R11e-LTE6;
*) lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
*) lte - fixed RSSI for FG621-EA modem to show the correct value;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) mpls - improved FastPath next-hop selection hash algorithm;
*) netinstall-cli - added empty configuration option "-e";
*) netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) qsfp - added 50Gbps rate support for QSFP28 interfaces;
*) qsfp - fixed sub-interface EEPROM monitor data output (introduced in v7.12beta3);
*) qsfp - improved auto link detection for 100G CWDM4 modules and AOC cables (introduced in v7.12beta3);
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) routerboard - added "reset-button" support for RB800 and RB1100 devices;
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP (CLI only);
*) wifiwave2 - added station-bridge interface mode (CLI only);
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts (CLI only);
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireguard - generate Wireguard peer keys and preshared-key automatically, if value is specified but is not base64 string;
*) wireguard - removed "wg-add-client" configuration wizard (introduced in v7.12beta3);
*) wireless - added more "radius-mac-format" options (CLI only);
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;

Other changes since v7.11:

*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - fixed typos and missing spaces in log messages;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved multi-argument property parsing into array;
*) console - improved stability and responsiveness;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) interface - added "macvlan" interface support;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;

Версия 7.12beta7 2023-09-13

Версия 7.12beta3 2023-08-24

What's new in 7.12beta3 (2023-Aug-24 12:15):

Changes in this release:

!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved multi-argument property parsing into array;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) interface - added "macvlan" interface support;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) log - improved logging for user actions;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;

Other changes since v7.11:

*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;

Версия 7.12beta3 2023-08-24

Версия 7.12beta1 2023-08-17

What's new in 7.12beta1 (2023-Aug-15 16:14):

*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using IPv6 queues;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;

Версия 7.12beta1 2023-08-17

Версия 7.11rc4 2023-08-14

What's new in 7.11rc4 (2023-Aug-11 12:57):

Changes in this release:

*) bth - removed from 7.11 for "stable" release, the development will continue in "beta" 7.12;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);

Other changes since v7.10:

*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;

Версия 7.11rc4 2023-08-14

Версия 7.11rc3 2023-08-10

What's new in 7.11rc3 (2023-Aug-09 17:41):

Changes in this release:

*) certificate - improved CRL download retry handling;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) sms - increased wait time for modem startup;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;

Other changes since v7.10:

*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;

Версия 7.11rc3 2023-08-10

Версия 7.11rc2 2023-08-04

What's new in 7.11rc2 (2023-Aug-03 10:50):

Changes in this release:

*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) console - improved stability when canceling console actions;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) wireguard - fixed peer IPv6 "allowed-address" usage;

Other changes since v7.10:

*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved VPLS "cisco-id" argument validation;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed IP address in container host file;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;

Версия 7.11rc2 2023-08-04

Версия 7.11rc1 2023-07-31

What's new in 7.11rc1 (2023-Jul-28 09:52):

Changes in this release:

*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) container - fixed IP address in container host file;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) ike2 - improved SA rekeying reply process;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;

Other changes since v7.10:

*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;

Версия 7.11rc1 2023-07-31

Версия 7.11beta7 2023-07-25

What's new in 7.11beta7 (2023-Jul-24 14:45):

Changes in this release:

*) certificate - allow to import certificate with DNS name constraint;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) ike2 - log "reply ignored" as non-debug log message;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) ssh - fixed private key import (introduced in v7.9);
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) webfig - fixed gray-out italic font for entries after enable;

Other changes since v7.10:

*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;

Версия 7.11beta7 2023-07-25

Версия 7.11beta6 2023-07-19

What's new in 7.11beta6 (2023-Jul-18 14:06):

Changes in this release:

*) bfd - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - removed request for "passphrase" property on import;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) ssh - fixed host public key export (introduced in v7.9);
*) tftp - improved file name matching;

Other changes since v7.10:

*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;

Версия 7.11beta6 2023-07-19

Версия 7.11beta5 2023-07-17

What's new in 7.11beta5 (2023-Jul-17 10:07):

Changes in this release:

*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bth - added "Back To Home" VPN service for 802.11ax devices with wifiwave2 package;
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - improved stability when using fullscreen editor;
*) container - added IPv6 support for VETH interface;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) resource - fixed erroneous CPU usage values;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);

Other changes since v7.10:

*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;

Версия 7.11beta5 2023-07-17

Версия 7.11beta4 2023-07-06

What's new in 7.11beta4 (2023-Jul-05 13:33):

Changes in this release:

*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - improved stability and responsiveness;
*) container - fixed duplicate image name;
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) package - treat disabled packages as enabled during upgrade;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;

Other changes since v7.10:

*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;

Версия 7.11beta4 2023-07-06

Версия 7.11beta2 2023-06-22

What's new in 7.11beta2 (2023-Jun-21 14:39):

*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;

Версия 7.11beta2 2023-06-22

Версия 7.10rc6 2023-06-14

What's new in 7.10rc6 (2023-Jun-13 10:52):

