|
app
|
added "network-outgoing-access=yes/no" setting to prevent containers from initiating outbound traffic; |
|
app
|
added birdnet-go, cryptpad, diagrams-net, lorawan-stack, metube, mikrodash, nextcloud-whiteboard, paperless-ngx, wbo, zulip apps; |
|
app
|
added docker-with-dockge, docker-with-komodo, docker-with-portainer, HA-otbr-matter, odoo, otbr, stalwart, trip apps; |
|
app
|
added possibility to set app command-line parameter from CLI; |
|
app
|
added restart command; |
|
app
|
allow apps on XFS file systems; |
|
app
|
allow filtering by installed apps; |
|
app
|
allow overriding default stop signal; |
|
app
|
allow parsing DNS in YAML; |
|
app
|
allow passing stop signal from YAML and passing it to container as default; |
|
app
|
allow picking app category from drop-down; |
|
app
|
allow updating name parameter from YAML for custom apps; |
|
app
|
allow updating YAML for existing custom app, forces cleanup; |
|
app
|
apps now check for port availability, apps will not start on "internal" if app masks existing service; |
|
app
|
automatically pass any required devices to container, such as otbr; |
|
app
|
automatically restart app when required hardware device is changed; |
|
app
|
bundled ollama with openwebui; |
|
app
|
check if certificate already exists before creating a new one; |
|
app
|
disabled PiHole syncing NTP to host; |
|
app
|
fixed issue where XFS disks did not appear in the app disk drop-down; |
|
app
|
fixed saving custom apps; |
|
app
|
fixed showing ui-url for apps; |
|
app
|
fixed some apps not containing the full repository URL; |
|
app
|
fixed stability issue when running cleanup on many apps; |
|
app
|
fixed store issue when adding a custom app; |
|
app
|
fixed YAML not exported for custom apps; |
|
app
|
improved app network and port behavior; |
|
app
|
improved automatic hardware device passing to container; |
|
app
|
improved YAML error message; |
|
app
|
make sure all layer .tar.gz files are deleted after extraction finishes; |
|
app
|
on file-based devices, swap is enabled on the file itself instead of creating another and enabling it on that; |
|
app
|
stability fixes for the "/app" menu; |
|
app
|
swap file is now created based on the mount-point it is attached to; |
|
app
|
updated uptime-kuma image; |
|
arm64,x86
|
updated Broadcom bnxt Ethernet driver for 200G support; |
|
bfd
|
fixed source address selection for IPv6 multihop sessions; |
|
bridge
|
added ability to set custom Option 82 with dhcp-agent-circuit-id, dhcp-agent-remote-id settings (replaces add-dhcp-option82 setting; configuration is automatically updated after upgrade); |
|
bridge
|
added DHCPv6 snooping feature with ability to set custom Option 18 and Option 37; |
|
bridge
|
fixed dynamic VLAN update for WiFi interfaces; |
|
bridge
|
improved MAC synchronization for MLAG; |
|
bridge
|
recognize more DHCP message types when dhcp-snooping is enabled; |
|
bth
|
fixed WireGuard client config IP address netmask; |
|
certificate
|
added "ISRG Root X1" and "DigiCert Global Root G2" to SMIPS built-in root certificate authorities store; |
|
certificate
|
allow deleting ACME certificate that failed to generate; |
|
certificate
|
improved ACME logging; |
|
certificate
|
improved ACME status reporting; |
|
certificate
|
set Let's Encrypt as default ACME directory; |
|
chr
|
improved guest tool config for arm64 CHR; |
|
cloud
|
cloud backup file management now requires "policy" policy; |
|
cloud
|
show error if cloud services are not supported on the device; |
|
console
|
added comment in "/ip/dhcp-server/option/sets" and "/ipv6/dhcp-server/option/sets" menus; |
|
console
|
added path parameter to export; |
|
console
|
added syntax highlight for script properties in some menus (e.g. dhcp-client, dhcp-server, ppp/profile, interface/vrrp); |
|
console
|
export mentions custom defconf script presence in header; |
|
console
|
fixed "/log/print follow on-event" to work with "where" (introduced in v7.22); |
|
console
|
fixed output when oversized completion present; |
|
console
|
