MikroTik Changelog Tracker

Search changelog entries

7.11 Stable 2023-Aug-15 (2 years ago)
Component Change
api disallow executing commands without required parameters;
bfd fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
bfd improved system stability;
bluetooth added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
bluetooth added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
bluetooth added new AD structure type "service-data" for Bluetooth advertisement;
bridge added more STP-related logging;
bridge added warning when VLAN interface list contains ports that are not bridged;
bridge fixed MAC learning on "switch-cpu" port with enabled FastPath;
bridge fixed MSTP BPDU aging;
bridge fixed MSTP synchronization after link down;
bridge prevent bridging the VLAN interface created on the same bridge;
certificate allow to import certificate with DNS name constraint;
certificate fixed PEM import;
certificate fixed trust store CRL link if generated on an older version (introduced in v7.7);
certificate improved CRL download retry handling;
certificate removed request for "passphrase" property on import;
certificate require CRL presence when using "crl-use=yes" setting;
certificate restored RSA with SHA512 support;
conntrack fixed "active-ipv4" property;
console added ":convert" command;
console added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
console fixed incorrect date when printing "value-list" with multiple entries;
console fixed minor typos;
console fixed missing "parent" for script jobs (introduced in v7.9);
console fixed missing return value for ping command in certain cases;
console fixed printing interval when resizing terminal;
console improved flag printing in certain menus;
console improved stability and responsiveness;
console improved stability when canceling console actions;
console improved stability when using fullscreen editor;
console improved timeout for certain commands and menus;
console improved VPLS "cisco-id" argument validation;
container added IPv6 support for VETH interface;
container added option to use overlayfs layers;
container adjust the ownership of volume mounts that fall outside the container's UID range;
container fixed duplicate image name;
container fixed IP address in container host file;
defconf do not change admin password if resetting with "keep-users=yes";
dhcp-server fixed setting "bootp-lease-time=lease-time";
discovery fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
dns improved system stability when processing static DNS entries with specified address-list;
ethernet fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
ethernet improved interface stability for CRS312 device;
fetch improved timeout detection;
firewall added warning when PCC divider argument is smaller than remainder;
firewall fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
firewall improved system stability when using "endpoint-independent-nat";
graphing added paging support;
health added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
health fixed configuration export for "/system/health/settings" menu;
hotspot allow number as a first symbol in the Hotspot server DNS name;
ike1 fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
ike2 improved SA rekeying reply process;
ike2 improved system stability when closing phase1;
ike2 improved system stability when making configuration changes on active setup;
ike2 log "reply ignored" as non-debug log message;
ipsec fixed public key export (introduced in v7.10);
ipsec fixed signature authentication using secp521r1 certificate (introduced in v7.10);
ipsec improved IKE2 rekey process;
ipsec properly check ph2 approval validity when using IKE1 exchange mode;
l3hw changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
l3hw fixed /32 and /128 route offloading after nexthop change;
l3hw fixed incorrect source MAC usage for offloaded bonding interface;
l3hw improved system responsiveness during partial offloading;
l3hw improved system stability during IPv6 route offloading;
l3hw improved system stability;
led fixed manually configured user LED for RB2011;
leds blink red system-led when LTE is not connected to the network on D53 devices;
leds fixed system-led color for "GSM EGPRS" RAT on D53 devices;
lora added new EUI field;
lora added uplink message filtering option using NetID or JoinEUI;
lora moved LoRa service to IoT package;
lora properly apply configuration changes when multiple LoRa cards are used;
lora updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
lte added "at-chat" support for Dell DW5821e-eSIM modem;
lte added "at-chat" support for Dell DW5829 modem;
lte added "at-chat" support for Fibocom L850-GL modem;
lte added "at-chat" support for SIMCom 8202G modem;
lte added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
lte added extended support for Neoway N75 modem;
lte fixed Dell DW5821e "at-chat" support;
lte fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