Changes in this release:

!) route - added BFD;
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);

Other changes since v7.9:

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;

Версия 7.10rc6 2023-06-14

Версия 7.10rc5 2023-06-09

What's new in 7.10rc5 (2023-Jun-08 14:48):

Changes in this release:

*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);

Other changes since v7.9:

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;

Версия 7.10rc5 2023-06-09

Версия 7.10rc4 2023-06-07

What's new in 7.10rc4 (2023-Jun-06 11:34):

Changes in this release:

*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);

Other changes since v7.9:

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;

Версия 7.10rc4 2023-06-07

Версия 7.10rc3 2023-06-02

What's new in 7.10rc3 (2023-Jun-02 09:43):

Changes in this release:

!) route - added BFD;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) winbox - added "MPLS/Settings" menu;

Other changes since v7.9:

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;

Версия 7.10rc3 2023-06-02

Версия 7.10rc1 2023-05-26

What's new in 7.10rc1 (2023-May-25 16:01):

Changes in this release:

!) route - added BFD (CLI only);
*) console - improved stability when using command completion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved performance of partial offloading;
*) mpls - added FastPath support;
*) system - reduced RAM usage for SMIPS devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;

Other changes since v7.9:

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;

Версия 7.10rc1 2023-05-26

Версия 7.10beta8 2023-05-23

What's new in 7.10beta8 (2023-May-22 18:52):

Changes in this release:

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD (CLI only);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - fixed "print without-paging" output in some cases;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sniffer - fixed large .pcap file limit;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;

Other changes since v7.9:

*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;

Версия 7.10beta8 2023-05-23

Версия 7.10beta5 2023-05-10

What's new in 7.10beta5 (2023-May-09 13:38):

*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;

Версия 7.10beta5 2023-05-10

Версия 6.49rc2 2021-09-29

What's new in 6.49rc2 (2021-Sep-28 10:17):

Changes in this release:

*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) sfp - added "sfp-rate-select" setting;
*) supout - added controller bridge section;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - minimal required version is v3.30;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;

Other changes since v6.48.4:

*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;

Версия 6.49rc2 2021-09-29

Версия 6.49rc1 2021-09-24

What's new in 6.49rc1 (2021-Sep-23 12:32):

Changes in this release:

*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - fixed "PULL_DATA" token generation;
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) qsfp - improved system stability when setting unsupported link rates;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - log client signal strength on disconnect;
*) wireless - updated "israel" regulatory domain information;

Other changes since v6.48.4:

*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lora - added channel plan "il-917" for Israel;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;

Версия 6.49rc1 2021-09-24

Версия 6.49beta54 2021-07-05

What's new in 6.49beta54 (2021-Jul-05 06:48):

Changes in this release:

*) bridge - fixed external flag in the host table for wireless clients;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - fixed default configuration loading on LHG R;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added channel plan "il-917" for Israel;
*) lte - added support for Sharp 809SH;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) sfp - improved 25Gbps optical module stability and linking;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;

Other changes since v6.48.3:

*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dns - fixed CNAME query when target record is not in cache;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;

Версия 6.49beta54 2021-07-05

Версия 6.49beta46 2021-05-19

What's new in 6.49beta46 (2021-May-18 07:56):

Changes in this release:

!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) dns - fixed CNAME query when target record is not in cache;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;

Other changes since v6.48.2:

*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;

Версия 6.49beta46 2021-05-19

Версия 6.49beta44 2021-05-12

What's new in 6.49beta44 (2021-May-12 07:47):

Changes in this release:

*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;

Other changes since v6.48.2:

*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;

Версия 6.49beta44 2021-05-12

Версия 6.49beta38 2021-04-23

What's new in 6.49beta38 (2021-Apr-23 10:31):

Changes in this release:

*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);

Other changes since v6.48.2:

*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;

Версия 6.49beta38 2021-04-23

Версия 6.49beta36 2021-04-23

What's new in 6.49beta36 (2021-Apr-23 05:56):

Changes in this release:

*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) w60g - improved stability in low temperature environments;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;

Other changes since v6.48.2:

*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;

Версия 6.49beta36 2021-04-23

Версия 6.49beta27 2021-03-15

What's new in 6.49beta27 (2021-Mar-12 14:22):

Changes in this release:

*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) upgrade - fixed upgrade procedure on 16MB devices (introduced in v6.49beta22);
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;

Other changes since v6.48.1:

*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;

Версия 6.49beta27 2021-03-15

Версия 6.49beta22 2021-03-08

What's new in 6.49beta22 (2021-Mar-08 09:07):

Changes in this release:

*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;

Other changes since v6.48.1:

*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";

Версия 6.49beta22 2021-03-08

Версия 6.49beta11 2021-02-03

What's new in 6.49beta11 (2021-Feb-3 08:42):

*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) package - do not include multiple The Dude packages in HDD installer;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";