removed redundant keepalive for the serial-terminal, ensure that the device no longer periodically outputs /0 while using "/system/serial-terminal"; |
|
console
|
show "/system/resource/hardware/usb-power-reset" only on x86; |
|
console
|
show warning in print header when terminal is too narrow to show any columns; |
|
console
|
treat non-existent command parameters as runtime errors; |
|
container
|
added restart-policy=no/always/on-failure, stop-on-unhealthy, restart-count, restart-interval, restart-max-count properties; |
|
container
|
added support for noexec option to mounts; |
|
container
|
added support for USB audio devices for containers; |
|
container
|
allow disabling individual container environment variables without deleting them; |
|
container
|
allow picking mount source directories with the file picker in WinBox; |
|
container
|
allow setting memory-max globally and per container; |
|
container
|
allow user-defined mounts overriding /sys and /dev; |
|
container
|
check if root-dir does not exist before adding a container; |
|
container
|
clean up layers of non-existing containers; |
|
container
|
detect and show containers killed by out-of-memory killer; |
|
container
|
do not allow starting container/shell with non-existing user or group; |
|
container
|
draw graphs in container stats; |
|
container
|
fixed container entrypoint and shell override by user; |
|
container
|
fixed container layer size calculation; |
|
container
|
fixed container shell not working with multi-arg commands; |
|
container
|
fixed repull if root-dir of container was in tmpfs; |
|
container
|
fixed running "/container shell" with the correct user, if container user is set or overridden; |
|
container
|
improved errors at container start; |
|
container
|
improved running container instance memory usage; |
|
container
|
layers are now accessible under "Layers" tab; |
|
container
|
pass any container startup error message back to "run" and make it exit immediately; |
|
container
|
remove container backup directory if import fails; |
|
container
|
removed "Layers" button; |
|
container
|
show container size and container data size; |
|
container
|
show default DNS servers; |
|
container
|
show layer size calculation status; |
|
container
|
updated /dev/net/tun permissions; |
|
crypto
|
fixed fallback flag loss in qcrypto; |
|
crypto
|
fixed stability issue; |
|
crypto
|
improved safexcel driver with upstream changes and patches; |
|
dhcpv4-server
|
added "add-dns-entries" and "add-dns-entries-suffix" properties for creating local DNS entries; |
|
dhcpv4-server
|
changed lease agent-circuit-id and agent-remote-id format to hex; |
|
dhcpv4-server
|
do not raise an alert when receiving a packet originating from the same device; |
|
dhcpv4-server
|
do not suggest bogus pools when using setup command (e.g. when address is /31 or /32); |
|
dhcpv4-server
|
fixed an issue where renew packets without giaddr were sometimes not processed; |
|
discovery
|
added "add-dns-entries" and "add-dns-entries-suffix" properties for creating local DNS entries; |
|
discovery
|
added option to disable/enable LLDP MED; |
|
discovery
|
added separate read-only menu "/ip/neighbor/lldp" for neighbors discovered by LLDP (CLI only); |
|
discovery
|
dynamically update advertised "interface-name"; |
|
discovery
|
fixed LLDP MAC/PHY TLV; |
|
disk
|
added "/disk" smart-info; |
|
disk
|
added disk check and repair for ext4, Btrfs and XFS file systems; |
|
disk
|
improved device name tracking in "/system/resource/hardware" menu; |
|
disk
|
show disk io errors in "/disk" menu; |
|
dns
|
added HTTP/2 support to DoH on ARM64 and x86/CHR devices; |
|
ethernet
|
improved system stability for RB3011, L009, NetMetal ax, hAP ax lite devices; |
|
ethernet
|
improved system stability on devices with Alpine CPUs; |
|
fetch
|
fixed non-working idle-timeout in some cases; |
|
file
|
added copy, tail, head commands (CLI only); |
|
firewall
|
added "action=drop" to mangle; |
|
firewall
|
improved stability for SIP helper; |
|
firewall
|
matcher "in-bridge-port" does not require "use-ip-firewall=yes"; |
