Search changelog entries
| Component | Change |
|---|---|
| bgp | execute community based decisions before output filter (fixes problem with no-export); |
| bgp | show correctly IPv4 route with IPv6 nexthop in BGP advertisements and route print; |
| bgp-vpn | always prefer local VPN route during selection; |
| bgp-vpn | take into account instance configuration when selecting vpnvX routes (introduced in v7.20beta2); |
| capsman | filter non-installed packages on upgrade (introduced in v7.18); |
| dhcp-client | added option to control broadcast flag for DHCP Discover and Request packets, except when renewing the lease; |
| esim | added option to activate eSIM profile after provisioning; |
| esim | added option to specify activation code for eSIM provisioning; |
| esim | make profile management messages more consistent; |
| evpn | send PMSI attribute; |
| ipv6 | fixed policy routing; |
| leds | fixed issues after changing "dark-mode" configuration (introduced in v7.19); |
| modem | fixed missing SIM/eSIM slot selection on ATL 5G R16 (introduced in v7.20beta2); |
| net | ensure packet sockets from containers do not disable RouterOS fastpath/fasttrack; |
| port | added support for Silicon Labs USB serial adapters (vendor id=0x10C4); |
| ptp | allow priority1 value of 0 (improves stability when receiving announce messages with priority1 set to 0); |
| route | prefer link-local nexthop when both global and local are present; |
| route | show correct route type for ISIS routes; |
| routing-filter | added gw-ll parameter; |
| ssh | fixed non-interactive console command response truncation; |
| supout | removed File section (due to high memory usage and long processing time); |
| Component | Change |
|---|---|
| bfd | fixed socket leak (additional fixes); |
| bgp | automatically create output.network blackhole routes; |
| bgp | do not show router-id error when instance is not active (introduced in v7.20beta2); |
| bgp | refresh WinBox when BGP session is created/deleted; |
| bgp | support for Advertising IPv4 Network Layer Reachability Information (NLRI) with an IPv6 Next Hop; |
| bridge | added dynamic tagged entry named "switch-cpu" in scenarios where the same VLAN spans multiple switch chips or is used on both HW and SW ports (additional fixes); |
| bridge | allow IPv6 FastPath when dhcp-snooping is enabled; |
| dhcp-server | improved logging when dual-stack is enabled but fails to acquire client MAC from DUID; |
| disk | disallow adding SMB share or user with empty name; |
| ethernet | improved ethernet stability when handling invalid packets on Alpine CPUs; |
| ethernet | improved performance for hEX Refresh and hEX S (2025); |
| filesystem | improved calculation of free space on NAND flash (fixes potential "disk is too small" issue); |
| ipsec | fixed responder on key exchange compute failure (introduced in v7.19); |
| lte | AT modems, fixed typos in commands sent to modem when APN with authentication is used (AT+CGAUTH; AT$QCPDPP); |
| lte | do not reconfigure modem if deactive eSIM profile is deleted; |
| lte | exempt eSIM provision from global CRL certificate settings; |
| lte | R11e-LTE and R11e-LTE6, fixed possible crash on device unexpected removal or during RouterOS shutdown; |
| radius | fixed RADIUS client section becoming unresponsive when RadSec is configured, but server is not responding; |
| radius | fixed wrong RadSec port number in logs; |
| radius | properly verify certificate when RadSec is used; |
| route | fixed issue when route table is installed to kernel without fib setting; |
| route | removed fib-reinstall; |
| sfp | fixed low power mode pins on CRS326-4C+20G+2Q+ for optical QSFP modules; |
| supout | added IPv6 NAT section; |
| switch | fixed ACL rules with "redirect-to-cpu" (introduced in v7.20beta2); |
| switch | fixed bonding issues after switch reset (introduced in v7.18); |
| switch | fixed port blocking with spanning tree on EN7523 switch (introduced in v7.19); |
| swos | changed firmware file location (URL) for software update checks; |
| system | improved system stability when processing large amount of traffic; |
| system | improved system stability when using FastTrack; |
| system | reduced RouterOS ARM package size; |
| vrrp | added "connection-tracking-port" and "connection-tracking-mode" settings for "sync-connection-tracking" (additional fixes); |
| wifi | avoid picking 5GHz channels by default which are unlikely to be supported by clients, can be overridden with channel.deprioritize-unii-3-4; |
| winbox | added missing properties to "Container" menu and improved field ordering; |
| winbox | fixed missing warning under "Routing/BGP/Instances" menu; |
| winbox | show/hide corresponding fields when switching RADIUS client mode between RadSec and UDP; |
| Component | Change |
|---|---|
| bridge | allow IPv6 FastPath when dhcp-snooping is enabled; |
| iot | LoRa LNS stability improvement; |
| lte | AT modems, fixed typos in commands sent to modem when APN with authentication is used (AT+CGAUTH; AT$QCPDPP); |