lte fixed NR SINR reporting for Chateau 5G;
lte fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
lte fixed Telit LE910C4 "at-chat" support;
lte improved initial interface startup time for SXT LTE 3-7;
lte improved system stability when changing the "radio" state for MBIM modems;
lte only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
modem added initial support for BG77 modem DFOTA firmware update;
modem changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
modem fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
mpls improved MPLS TCP performance;
mqtt added more MQTT publish configuration options;
mqtt added new MQTT subscribe feature;
netwatch added "src-address" property;
netwatch changed "thr-tcp-conn-time" argument to time interval;
ovpn do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
ovpn fixed OVPN server peer-id negotiation;
ovpn fixed session-timeout when using UDP mode;
ovpn improved key renegotiation process;
ovpn include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
ovpn properly close OVPN session on the server when client gets disconnected;
package treat disabled packages as enabled during upgrade;
poe fixed missing PoE configuration section under specific conditions;
poe-out advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
pppoe fixed PPPoE client trying to establish connection when parent interface is inactive;
profile added "container" process classifier;
profile properly classify "console" related processes;
qos-hw keep VLAN priority in packets that are sent from CPU;
quickset correctly apply configuration when using "DHCP Server Range" property;
resource fixed erroneous CPU usage values;
rose-storage added "scsi-scan" command (CLI only);
rose-storage added disk stats for ramdisks;
rose-storage fixed RAID 0 creation;
rose-storage limit striped RAID element size to smallest disk size;
route added comment for BFD configuration (CLI only);
route convert BFD timers from milliseconds to microseconds after upgrade;
routerboard fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
routerboard improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
routerboard removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
routerboot increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
sfp fixed incorrect optical SFP temperature readings (introduced in v7.10);
sfp improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
sfp improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
sfp improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
sfp reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
sms increased wait time for modem startup;
ssh fixed host public key export (introduced in v7.9);
ssh fixed private key import (introduced in v7.9);
ssh fixed SSH key agreement on the client side when ed25519 used under server settings;
ssh fixed user RSA private key import;
switch fixed "reset-counters" for "switch-cpu";
switch fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
switch improved multicast packet forwarding on MT7621;
system disallow setting a non-existing CPU core number for system IRQ;
system increased maximum supported CPU core count to 512 on CHR and x86;
system reduced RAM usage for SMIPS devices;
tftp improved file name matching;
user added "sensitive" policy requirement for SSH key and certificate export;
w60g improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
webfig added option to enable wide view in item list;
webfig fixed "Connect To" configuration changes for L2TP client;
webfig fixed gray-out italic font for entries after enable;
webfig use router time zone for date and time;
wifiwave2 added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
wifiwave2 added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
wifiwave2 added option to filter frames captured by the sniffer command (CLI only);
wifiwave2 automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
wifiwave2 changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
wifiwave2 enabled PMK caching with EAP authentication types;
wifiwave2 fixed "reg-info" information for several countries;
wifiwave2 fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
wifiwave2 fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
wifiwave2 fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
wifiwave2 improved stability when changing interface settings;
wifiwave2 improved stability when receiving malformed WPA3-PSK authentication frames;
wifiwave2 make info log less verbose during client roaming (some info moved to wireless,debug log);
wifiwave2 rename "reg-info" country argument from "Macedonia" to "North Macedonia";
wifiwave2 use correct status code when rejecting WPA3-PSK re-association;
winbox added missing status values for Ethernet and Cable Test;
winbox added warning about non-running probe due to "startup-delay";
winbox fixed "Storm Rate" property under "Switch/Port" menu;
winbox fixed BGP affinity display;
winbox fixed default "Ingress Filtering" value under "Bridge" menu;