|
general
|
ipsec – fixed expired SA handling to prevent “no such item” errors during listing; |
|
graphing
|
improved service stability when storing data; |
|
hardware
|
report the correct state of PCI devices in "/system/resource/hardware" menu; |
|
health
|
hide health menu for RB951ui-2nD; |
|
ike2
|
fixed child SA cleanup during flush operation; |
|
ike2
|
fixed pending responder connection cleanup after peer removal; |
|
ike2
|
fixed SA delete handling on initiator during rekey; |
|
ike2
|
improved HMAC size validation checks; |
|
interface
|
show warning when same MAC address is used on more than one virtual interface; |
|
iot
|
added LoRa Tx delay setting; |
|
iot
|
added MQTT subscribe message real-time monitoring option; |
|
iot
|
added Wiliot support; |
|
iot
|
fixed LoRa LBT issues, which caused Tx packets not getting delivered; |
|
iot
|
fixed LoRa lockpack preventing lock from applying; |
|
iot
|
improved LoRa stability; |
|
iot
|
improved LoRa Tx handling; |
|
iot
|
improved LoRa Tx scheduling; |
|
ip
|
added IPv6 and VRF support for reverse-proxy; |
|
ip
|
added SNI logging for reverse-proxy; |
|
ip
|
fixed hanging connections for reverse-proxy; |
|
ip-settings
|
added ipv4-fragment-time and ipv4-high-fragment-thresh settings, use default values based on total device memory; |
|
ipip
|
disabled IPv6 link-local address generation; |
|
ippool
|
fixed issue when changing pool with already used addresses; |
|
ippool6
|
allow variable length pool; |
|
ippool6
|
properly follow pool changes for already used prefixes; |
|
ipsec
|
added netlink-based SA and policy handling; |
|
ipsec
|
fixed SA proto parameter conversion and policy "none" type handling; |
|
ipsec
|
improved NAT encapsulation parameter forwarding; |
|
ipv6
|
added from-pool-policy address property that controls how address is acquired from the pool; |
|
ipv6
|
added without-acquire address property; |
|
ipv6
|
always ensure that prefix length matches the one given by the pool even if address was set to 0; |
|
ipv6,ra
|
added option to ignore MTU and DNS servers; |
|
ipv6,ra
|
added router-advertisement-route-distance setting; |
|
ipv6,ra
|
allow receiving DNS servers over multiple interfaces; |
|
ipv6,ra
|
clamp valid-lifetime to minimum of 2h on deprecation; |
|
ipv6,ra
|
extend processed RA logging; |
|
ipv6,ra
|
fixed advertised DNS parameter logging; |
|
ipv6,ra
|
fixed changing default "all" interface configuration; |
|
ipv6,ra
|
fixed DNS and pref64 property unset; |
|
ipv6,ra
|
fixed sending only DNS or MTU when prefix is set to "none"; |
|
ipv6,ra
|
improved service stability; |
|
ipv6,ra
|
warn when interface is under the bridge; |
|
isis
|
allow to configure metric-type; |
|
l3hw
|
added HW offloaded VRF support on CRS8xx switches; |
|
l3hw
|
added VRF assignment via switch ACL rules on CRS8xx switches (CLI only); |
|
l3hw
|
fixed VXLAN packet matching by local IP; |
|
leds
|
added new PoE fault LED cases (bad fw, PoE card power cable disconnected, PoE card not inserted); |
|
leds
|
fixed power LED turning off while LTE interface is inactive (introduced in v7.22); |
|
log
|
added "discover" topic and log events for discovered local DNS entries; |
|
log
|
added CC option for e-mail action; |
|
log
|
added ssld error logging; |
|
log
|
added TLS support; |
|
lte
|
added fast SIM switchover support using AT channel for MBIM modems without MBIM_CID_MS_UICC_RESET firmware support; |
|
lte
|
configure IP address for AT modems even if no DNS is received from the network; |
|
lte
|
delete CID profiles one by one instead of "delete all" for QMI modems, as command does not work for all modems; |
|
lte
|
do not duplicate primary-band also in ca-band for QMI modems in 5G SA network; |
|
lte
|
do not reconfigure modem in passthrough mode if passthrough cannot be activated because of slave interface; |
|
lte
|
emit RS every 60s on LTE interface; |
|
lte
|
filter packets by MAC in multi-apn setup for EC200A-EU modem; |
|
lte
|
fixed automatic modeswitch for "Chateau 5G R16" and "Chateau 5G"; |