| lte | R11e-LTE and R11e-LTE6, fixed possible crash on device unexpected removal or during RouterOS shutdown; |
| mpls | improved stability when handling VPLS packets; |
| radius | fixed RADIUS client section becoming unresponsive when RadSec is configured, but server is not responding; |
| radius | fixed wrong RadSec port number in logs; |
| radius | properly verify certificate when RadSec is used; |
| sfp | added sfp-power-class and sfp-max-power monitor values for QSFP; |
| supout | added IPv6 NAT section; |
| switch | fixed ACL rules with "redirect-to-cpu" (introduced in v7.19.2); |
| switch | fixed bonding issues after switch reset (introduced in v7.18); |
| switch | fixed port blocking with spanning tree on EN7523 switch (introduced in v7.19); |
| swos | changed firmware file location (URL) for software update checks; |
| system | reduced RouterOS ARM package size; |
| winbox | show/hide corresponding fields when switching RADIUS client mode between RadSec and UDP; |
| Component | Change |
|---|---|
| bfd | fixed socket leak; |
| bgp | fixed withdraw when input.accept-nlri is non-existent; |
| btest | properly close unsuccessful TCP test sockets; |
| console | added prompt to /disk/format command; |
| disk | do not allow to start Btrfs replace command when a Btrfs replace process is already running; |
| disk | improve disk file system detection; |
| hotspot | allow only "http:" and "https:" schemas in dst field; |
| iot | added LoRa interface recovery mechanism; |
| iot | LoRa stability improvement; |
| iot | LR8G/9G firmware update; |
| ip-service | fixed "print count-only interval" when dynamic entries are added (introduced in v7.19); |
| ip-service | fixed setting services by name (introduced in v7.19); |
| ipsec | fixed responder on key exchange compute failure (introduced in v7.19); |
| ipv6 | do not show IPv6 FastPath as active when connection tracking or IPsec is used; |
| l2tp-ether | fixed interface creation/removal process; |
| lte | added support for R11e-LTE6 v039 firmware release; |
| lte | do not dial further if modem detects eSIM without profiles; |
| lte | fixed eSIM management function for mmips and mipsbe architecture CPUs; |
| lte | fixed eSIM provisioning for servers that do not send content-length in the HTTP response; |
| route | fixed destination ordering for SNMP; |
| route | fixed SNMP probing of IPv6 routes; |
| route | make routing table print faster with hw-offload, gateway and blackhole queries; |
| switch | fixed ACL rules when ports are not specified (fixes dynamic rules for RoMON); |
| switch | fixed advertise and speed settings for ether1 on RB5009 (introduced in v7.19.1); |
| webfig | improved screen reader support for WiFi fields in Quickset; |
| webfig | make combobox accessible to screen readers; |
| webfig | more space to branding logo; |
| wifi-qcom | fixed beacon loss issues and improved stability for IPQ-6018; |
| wifi-qcom | improved regulatory compliance; |
| winbox | fixed "Last Topology Change" for bridge port monitor; |
| Component | Change |
|---|---|
| bfd | fixed socket leak; |
| bgp | fixed origin cleanup for mpls-vpn (introduced in v7.20beta2); |
| bgp | fixed warning when instance is not active (introduced in v7.20beta2); |
| bgp | fixed withdraw when input.accept-nlri is non-existent; |
| bgp | migrate correctly router-id and ASN to instance (introduced in v7.20beta2); |
| bridge | added dynamic tagged entry named "switch-cpu" in scenarios where the same VLAN spans multiple switch chips or is used on both HW and SW ports (additional fixes); |
| btest | properly close unsuccessful TCP test sockets; |
| certificate | added "Amazon Root CA 1" to built-in root certificate authorities store; |
| console | added prompt to /disk/format command; |
| console | fixed /file/find not recursive by default (introduced in v7.20beta2); |
| console | fixed /file/read command (introduced in v7.20beta2); |
| console | improved visuals for hexadecimal strings; |
| console | prioritize directory specific parameters and hide rarely used ones in print autocomplete (additional fixes); |
| container | added repull command; |
| container | can use KVM (x86 and arm64) in container QEMU for faster virtualization; |
| container | fixed QEMU VM to host bridge; |
| container | stability improvements (additional fixes); |
| dhcp-client | show warning if DHCP client is configured on dot1x server port; |
| dhcpv4-client | allow specifying DSCP of outgoing packets; |
| dhcpv4-client | show "custom-hostname-suffix" and "custom-source-mac-address" properties if set; |
| dhcpv4-server | added "add dns" step to setup wizard; |
| discovery | improved LLDP Power via MDI TLV with 802.3bt specific field support; |
| discovery | report router as "CAPsMAN" on MNDP under "running" parameter; |
| disk | show error when file based block-device uses a mountpoint to be unmounted; |
| dns | fixed memory leak when static CNAME record was matched; |
| evpn | fixed auto ID setting (introduced in v7.20beta2); |
| evpn | fixed enable/disable handling (introduced in v7.20beta2); |
| evpn | fixed instance handling (introduced in v7.20beta2); |