Версия 6.49beta11 2021-02-03

Версия 6.48rc1 2020-12-15

What's new in 6.48rc1 (2020-Dec-11 12:38):

Changes in this release:

*) arm - improved system stability;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface (CLI only);
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) capsman - fixed authentication when using CAPsMAN forwarding (introduced in v6.48beta48);
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed "tag-stacking" for CRS305, CRS318, CRS326-24G-2S+ and CRS328 devices (introduced in v6.48beta58);
*) crs3xx - fixed bridge "port-extender" for CRS318 devices;
*) crs3xx - fixed ingress rate policer for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.48beta35);
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) ethernet - fixed IP connectivity on SFP/SFP+ interfaces for CCR2004-1G-12S+2XS device (introduced in v6.48beta58);
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) profile - added "lcd" process classificator;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;

Other changes since v6.47.8:

*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bonding - added LACP monitoring;
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package version parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "no_country_set" regulatory domain information;

Версия 6.48rc1 2020-12-15

Версия 6.48beta58 2020-11-24

What's new in 6.48beta58 (2020-Nov-24 08:31):

Changes in this release:

*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) bonding - added LACP monitoring;
*) branding - fixed imported skin presence;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) certificate - fixed CRL URL length limit;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - improved stability with large table of static records;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - fixed "html-directory" parameter export;
*) ike2 - improved EAP message integrity checking;
*) interface - fixed pwr-line running state (introduced in v6.45);
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed directory entry reporting;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added branding package version parameter;
*) upgrade - do not try installing packages if download was not completed;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - increased "group-key-update" maximum value to 1 day;

Other changes since v6.47.7:

*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed private key verification for CA certificate during signing process;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) m33g - added support for "/system gpio" menu (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;

Версия 6.48beta58 2020-11-24

Версия 6.48beta48 2020-10-15

What's new in 6.48beta48 (2020-Oct-14 10:26):

Important note!!!

Using this version on CRS354-48G-4S+2Q+RM or CRS354-48P-4S+2Q+RM will cause booting issues and device may need to be reinstalled.

Changes in this release:

*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) cap - fixed L2MTU path discovery;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - fixed private key verification for CA certificate during signing process;
*) cloud - improved backup generation process;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) fetch - improved SSL handshake processing;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - fixed "band" value reporting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) m33g - added support for "/system gpio" menu (CLI only);
*) mpls - fixed duplicate "LabelRelease" message sending;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - fixed RouterOS downgrade procedure;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "no_country_set" regulatory domain information;

Other changes since v6.47.4:

*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) user-manager - do not allow creating limitation that crosses midnight;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;

Версия 6.48beta48 2020-10-15

Версия 6.48beta40 2020-09-15

What's new in 6.48beta40 (2020-Sep-14 13:34):

*) arm64 - improved reboot reason reporting in log;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) leds - fixed LED type setting;
*) smb - fixed possible memory leak;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) snmp - fixed value types for "dot1qPvid";
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - improved WPS process stability;

Other changes since v6.47.3:

*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - fixed value types for "dot1dStp";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;

Версия 6.48beta40 2020-09-15

Версия 6.48beta35 2020-09-02

What's new in 6.48beta35 (2020-Sep-02 07:50):

*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - increased multicast table size to 4K entries;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - improved management service stability when receiving bogus packets;
*) ike2 - fixed local side NAT detection;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) lte - added support for Alcatel IK41VE1;
*) snmp - fixed value types for "dot1dStp";
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) wireless - allow setting "tx-power" up to 40;

Other changes since v6.47.2:

*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;

Версия 6.48beta35 2020-09-02

Версия 6.48beta27 2020-08-19

What's new in 6.48beta27 (2020-Aug-18 06:20):

Changes in this release:

*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - fixed host table update on SNMP query;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use "static" interface list by default instead of "!dynamic";
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) interface - added new builtin "static" interface list;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - expose "joinEui" un "devEui" values in the log;
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - added "comment" parameter for APN profiles;
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) ssh - skip interactive authentication when not running in interactive mode;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;

Other changes since v6.47.1:

*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) dhcpv6-server - added ability to generate binding on first request;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";

Версия 6.48beta27 2020-08-19

Версия 6.48beta12 2020-07-07

What's new in 6.48beta12 (2020-Jul-06 13:33):

*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed HotSpot "address-per-mac" parameter export;
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) filesystem - improved long-term filesystem stability and data integrity;
*) ftp - fixed possible buffer overflow;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - improved child SA rekeying process;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - hide irrelevant switch port parameters;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;

Версия 6.48beta12 2020-07-07

Версия 6.47rc2 2020-05-26

What's new in 6.47rc2 (2020-May-25 12:30):

Important note!!!

- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.

MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------

Changes in this release:

*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - fixed ALB and TLB bonding modes after interface disable/enable (introduced in v6.47beta19);
*) bonding - fixed packet receiving on bonding slave ports (introduced in v6.47beta19);
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) chr - added support for hardware watchdog on ESXI;
*) crs3xx - fixed tagged VLAN packet receiving on Ethernet interfaces for CRS354 devices (introduced in v6.47beta49);
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - place dynamically created IPsec policies at the begining of the table;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - improved general system stability when LCD is not present;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - fixed logging topic for MAC address learning on a different bridge port events;
*) log - made startup script failures log as critical errors;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - improved stability during firmware upgrade;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) poe - fixed missing PoE out settings on CRS354-48P-4S+2Q (introduced in v6.47beta49);
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sfp28 - fixed interface linking after power cycle on CCR2004-1G-12S+2XS (introduced in v6.47beta49);
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) ups - added battery info for APC SmartUPS 2200;
*) webfig - fixed 5GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless sniffer parameter setting;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - updated "egypt" regulatory domain information;

Other changes since v6.46.6:

*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade process;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);

Версия 6.47rc2 2020-05-26

Версия 6.47beta8 2019-12-10

What's new in 6.47beta8 (2019-Dec-10 10:33):

Changes in this release:

*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) health - improved health reporting on CCR1072-1G-8S+;
*) ipsec - improved system stability when processing decrypted packet on unregistred interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show SIM error when no card is present;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) snmp - improved stability when polling MAC address related OID;
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;

Версия 6.47beta8 2019-12-10

Версия 6.47beta60 2020-05-19

What's new in 6.47beta60 (2020-Apr-24 07:38):

Important note!!!

- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.

MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------

Changes in this release:

!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - improved branding package installation process when another branding package is already installed;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) email - added support for multiple "to" recipients (CLI only);
*) graphing - improved graphing service stability when receiving bogus packets;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - improved stability during firmware upgrade process;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) ssh - improved SSH service stability when receiving bogus packets;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) user - improved user management service stability when receiving bogus packets;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "south africa" regulatory domain information;

Other changes since v6.46.5:

*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);

Версия 6.47beta60 2020-05-19

Версия 6.47beta54 2020-04-06

What's new in 6.47beta54 (2020-Apr-06 06:32):

Important note!!!

- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.

MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------

Changes in this release:

*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;

Other changes since v6.46.4:

*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);

Версия 6.47beta54 2020-04-06

Версия 6.47beta53 2020-05-14

What's new in 6.47beta53 (2020-Apr-03 09:39):

Important note!!!

- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.

MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------

Changes in this release:

!) socks - added support for SOCKS5 (RFC 1928);
*) branding - do not ask to confirm configuration applied from branding package;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) dhcpv4-server - disallow zero lease-time setting;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lte - added support for Huawei K5161 modem;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) snmp - fixed multiple LTE interface OID reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;

Other changes since v6.46.4:

*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);

Версия 6.47beta53 2020-05-14

Версия 6.47beta49 2020-03-20

What's new in 6.47beta49 (2020-Mar-20 07:08):

Important note!!!

- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.

MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------

Changes in this release:

!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - made "mac-address" parameter read-only;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "gps" section to supout files;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traffic-generator - improved statistics reporting;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;

Other changes since v6.46.4:

!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);

Версия 6.47beta49 2020-03-20

Версия 6.47beta35 2020-02-18

What's new in 6.47beta35 (2020-Feb-17 13:56):

Important note!!!

- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.

MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------

Changes in this release:

!) socks - added support for SOCKS5 (RFC 1928);
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) supout - improved PoE-out information reporting;
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) webfig - updated icon design;
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;

Other changes since v6.46.3:

*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - do not allow using empty APN Profile names;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - show "phy-cellid" value only in LTE mode;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);

Версия 6.47beta35 2020-02-18

Версия 6.47beta32 2020-02-10

What's new in 6.47beta32 (2020-Feb-10 11:45):

Important note!!!

- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.

MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------

Changes in this release:

*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) disk - improved recently created file survival after reboots;
*) dns - use only servers received from IKEv2 server when present;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow using empty APN Profile names;
*) lte - show "phy-cellid" value only in LTE mode;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) supout - improved UPS information reporting;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);

Other changes since v6.46.3:

!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) traceroute - improved stability when invalid packet is received;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";

Версия 6.47beta32 2020-02-10

Версия 6.47beta19 2020-01-13

What's new in 6.47beta19 (2020-Jan-09 08:08):

MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------

Changes in this release:

!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) health - added "gauges" submenu with SNMP OID reporting;
*) lora - added "ru-864-mid" channel plan;
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lora - improved immediate packet delivery;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - report only valid info parameters on R11e-LTE6;
*) lte - use APN from network when blank APN used on R11e-4G;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";

Other changes since v6.46.1:

*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved stability when polling MAC address related OID;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;

Версия 6.47beta19 2020-01-13

Версия 6.46rc1 2019-11-27

What's new in 6.46rc1 (2019-Nov-26 13:19):

MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------

Changes in this release:

!) ptp - disabled support for IEEE 1588 Precision Clock Synchronization Protocol until further notice;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) certificate - added progress bar when creating certificate request;
*) certificate - allow specifying "name" parameter for import (CLI only);
*) crs3xx - improved system stability when initializing SFP modules;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) ipsec - fixed IPsec policy checking on RB4011 (introduced in v6.46beta68);
*) switch - added "comment" property for switch vlan menu (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) winbox - added enable/disable and comment buttons for "IP->SNMP->Communities" menu;
*) winbox - fixed field validation with negative integers (introduced in v6.46beta);
*) wireless - added "ETSI" regulatory domain information;

Other changes since v6.45.7:

*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;

Версия 6.46rc1 2019-11-27

Версия 6.46beta9 2019-07-11

What's new in 6.46beta9 (2019-Jul-11 09:04):

Changes in this release:

*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ppp - disable DTR send when using at-chat;
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) winbox - properly show timestamp in file "Creation Time" field;

Other changes since v6.45.1:

*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);

Версия 6.46beta9 2019-07-11

Версия 6.46beta68 2019-11-25

What's new in 6.46beta68 (2019-Nov-21 09:13):

MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------

Changes in this release:

!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - store automatically created backup file in "flash" directory;
*) capsman - improved radar detection algorithm;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - added support for D402 modem;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) route - fixed area range summary route installation in VRF;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) ups - improved compatibility with APC UPS's;
*) winbox - fixed "CAPs Scanner" stopping;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;

Other changes since v6.45.7:

*) backup - fixed automatic backup file generation when configuration reset by button;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) ccr - improved general system stability;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;

Версия 6.46beta68 2019-11-25

Версия 6.46beta6 2019-07-04

What's new in 6.46beta6 (2019-Jul-04 11:53):

Changes in this release:

*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);

Версия 6.46beta6 2019-07-04

Версия 6.46beta59 2019-10-25

What's new in 6.46beta59 (2019-Oct-25 07:44):

MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------

Changes in this release:

!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - fixed automatic backup file generation when configuration reset by button;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) ccr - improved general system stability;
*) crs3xx - improved interface initialization;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcvp6-client - fixed timeout when doing rebind;
*) ethernet - do not enable interface after reboot that is already disabled;
*) export - fixed "bootp-support" parameter export;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) wireless - added "canada2" regulatory domain information;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;

Other changes since v6.45.6:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) led - fixed default LED configuration for RBLHG5nD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;

Версия 6.46beta59 2019-10-25

Версия 6.46beta55 2019-10-15

What's new in 6.46beta55 (2019-Oct-15 06:08):

MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
----------------------

Changes in this release:

!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - added support for LM960A18;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) upgrade - improved auto package updating using "check-for-updates";
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) wireless - updated "united-states" regulatory domain information;

Other changes since v6.45.6:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;

Версия 6.46beta55 2019-10-15

Версия 6.46beta44 2019-09-19

What's new in 6.46beta44 (2019-Sep-19 05:54):

Changes in this release:

*) capsman - fixed channel auto reselection;
*) chr - added support for Azure guest agent;
*) console - fixed "tobool" conversion;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - improved modem initialization;
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - use "src-address" also for traps;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;

Other changes since v6.45.6:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;

Версия 6.46beta44 2019-09-19

Версия 6.46beta38 2019-08-29

What's new in 6.46beta38 (2019-Aug-29 07:29):

Changes in this release:

*) btest - removed duplicate "duration" parameter;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) supout - removed "file" option from "/system sup-output" command;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed RX chain selection;
*) wireless - include last frequency when manually setting frequency step in "scan-list";

Other changes since v6.45.5:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;

Версия 6.46beta38 2019-08-29

Версия 6.46beta34 2019-08-22

What's new in 6.46beta34 (2019-Aug-22 06:24):

Changes in this release:

*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) log - increased log message length limit to 1024 characters;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";

Other changes since v6.45.3:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;

Версия 6.46beta34 2019-08-22

Версия 6.46beta28 2019-08-09

What's new in 6.46beta28 (2019-Aug-08 07:26):

Changes in this release:

*) certificate - improved CRL updating process;
*) defconf - require "policy" permission to print default configuration;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed basic rate reporting in snooper;

Other changes since v6.45.3:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;

Версия 6.46beta28 2019-08-09

Версия 6.46beta16 2019-07-24

What's new in 6.46beta16 (2019-Jul-23 06:44):

Changes in this release:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
*) wireless - updated "ukraine" regulatory domain information;

Other changes since v6.45.2:

*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;

Версия 6.46beta16 2019-07-24

Версия 6.45beta62 2019-06-14

What's new in 6.45beta62 (2019-Jun-13 10:13):

Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.

MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) user - removed insecure password storage;
----------------------

Changes in this release:

!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) crs3xx - fixed "tx-drop" counter;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added passthrough interface subnet selection;
*) lte - fixed LTE interface running state on RBSXTLTE3-7 (introduced in v6.45beta);
*) m33g - added support for additional Serial Console port on GPIO headers;
*) routerboard - renamed 'sim' menu to 'modem';
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - improved reliability on SNMP service packet validation;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";

Other changes since v6.44.3:

*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);

Версия 6.45beta62 2019-06-14

Версия 6.45beta6 2019-03-05

What's new in 6.45beta6 (2019-Mar-05 08:51):

Changes in this release:

*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta6 2019-03-05

Версия 6.45beta54 2019-05-28

What's new in 6.45beta54 (2019-May-24 07:51):

Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.

MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
!) user - removed insecure password storage;
----------------------

Changes in this release:

!) user - removed insecure password storage;
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) crs317 - fixed known multicast flooding to the CPU;
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for IKE rekeying for initiator;
*) ike2 - improved child SA rekeying process;
*) lte - added initial support for Vodafone R216-Z;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);

Other changes since v6.44.3:

*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta54 2019-05-28

Версия 6.45beta50 2019-05-21

What's new in 6.45beta50 (2019-May-20 09:30):

MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------

Changes in this release:

!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) ccr - improved packet processing after overloading interface;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - improved firmware upgrade process;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added "pwr-line" section to supout file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;

Other changes since v6.44.3:

*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta50 2019-05-21

Версия 6.45beta45 2019-05-13

What's new in 6.45beta45 (2019-May-13 09:22):

MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------

Changes in this release:

!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
*) conntrack - significant stability and performance improvements;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) wireless - improved installation mode selection for wireless outdoor equipment;

Other changes since v6.44.3:

*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta45 2019-05-13

Версия 6.45beta42 2019-05-09

What's new in 6.45beta42 (2019-May-08 12:44):

MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------

Changes in this release:

!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) capsman - fixed interface-list usage in access list;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - show neighbors on actual mesh ports;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) w60g - do not show unused "dmg" parameter;
*) w60g - show running frequency under "monitor" command;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;

Other changes since v6.44.3:

*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta42 2019-05-09

Версия 6.45beta37 2019-04-26

What's new in 6.45beta37 (2019-Apr-25 12:20):

MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------

Changes in this release:

!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ipsec - general improvements in policy handling;
*) lte - allow setting empty APN;
*) supout - added IPv6 ND section to supout file;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);

Other changes since v6.44.3:

*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta37 2019-04-26

Версия 6.45beta34 2019-04-18

What's new in 6.45beta34 (2019-Apr-18 08:59):

MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------

Changes in this release:

!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) e-mail - include "message-id" identification field in e-mail header;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) supout - changed IPv6 pool section to output detailed print;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);

Other changes since v6.44.2:

*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved wireless country settings for EU countries;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta34 2019-04-18

Версия 6.45beta31 2019-04-12

What's new in 6.45beta31 (2019-Apr-12 10:29):

MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------

Changes in this release:

!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) fetch - added SFTP support;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - general improvements in policy handling;
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool";
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) wireless - improved wireless country settings for EU countries;

Other changes since v6.44.2:

*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta31 2019-04-12

Версия 6.45beta27 2019-04-04

What's new in 6.45beta27 (2019-Apr-03 13:53):

Changes in this release:

*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - improved neighbour's MAC address detection;
*) fetch - added SFTP support;
*) ipsec - fixed possible configuration corruption after import;
*) ipv6 - improved IPv6 neighbor table updating process;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed multiline non-interactive command execution;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;

Other changes since v6.44.2:

*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta27 2019-04-04

Версия 6.45beta23 2019-04-01

What's new in 6.45beta23 (2019-Apr-01 05:51):

MAJOR CHANGES IN v6.45:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------

Changes in this release:

*) ipsec - properly drop already established tunnel when address change detected;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) smb - fixed possible buffer overflow;

Other changes since v6.44.1:

*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta23 2019-04-01

Версия 6.45beta22 2019-03-29

What's new in 6.45beta22 (2019-Mar-29 08:37):

Changes in this release:

!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
*) certificate - added "key-type" field (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added support for RADIUS accounting;
*) ipsec - fixed policies becoming invalid after changing priority;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) supout - added "kid-control devices" section to supout file;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;

Other changes since v6.44.1:

*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta22 2019-03-29

Версия 6.45beta20 2019-03-26

What's new in 6.45beta20 (2019-Mar-25 10:07):

Changes in this release:

*) certificate - made RAM the default CRL storage location;
*) ike1 - adjusted debug packet logging topics;
*) ipsec - fixed freshly created identity not taken in action;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);

Other changes since v6.44.1:

*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta20 2019-03-26

Версия 6.45beta19 2019-03-22

What's new in 6.45beta19 (2019-Mar-22 07:30):

Changes in this release:

*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) ssh - do not generate host key on configuration export;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;

Other changes since v6.44.1:

*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta19 2019-03-22

Версия 6.45beta16 2019-03-18

What's new in 6.45beta16 (2019-Mar-18 07:49):