|
lte
|
fixed broken network scan after being interrupted by reconfiguration; |
|
lte
|
fixed operator setting for QMI modems; |
|
lte
|
fixed rare cases where the Tx queue could stop and never wake up on multi-core CPU devices; |
|
lte
|
fixed RSSI signal monitor for 3rd party modems where AT+CSQ responses are not parsed; |
|
lte
|
fixed user set MTU not applied to LTE interface; |
|
lte
|
improved system stability for devices with QMI modems; |
|
lte
|
improved system stability when modem configured in passthrough mode with VLANs for "Chateau 5G R16" and "Chateau 5G"; |
|
lte
|
improved system stability; |
|
lte
|
improvements for passthrough mode in IPv6 only setup; |
|
lte
|
keep MAC persistent across reboots for QMI modems; |
|
lte
|
read subscriber number also for QMI modems; |
|
lte
|
removed LTE external-antenna scan; |
|
lte
|
set SMS send timeout to 180s; |
|
lte
|
show external-antenna as "none" before actual scan is done instead of empty value; |
|
lte
|
show MTU as "auto" also on interface level if "auto" used; |
|
lte
|
SIMCom modems, skip error state when modem sends improperly formatted CREG response/URC; |
|
lte
|
stop network scan on interruption for QMI modems; |
|
lte
|
unify "modem-init" for all driver types; |
|
macsec
|
added aes-gcm-xpn-128 cipher support; |
|
netwatch
|
fixed memory leak when using HTTP/HTTPS GET probe with invalid src-address; |
|
ospf
|
allow adding interface configuration manually, bypassing interface-template; |
|
ospf
|
change virtual link configuration to use OSPF interface directly; |
|
ospf
|
fixed missing interface-template configuration which previously was converted by upgrading from RouterOS v6; |
|
ospf
|
fixed nssa bit check; |
|
ospf
|
fixed routes not being installed on ABRs; |
|
pimsm
|
do not ignore priority when selecting RP from BSR; |
|
pimsm
|
fixed possible BSR loop; |
|
pimsm
|
improved stability; |
|
ping
|
resolve domain name to IPv6 if src-address is IPv6 address; |
|
ping
|
show time in microseconds for flood-ping; |
|
poe-out
|
firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces); |
|
port
|
added support for "tcp-client" and "udp" modes for "remote-access"; |
|
port
|
expose RG650E-EU diagnostics channel; |
|
port
|
remove unused serial port on RB1100AHx4; |
|
pppoe
|
do not reset pppoe-client interface when adding a comment; |
|
ptp
|
added support for CRS812, CRS804; |
|
ptp
|
fixed crash during initialization on some devices; |
|
qos-hw
|
added automap setting to QoS Profiles (enabled by default); |
|
qos-hw
|
added ECN and PFC support on CRS8xx; |
|
qos-hw
|
added new default "auto" value to mirror-buffers, multicast-buffers, shared-buffers QoS Settings (old defaults are shown in export after upgrade); |
|
qos-hw
|
added queueX-byte-max stats to port usage on CRS8xx; |
|
qos-hw
|
fixed CPU traffic mapping to queues on CRS8xx switches; |
|
qos-hw
|
introduced lossless-traffic-class and lossless-buffers settings; |
|
qos-hw
|
removed shared-pool-index setting; |
|
route
|
fixed link-local interface check when resolving IPv6 nexthops; |
|
route
|
revert to old routing rule priorities for containers (introduced in v7.22); |
|
routerboot
|
fixed Netinstall failure when using multiple partitions on AL73400, AL52400, AL32400 CPUs ("/system routerboard upgrade" required); |
|
sftp
|
fixed path canonicalization request; |
|
smb
|
do not start /ip smb server on container interfaces; |
|
sniffer
|
added IP ECN field; |
|
sniffer
|
fixed missing VLAN tag in the TZSP packets; |
|
snmp
|
added missing BRIDGE-MIB OIDs (dot1dBaseNumPorts, dot1dBaseType, dot1dStpDesignatedRoot, dot1dStpPortDesignatedBridge, dot1dStpRootCost, dot1dStpRootPort, dot1dStpHoldTime, dot1dStpBridgeMaxAge, dot1dStpBridgeHelloTime, dot1dStpBridgeForwardDelay, dot1dStpPortForwardTransitions, dot1dTpAgingTime); |
|
snmp
|
added missing LLDP-MIB OIDs (lldpMessageTxInterval, lldpMessageTxHoldMultiplier, lldpLocManAddrTable); |
|
snmp
|
enforce minimum password length; |
|
snmp
|
fixed compliance of LLDP-MIB lldpRemManAddrTable; |
|
snmp
|