| evpn | fixed MACIP address decode (introduced in v7.20beta2); |
| evpn | fixed missing RD (introduced in v7.20beta2); |
| evpn | fixed route print query by EVPN AFI (introduced in v7.20beta2); |
| file | fixed console completion not showing all files (introduced in v7.20beta2); |
| file | fixed duplicate in WinBox Files menu when sharing a file in a folder (introduced in v7.20beta2); |
| iot | LoRa netid filters now can be configured as a "range"; |
| iot | LoRa stability improvement (additional fixes); |
| iot | LR8G/9G firmware update (additional fixes); |
| ip-service | fixed "print count-only interval" when dynamic entries are added (introduced in v7.19); |
| ip-service | fixed setting services by name (introduced in v7.19); |
| ip-service | show service name "nfs" for port 2049; |
| ipsec | move raw RSA keys to /ip/ipsec/key/rsa; |
| ipv6 | fixed "auto-link-local" feature on WireGuard interface; |
| isis | added passive parameter for interface templates; |
| l2tp-ether | fixed interface creation/removal process; |
| lte | added "remove-sent-sms-after-send" option to automatically delete sent SMS messages; |
| lte | added modem-init string response to system log; |
| lte | added show-capabilities eSIM presence detection for MBIM modems; |
| lte | added support for R11e-LTE6 v039 firmware release; |
| lte | do not dial further if modem detects eSIM without profiles; |
| lte | exit LTE scan if modem reconfigured; |
| lte | fallback to RA for global IPv6 if unattained via AT channel (resets on config change); |
| lte | fixed eSIM management function for mmips and mipsbe architecture CPUs; |
| lte | fixed eSIM provisioning for servers that do not send content-length in the HTTP response; |
| lte | fixed inappropriate LTE interface inactive flag shown during modem initialization; |
| lte | fixed progress message for R11e-LTE modem firmware-upgrade; |
| lte | improved EC200A-EU firmware-upgrade stability; |
| lte | improved SMS sending stability over MBIM protocol; |
| macvlan | allow creating macvlan interfaces on all interfaces with a MAC address; |
| mpls | improved stability when handling VPLS packets; |
| netinstall-cli | improved client device architecture detection; |
| netwatch | added "early-success-detection" and "early-failure-detection" properties for ICMP probe; |
| port | improved port status handling at unexpected device removal; |
| ppp | added "dhcpv6-use-radius" PPP profile feature that enables "use-radius" option on dynamically created DHCPv6 servers; |
| ppp | added "remote-ipv6-prefix-reuse" PPP profile feature that allows to advertise same prefix on multiple VPN clients at the same time; |
| romon | changed default "disabled=yes" to "disabled=no" under /tool/romon/port; |
| romon | improved error message; |
| route | fixed destination ordering for SNMP; |
| route | fixed SNMP probing of IPv6 routes; |
| route | improved stability; |
| route | update router ID when disabled address is removed; |
| routing-filter | added sync command; |
| sfp | added sfp-power-class and sfp-max-power monitor values for QSFP (additional fixes); |
| smips | reduced package size, removed hotspot feature and provide it as a separate package; |
| ssh | show user public key fingerprint under /user/ssh-keys; |
| switch | fixed advertise and speed settings for ether1 on RB5009 (introduced in v7.20beta2); |
| switch | fixed egress-rate on QSFP ports; |
| switch | reset all Ethernet counters on reset-counters command on QoS Port menu; |
| system | fixed certain notifications (e.g. kid-control activity, connection tracking table) (introduced in v7.17); |
| veth | added dhcp=yes/no property to be able to easily run a container in LAN, runs a special dynamic dhcp-client on interface and sets acquired address/gateway/dns to in-container interface; |
| veth | added mac-address property; |
| veth | make veth interface MAC address stable in both RouterOS and container (container-side MAC incremented by +1 from RouterOS-side interface); |
| vrrp | added "conntrack-port" and "mode" settings for "sync-connection-tracking"; |
| vxlan | improve stability when learning enabled interface used with EVPN (introduced in v7.20beta2); |
| webfig | fixed issue where legacy WebFig login page was used; |
| webfig | improved screen reader support for wifi fields in Quickset; |
| wifi | increased wifi scan list; |
| wifi-qcom | accept VLAN-tagged packets from clients with vlan-id; |
| wifi-qcom | fixed beacon loss issues and improved stability for IPQ-6018; |
| wifi-qcom | improved regulatory compliance; |
| winbox | added "Reselect Time" for wifi; |
| winbox | added "Digest Algorithm" under "System/Certificates" menu (additional fixes); |
| winbox | added "Note" field in LTE Firmware Upgrade; |
| winbox | fixed "Last Topology Change" for bridge port monitor; |
| winbox | fixed crash when opening entry in switch rule menu (introduced in v7.20beta2); |
| winbox | improved byte type field representation; |
| winbox | removed duplicate mounts option; |
| wireless | changed CLI snooper column name "freq" to "channel"; |