winbox improved supout.rif progress display;
winbox rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
wireguard fixed peer connection using DNS name on IP change;
wireguard fixed peer IPv6 "allowed-address" usage;
wireless ignore EAPOL Logoff frames;
x86 updated e1000 driver;
6.49.8 Long-term 2023-Jul-19 (2 years ago)
Component Change
console updated copyright notice;
defconf fixed invalid default password setting after configuration reset for 60GHz interface (introduced in v6.49.5);
firewall fixed IRC NAT helper (CVE-2022-2663);
hotspot improved stability when receiving bogus packets;
smb fixed SMB2 file list reporting;
7.10.2 Stable 2023-Jul-12 (2 years ago)
Component Change
wifiwave2 fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
7.10.1 Stable 2023-Jun-27 (2 years ago)
Component Change
ovpn fixed OVPN server peer-id negotiation;
webfig use router time zone for date and time;
7.10 Stable 2023-Jun-15 (2 years ago)
Component Change
bgp allow to filter BGP sessions by AFI;
bgp changed default VPNv4 import distance to iBGP value (200);
bgp do not check route distinguisher on import;
bgp fixed "as-override" and rename to "output.as-override";
bgp fixed "remove-private-as" and rename to "output.remove-private.as";
bgp show address family in advertisements;
bgp show approximate received prefix count by the session;
branding fixed custom logo (introduced in v7.8);
bridge fixed HW offloaded STP state on port disable;
bridge fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
bridge fixed incorrect host moving between ports with enabled FastPath;
certificate fixed displaying of certificate serial number;
certificate improved error reporting for Let's Encrypt certificate;
certificate restore available "key-usage" property options;
conntrack added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
console added timeout error for configuration export;
console changed time format according to ISO standard;
console disable output when using "as-value" parameter;
console fixed ":terminal inkey" input when resizing terminal;
console fixed "print without-paging" output in some cases;
console hide past commands with sensitive arguments;
console improved stability when using command completion;
container fixed "container pull" to support OCI manifest format;
container fixed crash due to missing system directories;
container improved default internal environment values;
defconf allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
defconf fixed default configuration for RBSXTLTE3-7;
dhcp-server fixed accounting on RADIUS interim update;
dhcpv4-server added name for "IPv6-Only Preferred" option (108) in debug logs;
doh less verbose logging;
firewall added "endpoint-independent-nat" support;
firewall added "nth" option for IPv6 firewall;
gps expose GPS port for Quectel RM520N-GL;
ike2 improved child SA delete request processing;
iot added option to send Modbus function code commands directly from RouterOS (CLI only);
ipsec added hardware acceleration support for IPQ-5010 (hAP ax lite);
ipsec refactor public key authentication;
ipsec removed "ec2n185" and "ec2n155" values from proposal configurations;
ipv6 fixed IPv6 address removal;
l3hw added "autorestart" option to L3HW settings;
l3hw added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
l3hw added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
l3hw added monitoring options for L3HW utilization (CLI only);
l3hw fixed /32 route deletion;
l3hw fixed IPv6 ECMP route offloading;
l3hw fixed offloading of /32 IPv4 and /128 IPv6 routes;
l3hw fixed route table offloading during large volume of route updates;
l3hw improved host and nexthop offloading;
l3hw improved offloading of IPv6 hosts after L3HW driver restart;
l3hw improved performance of partial offloading;
l3hw improved route offloading after gateway change;
l3hw improved system stability for partial routing table offload;
leds fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
lora improved gateway card detection and upgrade logic;
lora updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
lte added serving cell query for MBIM modems with necessary MBIM extension;
lte disable DHCP request filtering (UDP port 67) for Chateau 5G;
lte fixed APN authentication for R11e-LTE6 modem;
lte fixed Google Pixel 7 tethering support;
lte improved MBIM modem firmware reported error handling when settings RAT modes;
lte improved modem firmware upgrade stability for MBIM modems;
lte improved stability for Chateau 5G LTE modem firmware upgrade;
lte reduced SIM slot switchover time for MBIM modems with UUIC reset support;
lte stop "cell-monitor" on LTE interface configuration change for MBIM modems;
mpls added FastPath support;
netwatch added warning about non-running probe due to "startup-delay" (CLI only);
ovpn added initial support for V2 data transfer protocol;
ovpn improved system stability;
poe fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
pppoe fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
qos-hw added QoS marking support for 98DXxxxx switches (CLI only);
qos-hw renamed VLAN "priority" field to "pcp" to avoid confusion;
rose-storage added support for multiple smb users and smb shares;
route improved system stability when removing multicast forwarding entries;
routerboard fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
routerboard improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
routerboot increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
scheduler fixed incorrectly started scheduler during reboot or shutdown;
sfp fixed "rate" monitor value for SFP interface on L009UiGS series devices;
sfp fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
sfp fixed combo-sfp linking at 1G rate for CRS312 switch;
sfp improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
sfp improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
sfp improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
sfp improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
sfp improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
sfp report EEPROM data even if "auto-init-failed" has occurred;
smb improved SMB v1 operation;
sniffer fixed large .pcap file limit;
snmp added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
snmp added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
snmp added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
ssh added inline key "passphrase" property;
ssh fixed RouterOS SSH client login when using a key (introduced in v7.9);
switch added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
switch fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
system improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
system reduced RAM usage for SMIPS devices;
tile fixed support for microSD card;
tr069 added 5G SCC "SNR" parameter for modems that report it;
upgrade do not run manual upgrade if some packages are missing;
ups fixed updating of "battery-voltage" property;
vrrp added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
vrrp added warning if the VRRP group is misconfigured;
vrrp added warning if VRRP or its interface does not have an IP address;
vrrp do not start connection synchronization if the global connection tracking is inactive;
vrrp fixed issue where disabled VRRP interface is affecting group;
vrrp fixed VRRP interface state on physical cable disconnection;
vrrp improved system stability on changing "group-authority" or "sync-connection-tracking";
vrrp renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
vrrp send VRRP announcements only by "group-authority";
w60g improved interface stability for PTMP setups;
webfig added high-resolution favicon;
webfig allow limitless upper bounds for number range;
webfig allow to set "0" second time for fields with default values;
webfig changed time format according to ISO standard;
webfig display date and time in local time zone;
webfig fixed missing "WifiWave2" menu;
webfig fixed missing property names in "WifiWave2" menu;
webfig redesigned item configuration display;
webfig redesigned top menu bar;
webfig removed "Tools/Telnet" menu;
webfig removed auto-login with default credentials (admin without a password);
wifiwave2 avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
wifiwave2 do not show placeholder transmit power values on interface startup;
wifiwave2 fixed CAP connection when provisioning "manager=capsman";
wifiwave2 fixed CAP interface name when using "name-format";
wifiwave2 fixed connectivity issues wheen access-list is used;
wifiwave2 fixed DFS channel availability warning (introduced in v7.9);
wifiwave2 fixed dynamic interface adding to bridge on CAP device;
wifiwave2 fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
wifiwave2 fixed incorrect limits on number of interfaces in station mode;
wifiwave2 fixed interface name change when restoring backup;
wifiwave2 fixed key handshake timeout with re-associating clients;
wifiwave2 fixed OWE authentication compatibility with 802.11ax client devices;
wifiwave2 fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
wifiwave2 fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
wifiwave2 improve protections against DoS attacks on WPA3-PSK;
wifiwave2 improved logging when an interface is unable to assign a VLAN tag to client;
wifiwave2 improved system stability when trying to exceed virtual AP limit;
wifiwave2 less verbose logging when WPA3-PSK clients are connecting;
wifiwave2 other system stability improvements;
wifiwave2 restore interface running state when connection to CAPsMAN is lost;
winbox added "MPLS/Settings" menu;
winbox added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
winbox rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
wireguard fixed IPv6 traffic processing with multiple peers;
wireguard retry "endpoint-address" DNS query on failed resolve;
x86 ice driver update to v1.11.14;
zerotier make "identity" setting sensitive;