fixed connection tracking counter OID; |
|
snmp
|
fixed dot1dStpPortDesignatedPort, dot1dStpPortDesignatedRoot OIDs; |
|
snmp
|
fixed ifSpeed and ifHighSpeed OIDs for 802.3ad and balance-xor bonding interfaces; |
|
snmp
|
fixed lldpLocSysDesc OID; |
|
snmp
|
implemented LTE firmware upgrade option; |
|
snmp
|
use "/ip/neighbor/lldp" for lldpRemTable and lldpRemManAddrTable (fixes lldpRemTable showing neighbors discovered by MNCP or CDP); |
|
ssh
|
do not advertise password login method when it is disabled; |
|
ssh
|
improved host resolve error logging; |
|
switch
|
fixed issue with MAC table for RB2011 (introduced in v7.21); |
|
switch
|
fixed missing ethernet counters for non-running interfaces on CRS8xx switches (introduced in v7.22); |
|
switch
|
improved FDB operations on QCA8337, Atheros8327; |
|
switch
|
rework how IEEE reserved MAC addresses are handled on QCA8337, Atheros8327; |
|
switch
|
updated switch-marvell.npk driver; |
|
switch
|
use names instead of numbers in switch menu configuration export; |
|
system
|
improved handling of HTTP/2 connection closure; |
|
system
|
improved RouterOS package download over slow connection; |
|
system
|
improved switching to HTTP/1 if HTTP/2 is not supported by remote host; |
|
system
|
keep HTTP/2 connection open if it is not closed by system or server; |
|
system
|
make default identity based on board name; |
|
timezone
|
updated timezone information from "tzdata2026b" release; |
|
upgrade
|
added the option to configure HTTP/HTTPS modes when connecting to MikroTik upgrade servers; |
|
upgrade
|
changed status message for scheduled installs; |
|
upgrade
|
check for available packages when opening System/Packages in GUI; |
|
usb
|
added ax88179_178a driver; |
|
usb
|
improved USB Ethernet adapter recognition; |
|
usb
|
show USB device reported maximum power; |
|
user-manager
|
improved stability when removing user-profile while session updates counters; |
|
veth
|
fixed link-local address not being configurable as a gateway; |
|
vxlan
|
fixed fast-path when using "checksum=no" (introduced in v7.20); |
|
vxlan
|
improved system stability; |
|
webfig
|
added postfix byte value support (e.g. "/ip/settings/ipv4-high-fragment-thresh"); |
|
webfig
|
added support for filter in tables; |
|
wifi
|
improved interface provisioning for WiFi 7 access points; |
|
wifi
|
improved on-capsman traffic processing; |
|
wifi-mediatek
|
fixed multicast-enhance functionality; |
|
wifi-mediatek
|
fixed stability issue getting regulatory information and during initialization; |
|
wifi-qcom-be
|
fixed incorrect channel info for punctured channels; |
|
wifi-qcom-be
|
fixed stability issue during initialization; |
|
wifi-qcom-be,mediatek
|
correctly advertise RRM capabilities when 802.11k neighbor reports are enabled; |
|
winbox
|
added "MLD Static" and "MLD Datapath" properties under the "WiFi/CAP" menu; |
|
winbox
|
added "Multipath" property under the "Routing/BGP/Instance" menu; |
|
winbox
|
added “Remove” action under "System/Certificates/Requests" menu; |
|
winbox
|
added comment for DHCPv6 relay; |
|
winbox
|
added group numbers for DH and PFS groups for IPsec; |
|
winbox
|
allow setting "CAPsMAN address" for CAP as domain name; |
|
winbox
|
do not accept interface without specifying IP or MAC in "Ping To" field; |
|
winbox
|
improved "External Antenna" property display; |
|
winbox
|
improved Routing/PIM SM menu; |
|
winbox
|
move bridge IGMP Snooping checkbox to IGMP tab; |
|
winbox
|
rename DHCPv6 server binding "Peer Address" to "Client Address"; |
|
winbox
|
show "Directory URL" field for ACME certificates in Certificate view; |
|
winbox
|
show "IPv6 Address" property by default under the "IP/Neighbors" menu; |
|
winbox
|
show accepted connections in tree view under "IP/Services" menu; |
|
winbox
|
updated socksify icon for firewall NAT rules; |
|
wireguard
|
improved system stability; |
|
www
|
added partial content (HTTP 206) support; |
|
www
|
improved REST API user cache processing; |
|
www
|
improved system stability; |
|
zerotier
|
switch to 1.14.2 version; |