Changes in this release:

*) dhcpv4-server - improved stability when performing "check-status" command;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - use default APN name "internet" when not provided;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) switch - properly reapply settings after switch chip reset;

Other changes since v6.44.1:

*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta16 2019-03-18

Версия 6.45beta11 2019-03-11

What's new in 6.45beta11 (2019-Mar-08 13:24):

Changes in this release:

*) bridge - fixed log message when hardware offloading is being enabled;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) lte - improved "info" command query;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sms - allow specifying multiple "allowed-number" values;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;

Other changes since v6.44:

*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Версия 6.45beta11 2019-03-11

Версия 6.44rc4 2019-02-22

What's new in 6.44rc4 (2019-Feb-22 10:11):

Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

!) ipsec - added new "identity" menu with common peer distinguishers;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) winbox - organized wireless parameters between simple and advanced modes;
*) wireless - improved NV2 performance for all ARM devices;

Other changes since v6.43.12:

*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;

Версия 6.44rc4 2019-02-22

Версия 6.44rc1 2019-02-15

What's new in 6.44rc1 (2019-Feb-15 07:12):

Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

!) ipsec - added new "identity" menu with common peer distinguishers;
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;

Other changes since v6.43.12:

*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;

Версия 6.44rc1 2019-02-15

Версия 6.44beta9 2018-09-18

What's new in 6.44beta9 (2018-Sep-17 07:20):

MAJOR CHANGES IN v6.44:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) webfig - allow to change user name when creating a new system user;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;

Other changes since v6.43:

*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";

Версия 6.44beta9 2018-09-18

Версия 6.44beta75 2019-02-11

What's new in 6.44beta75 (2019-Feb-08 08:02):

Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

!) ipsec - added new "identity" menu with common peer distinguishers;
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.44beta61);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) certificate - show digest algorithm used in signature;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) hotspot - added "https-redirect" under server profiles;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - require write policy for key generation;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added multiple APN support for R11e-4G;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - improved SIM7600 initialization after reset;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed possible buffer overflow;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) snmp - fixed "rsrq" reported precision;
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) switch - added comment field to switch ACL rules;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) w60g - fixed disconnection issues in PtMP setups;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved system stability when scanning for other networks;
*) wireless - show "installation" parameter when printing configuration;

Other changes since v6.43.8:

*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;

Версия 6.44beta75 2019-02-11

Версия 6.44beta61 2019-01-18

What's new in 6.44beta61 (2019-Jan-17 13:24):

Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

!) ipsec - added new "identity" menu with common peer distinguishers;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) console - updated copyright notice;
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - moved "profile" menu outside "peer" menu;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) profile - removed obsolete "file-name" parameter;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - increased reported "rsrq" precision;
*) vrrp - made "password" parameter sensitive;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;

Other changes since v6.43.8:

*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;

Версия 6.44beta61 2019-01-18

Версия 6.44beta6 2018-09-11

What's new in 6.44beta6 (2018-Sep-11 08:52):

Changes in this release:

!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";

Версия 6.44beta6 2018-09-11

Версия 6.44beta54 2019-01-07

What's new in 6.44beta54 (2019-Jan-07 08:27):

Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - fixed "rsrq" reported precision;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info <country>" command;

Other changes since v6.43.8:

*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;

Версия 6.44beta54 2019-01-07

Версия 6.44beta50 2018-12-18

What's new in 6.44beta50 (2018-Dec-17 13:01):

Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
----------------------

Changes in this release:

!) ipsec - added new "identity" menu with common peer distinguishers;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
*) bgp - properly update keepalive time after peer restart;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) cloud - added "ddns-update-interval" parameter;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - properly remove system note after configuration reset;
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) lte - added "ecno" field for "info" command;
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed passthrough functionality when interface is removed;
*) lte - improved SimCom 7100e support;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) ppp - added "at-chat" command;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) ssh - fixed public key format compatibility with RFC4716;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) traceroute - improved stability when sending large ping amounts;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) user - require "write" permissions for LTE firmware update;
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - fixed missing w60g interface status values;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) wireless - improvements in wireless frequency selection;
*) wireless - improved system stability for all ARM devices with wireless;

Other changes since v6.43.7:

*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;

Версия 6.44beta50 2018-12-18

Версия 6.44beta40 2018-11-28

What's new in 6.44beta40 (2018-Nov-28 12:46):

Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------

Changes in this release:

!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);

Other changes since v6.43.4:

*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - added "coordinate-format" parameter (CLI only);
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) log - properly handle long echo messages;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - added support for more ZTE MF90 modems;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) timezone - updated timezone information from tzdata2018g release;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) userman - show redirect location in error messages;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;

Версия 6.44beta40 2018-11-28

Версия 6.44beta39 2018-11-27

What's new in 6.44beta39 (2018-Nov-27 12:14):

Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
*) btest - added multithreading support for both UDP and TCP tests;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - properly flush old CRLs when changing store location;
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - properly detect time zone changes;
*) log - properly handle long echo messages;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for more ZTE MF90 modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) profiler - classify kernel crypto processing as "encrypting";
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - report last seen IP address in RADIUS accounting messages;

Other changes since v6.43:

*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) certificate - fixed time zone adjustment for SCEP requests;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;

Версия 6.44beta39 2018-11-27

Версия 6.44beta28 2018-10-29

What's new in 6.44beta28 (2018-Oct-29 07:58):

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

!) radius - initial implementation of RadSec (Radius communication over TLS);
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) ike2 - added option to specify certificate chain;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly update warnings under peer menu;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "boot-os" and "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) upgrade - made security package depend on DHCP package;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed "frequency-list" to "scan-list";
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - added align mode "/interface w60g align" (CLI only);

Other changes since v6.43:

*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;

Версия 6.44beta28 2018-10-29

Версия 6.44beta20 2018-10-10

What's new in 6.44beta20 (2018-Oct-09 09:29):

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;

Other changes since v6.43:

*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;

Версия 6.44beta20 2018-10-10

Версия 6.44beta17 2018-10-05

What's new in 6.44beta17 (2018-Oct-04 09:42):

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

*) bridge - fixed possible memory leak when VLAN filtering is used;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);

Other changes since v6.43:

*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved stability for 802.11ac;

Версия 6.44beta17 2018-10-05

Версия 6.44beta14 2018-10-02

What's new in 6.44beta14 (2018-Oct-01 12:01):

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) cloud - improved DDNS service disabling;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) ntp - fixed possible NTP server stuck in "started" state;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added interface stats;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) wireless - improved stability for 802.11ac;

Other changes since v6.43:

*) bridge - improved packet handling when hardware offloading is being disabled;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed ACL rules on IPQ4018 devices;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;

Версия 6.44beta14 2018-10-02

Версия 6.43rc7 2018-05-08

What's new in 6.43rc7 (2018-May-08 06:08):

*) capsman - allow to change "radio-name" (CLI only);
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) kidcontrol - allow to edit discovered devices;
*) lte - do not allow to send "at-chat" commands for configless modems;

Other changes since v6.42.1:

*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;

Версия 6.43rc7 2018-05-08

Версия 6.43rc66 2018-08-30

What's new in 6.43rc66 (2018-Aug-28 13:36):

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Changes in this release:

*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Snooping;
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) certificate - fixed RA "server-url" setting;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) lte - fixed LTE registration in 2G/3G mode;
*) ppp - added support for Telit LM940 modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - fixed interface speed reporting for predefined rates;
*) supout - added "files" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) webfig - fixed www service becoming unresponsive;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - require "sniff" policy for wireless sniffer;

Other changes since v6.42.7:

*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;

Версия 6.43rc66 2018-08-30

Версия 6.43rc64 2018-08-24

What's new in 6.43rc64 (2018-Aug-23 08:02):

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Changes in this release:

*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for DHCP Snooping (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chips;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;

Other changes since v6.42.7:

*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;

Версия 6.43rc64 2018-08-24

Версия 6.43rc6 2018-05-03

What's new in 6.43rc6 (2018-May-02 12:28):

*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) quickset - fixed dual radio mode detection process;
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;

Other changes since v6.42.1:

*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;

Версия 6.43rc6 2018-05-03

Версия 6.43rc56 2018-08-14

What's new in 6.43rc56 (2018-Aug-13 11:13):

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Changes in this release:

!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ippool - improved used address error message;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ppp - fixed interface enabling after a while if none of them where active;
*) ppp - improved modem mode switching;
*) snmp - added "temp-exception" trap;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) ups - improved UPS serial parsing stability;
*) w60g - general stability and performance improvements;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "default-route-distance" parameter for "IPv6/DHCP-client" menu;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2 (CLI only);
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - updated "united-states" regulatory domain information;

Other changes since v6.42.6:

*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;

Версия 6.43rc56 2018-08-14

Версия 6.43rc51 2018-08-02

What's new in 6.43rc51 (2018-Aug-01 09:43):

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Changes in this release:

*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) certificate - do not allow to perform "undo" on certificate changes;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added additional D-Link PIDs;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ospf - improved link-local LSA flooding;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) tile - added DES and 3DES hardware acceleration support;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;

Other changes since v6.42.6:

*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;

Версия 6.43rc51 2018-08-02

Версия 6.43rc5 2018-04-26

What's new in 6.43rc5 (2018-Apr-25 12:11):

*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - allow to execute concurrent internal AT commands;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;

Other changes since v6.42.1:

*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;

Версия 6.43rc5 2018-04-26

Версия 6.43rc45 2018-07-23

What's new in 6.43rc45 (2018-Jul-17 08:30):

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Changes in this release:

*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) lte - added additional ID support for SIM7600 modem;
*) sfp - fixed default advertised link speeds;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - improved Nv2 reliability on ARM devices;

Other changes since v6.42.6:

*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "re