Search changelog entries
| Component | Change |
|---|---|
| arm | improved system stability when processing encrypted traffic; |
| arm64 | increased maximum number of CPU cores to 128; |
| bgp | added brief, unnumbered output for advertisements list; |
| bgp | added initial EVPN support; |
| bgp | added NLRI filter for more precise accept/discard of ipv4/6 prefixes; |
| bgp | decode and log notifications; |
| bgp | introduced BGP instance configuration (note, downgrading to earlier versions without instance support may cause config issues); |
| bgp | print aigp attribute in advertisements; |
| bridge | added dynamic tagged entry named "switch-cpu" in scenarios where the same VLAN spans multiple switch chips or is used on both HW and SW ports; |
| bridge | added verbose STP debug logging (rx/tx BPDU, edge-port and port-role transitions, FDB flush); |
| bridge | disable/enable HW offload on bonding slave disable/enable (fixes potential MAC learning issue); |
| bridge | fixed port-id when adding a new port in non-primary MLAG; |
| bridge | refactored host learning logic in MLAG setups in order to make it more robust and predictable; |
| bth | added extra file-share functionality for use with apps; |
| bth | improved tunnel name in client config export; |
| bth,file | added direct file sharing from the WinBox Files menu; |
| certificate | improved stability after failed import; |
| chr | added Chelsio VF driver for PCIID 5803; |
| cloud | fixed restoring "BTH Files" service after a prolonged network outage; |
| cloud | reduced "BTH Files" ping interval dynamically upon failure; |
| console | added non-interactive (scriptable) serial-terminal support; |
| console | added use-tz option to :timestamp command; |
| console | fixed :convert to=num on MIPSBE; |
| console | improved stability and visuals for /interface/wireless/snooper/snoop; |
| console | improved visuals for brief print when displaying large tables; |
| console | improved visuals for hiding sensitive commands; |
| console | include flags by default when printing to value; |
| console | prioritize directory specific parameters and hide rarely used ones in print autocomplete; |
| console | replace TAB characters with spaces when editing scripts and added tab-width user configuration in /console/settings; |
| console | unified string representation of ID values; |
| console | updated hints for some /file/print parameters; |
| console | validate filenames upon addition (if enabled in /console/settings); |
| container | added "device" option to pass a device from /system/hardware menu to a container; |
| container | added /container/log menu, keep 100 messages per container; |
| container | added default print brief mode; |
| container | added initial support for container in container setups; |
| container | added option to execute commands inside a container using "/container/shell cmd= user="; |
| container | added per-container memory limiting and monitoring; |
| container | added SCTP support; |
| container | added support for cpuset, cpu, memory, pids cgroups; |
| container | allow picking passthrough devices by descriptive name; |
| container | allow read-only mounts; |
| container | allow to mount individual files, not just directories; |
| container | allow to specify multiple envlists; |
| container | allow to use multiple veths in a container, change the in container interface name to same as in RouterOS; |
| container | display any error prominently in WinBox; |
| container | do not allow multiple containers with same root directory; |
| container | enable check-certificate by default for new remote imports; |
| container | fixed containers that use inotify interface; |
| container | fixed environment variables not being passed to "/container/shell" properly; |
| container | improved compatibility when running containers with custom "cmd" and "entrypoint" commands; |
| container | improved error and log messages; |
| container | prevent user from setting "root-dir=/" for a container; |
| container | show a more descriptive error when tar extraction fails, particularly "No space left on device"; |
| container | show config.json to user; |
| container | show explicit stopped flag for container; |
| container | stability improvements; |
| container | support for direct access to hardware devices; |
| container | terminate containers on shutdown, allow them to clean up properly; |
| dhcp | show error only after interface status is synced with the system (instead of erroneously displaying it immediately); |
| dhcp-client | always set the broadcast flag for DHCP Discover packets, except when renewing the lease; |
| dhcp-server | do not show "I" flag when server is disabled; |
| dhcpv4-client | allow specifying vlan-priority of outgoing packets (for VLAN interfaces only); |
| dhcpv4-server | added "lease-agent-circuit-id" and "lease-agent-remote-id" variables to the lease script; |
| dhcpv4-server | added "ntp-none" parameter; |
| dhcpv4-server | changed the default value of address-pool to "static-only" in the option matcher, removed "none" option; |
| dhcpv4/v6-client | properly resume client service after underlying interface status changes; |
| dhcpv4/v6-server | added CoA support; |
| dhcpv6-client | added "accept-prefix-without-address" allowing client to accept prefix when address is not available although requested; |
| dhcpv6-client | update the routing table and address list on manual client configuration changes; |
| dhcpv6-server | added "ignore-ia-na-bindings" setting that allows server to ignore address requests and work just with prefixes; |
| dhcpv6-server | do not trim real client DUID when assigning it to the binding; |
| discovery | disable discovery on loopback, LTE, ppp-out interfaces; |
| disk | allow to format multiple disks at once; |
| disk | allow to remove Btrfs device by ID; |
| disk | better manage disks disappearing from RAID; |
| disk | cleanup mountpoint when setting mount-filesystem=no; |
| disk | do Btrfs remove-device asynchronously; |
| disk | fixed RAID component size to match the value in the superblock; |
| disk | offer to blink only PCI slots in console; |
| disk | rename raid-role=unspecified to spare; |
| disk | reset RAID role of old disk after spare assumes a new role; |
| disk | show total/free inode counts for fs's that support it; |
| dlna | recognize flac extension; |
| fetch | display file sizes between 1-1023 bytes as 1KiB (instead of 0KiB); |
| fetch | include RouterOS version in the "User-Agent" field; |
| file | improved file handling performance in WinBox v4; |
| firewall | added connection tracking "total-ip4-entries" and "total-ip6-entries" counters; |
| firewall | allow "dst-limit" matcher to work properly above value 10000; |
| firewall | improved IPv6 connection tracking lookup responsiveness; |
| firewall | improved system stability when processing connections on multicore systems; |
| firewall | reorganized firewall connection tracking table values and make them persistent between IPv4 and IPv6; |
| flashfig | bind to local address (fixes issue when multiple interfaces are enabled); |
| hotspot | allow only "http:" and "https:" schemas in dst field; |
| iot | added an option to increase the amount of LoRa's traffic entries displayed; |
| iot | adjusted default LoRa antenna gain values for specific devices; |
| iot | iot-bt-extra package stability improvement and additional dongle support; |
| iot | LoRa stability improvements; |
| iot | LR8G/9G firmware update; |
| iot | removed lora-package, LoRa functionality was moved into iot-package; |
| iot | removed non-existent GPIO pin functionality; |
| ip | added socksify feature and new NAT action "socksify"; |
| ipsec | fixed degraded IPsec performance for IPQ-6010 (introduced in v7.17); |
| ipv6 | added support for IPv6 ND proxying of individual addresses; |
| ipv6 | do not allow removal of dynamic address on lo interface; |
| ipv6 | make pref-src work and settable for static routes; |
| log | added command to clear memory action entries; |
| log | improved the "transmit loop detected" warning log; |
| log | output PoE-Out LLDP negotiation to poe,info topic; |
| lte | added "done" status for modem firmware-upgrade version check; |
| lte | added log entry if eSIM has no profiles on read; |
| lte | allow only one IPv6 APN for AT modems; |
| lte | display ICCID regardless of SIM PIN entry status; |
| lte | fixed modem recovery for unexpected modem reboot for Chateau 5G and Chateau 5G R16; |
| lte | fixed rare case where AT dialer could stop; |
| lte | refresh eSIM profile list after successful provision; |
| lte | renamed "uicc" to "iccid" in LTE monitor and eSIM profile print; |
| lte | show ip-type in /interface/lte/apn/print; |
| lte | use modem-supplied IPv6 address over EUI-64 when available; |
| net | fixed possible slave flag issues after user configuration changes; |
| net | improved system stability when processing TCP/UDP connections; |
| net | prevent removal of lo interface via WinBox; |
| netinstall | added after-install controls (reboot after installation, shutdown after installation, none); |
| netinstall | alert on unreadable configuration scripts; |
| netinstall | detect inactive install interface; |
| netinstall | fixed install for PPC devices; |
| netinstall | fixed mutually exclusive checkbox behavior; |
| netinstall | show router and package architecture; |
| netinstall | warn user if not enough space on device; |
| netinstall-cli | added MAC filter option "--mac"; |
| netinstall-cli | added multiple install option "-m"; |
| netwatch | fixed date and time for stats; |
| ovpn | added support for sha384 hmac; |
| ovpn | improved tunnel setup speeds in configurations with large ammount of active OVPN clients; |
| partitions | fixed failure to repartition correctly from 32MB partition size; |
| partitions | hide partition menu on unsupported boards (without NAND); |
| partitions | limit minimal partition size to 60MB; |
| poe-out | upgraded firmware for 802.3at/bt controlled boards (the update will cause brief power interruption to PoE-out interfaces); |
| port | added IPv6 support for "remote-access" tool; |
| ppp | added DHCPv6 assigned prefix to address list when configured and received from RADIUS; |
| ppp | added dhcpv6-lease-time profile configuration property; |
| ppp | do not send initial echo request if keepalive-timeout=disabled; |
| ppp | improved system stability when closing connections; |
| pppoe-server | added accept-untagged=yes/no option to accept untagged traffic in combination with pppoe-over-vlan-rage property; |
| ptp | added PTP support for RDS2216 device; |
| qos-hw | added mirror-buffers property and monitoring values; |
| radius | fixed issue with Session-Timeout attribute functionality; |
| route | added missing and remove unnecessary parameters from /ipv6/route menu; |
| route | afi naming consistency in logs; |
| route | attempt to clean up stuck routes in the routing table; |
| route | do not allow to modify dynamic routes; |
| route | make routing table print faster with hw-offload, gateway and blackhole queries; |
| routerboot | fixed boot MAC for CRS212 switch ("/system routerboard upgrade" required); |
| routing-filter | added filter-wizard (filter generator with v6-like syntax); |
| routing-filter | make "chain" and "list" parameters required when adding new item; |
| sfp | added sfp-power-class and sfp-max-power monitor values for QSFP; |
| sfp | fixed qsfp28 breakout disable; |
| sfp | improved initialization and linking for sfp28 on CRS518; |
| sfp | improved system stability with some GPON modules for CCR2004 and CCR2116 devices; |
| smips | reduced package size and removed hotspot capabilities; |
| sniffer | added CPU number and fast-path status in per-packet comment; |
| sniffer | save packets in pcapng format, it now includes interface name the packet was sniffed on, packet direction and nanosecond timestamp resolution; |
| snmp | added SNMP OIDs for firewall connection tracking "total-entries", "total-ip4-entries" and "total-ip6-entries"; |
| ssh | improved stability on busy server; |
| ssh/sftp | fixed session disconnects during file transfer; |
| supout | added certificate settings section; |
| switch | fixed ACL rules when ports are not specified (fixes dynamic rules for RoMON); |
| switch | fixed port blocking by MSTP for 88E6393X, 88E6191X and 88E6190 switches; |
| switch | hide cpu-flow-control on irrelevant devices; |
| switch | improved bond MAC flush for 88E6393X, 88E6191X and 88E6190 switches; |
| switch | improved hash calculation for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98CX8410 switches (affects load balancing for bonds, ECMP routes, and VXLAN source port); |
| switch | improved ingress-rate limit precision for 88E6393X, 88E6191X and 88E6190 switches; |
| switch | rework ethernet counters (add tx-drop-queueX-byte/packet, tx-drop-byte/packet, tx-queueX-byte to /in/eth and updated GUI); |
| system | added support for OpenFlow 1.3 (new package "openflow" available); |
| system | do not automatically retry in case /system/package/update download fails; |
| system | fixed bb-upgrade failure on RB5009; |
| system | improved system configuration journaling procedure; |
| system | merge /system/resource/usb and /system/resource/pci into /system/resource/hardware and create a device tree; |
| usb | improved system stability after unplugging USB device for RB5009; |
| user | change /user/active/request-logout to /user/active/remove; |
| vrrp | added proxy-arp support; |
| vrrp | fixed sync-connection-tracking issue when parent interface is disabled/enabled; |
| vrrp | improved responsiveness when router has many IP addresses depending on VRRP state; |
| vrrp | make MTU property read-only; |
| vxlan | added checksum and learning properties; |
| webfig | added token authentication (no password prompt on reload or new window, logout button will log out all related sessions, removing a user will disconnect from active sessions); |
| webfig | allow network map scrolling in Dude; |
| webfig | basic mobile keyboard support for terminal; |
| webfig | do not show Keepalive if not set in GRE Tunnel form; |
| webfig | filter out unusable Bands and Channels for wifi interfaces; |
| webfig | fixed an issue where dynamic dropdown lists were hidden despite having values; |
| webfig | fixed hiding New button with skins; |
| webfig | fixed skin limits for radio buttons; |
| webfig | fixed Target field duplicate when disabling simple queue; |
| webfig | improved stability when displaying read-only scripts; |
| webfig | make columns a bit wider in tables; |
| webfig | make the Close buttons actual buttons, not links; |
| webfig | mask certain fields where values match default value; |
| webfig | more space to branding logo; |
| webfig | redesign logical "not" operator selector; |
| webfig | remove duplicate flag labels in QuickSet tables; |
| webfig | show system note on login; |
| webfig | use lexicographical sort in dropdown lists; |
| wifi | added tr069 support for wifi interfaces; |
| wifi | avoid picking 5GHz channels by default which are unlikely to be supported by clients, can be overridden with channel.deprioritize-unii-3-4 (CLI only); |
| wifi | restart CAPsMAN only on significant configuration changes; |
| winbox | added Address List Extra Time under "IP/DNS" menu; |
| winbox | added Digest Algorithm under "System/Certificates" menu; |
| winbox | added EAP identity under "WiFi/Registration" menu; |
| winbox | added Heartbeat under "Bridge/MLAG" menu; |
| winbox | added Installation under "WiFi" menu; |
| winbox | added missing Comments under "User Manager" menus; |
| winbox | added missing WPA2 PSK SHA2 option under "WiFi/Security" menu; |
| winbox | added MPLS Mangle; |
| winbox | added option to create new entries under "System/Users/SSH Keys" menu; |
| winbox | allow to specify CAPsMAN Address as IPv6 LL; |
| winbox | bump minimal WinBox version to 3.42; |
| winbox | correctly unset Locked CAPsMAN field; |
| winbox | differentiate PPP Profile Rx/Tx Queue settings; |
| winbox | display errors from the "Files/Sync" menu; |
| winbox | fixed container RAM parameter type; |
| winbox | fixed Record Type field under "Tools/Netwatch" menu; |
| winbox | make IPv6 Immediate Gateway read-only; |
| winbox | make log message field as multiline; |
| winbox | move CAPsMAN settings button from Remote CAP to WiFi table; |
| winbox | rename Ping Timeout field to Interval; |
| winbox | rename SMS Type field to Modem Type; |
| winbox | rework LTE firmware upgrade buttons into one window; |
| winbox | show "Switch" related menus only on boards that support such features; |
| winbox | use same WireGuard default values as in console; |
| Component | Change |
|---|---|
| certificate | fixed support for certificates imported or added in RouterOS v7.4 or earlier (introduced in v7.19); |
| console | improved stability when a running script is removed; |
| container | stability improvements; |
| disk | fixed RAID component size to match the value in the superblock; |
| disk | improved handling of RAID spare disks; |
| disk | improved stability when using RAID; |
| ethernet | fixed flow-control for RB5009; |
| iot | fixed incorrectly shown LoRa payload RSSI values; |
| poe-out | fixed PoE-out reset when inserting specific SFP modules on RB5009; |
| poe-out | upgraded firmware for 802.3at PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces); |
| routing-filter | use zero as default as-path length (allows matching empty as path); |
| sfp | correctly classify 100Mbps modules as "100M-baseFX"; |
| Component | Change |
|---|---|
| arm64 | fixed possible transmit queue timeout on CCR2216, CCR2116, RDS2216; |
| arp | added warning, when "Published" ARP entry used on an interface with "reply-only" ARP mode enabled; |
| bgp | added input.filter-community; |
| bgp | fixed excessive CPU usage; |
| bgp | fixed input.accept-community; |
| bgp | fixed memory leak on receiving notify and closing session; |
| bgp | improved performance on BGP input; |
| bonding | added setting for LACP active/passive modes; |
| bridge | added new STP monitoring fields for bridge and ports (Tx/Rx BPDU, Tx/Rx TC, forward/discard transitions, last topology change, message-age, max-age, remaining-hops, bridge-id); |
| bridge | fixed bridge port hang when using invalid port IDs; |
| bridge | fixed dhcp-snooping in QinQ setups; |
| bridge | fixed issue when local MACs were removed unnecessarily; |
| bridge | fixed minor memory leak on link down; |
| bridge | fixed multicast packet flow on hardware offloaded bridge which acts as "multicast-router"; |
| bridge | improved default bridge and port layout on console and GUI; |
| bridge | improved stability in case of configuration error (introduced in v7.15); |
| bridge | moved "TCHANGE" logs from bridge,stp to bridge,stp,debug; |
| bridge | offload VXLAN only if another HW offloaded port exists in the bridge; |
| bridge | properly flush bridge hosts when bonding is used as bridge port and loses hw-offloading status; |
| bridge | rename "ports" to "interface" under MDB table for configuration consistency with other menus; |
| bridge | renamed STP monitor fields (port-number to port-id, designated-port-number to designated-port-id, designated-bridge to designated-bridge-id); |
| bridge | show designated-* monitor field for all port roles; |
| bridge | show warning instead of causing error when using multicast MAC as admin-mac (introduced in v7.17); |
| bth | properly specify "in-interface" when adding dynamic firewall NAT rule; |
| capsman | fixed "undo" command for cap interfaces; |
| certificate | added built-in root certificate authorities store; |
| certificate | do not include CA identity in SCEP POST requests; |
| certificate | fixed cloud-dns challenge validation for sn.mynetname.net (CLI only); |
| certificate | improve error message when trying to use certificate; |
| certificate | optimize trust store; |
| cloud | fixed issues when BTH is toggled fast between enable/disable; |
| cloud | improved "BTH Files" web page design; |
| conntrack | improved stability on busy systems; |
| console | added on-error to "for" and "foreach" loops; |
| console | added proplist to monitor command; |
| console | disallow incomplete double-quoted arguments (allows multiline string pasting); |
| console | do not treat return values as errors in scripts run from scheduler; |
| console | enabled verbose error logging for non-scripted/non-verbose imports; |
| console | fixed issue with file-name completion (introduced in v7.18); |
| console | fixed issue with files when using scripts (introduced in v7.18); |
| console | fixed misaligned multiline in brief print mode; |
| console | improve time value handling; |
| console | improved file add/remove process stability; |
| console | print large number argument values in proper format in export output; |
| console | set "/system/note show-at-login=yes" the default value after configuration reset; |
| console | validate script arguments (do, on-error, etc.) and reject invalid values; |
| container | allow changing container name; |
| container | fixed repository name handling to prevent redirect issues when basic authentication is used; |
| container | try to derive a user readable container name from remote image or file; |
| defconf | added DHCP Client on RDS2216 MGMT interface; |
| defconf | increased PPP interface wait time; |
| device-mode | added new "rose" mode where "container" feature is enabled by default; |
| dhcpv4 | improved outgoing packet logging; |
| dhcpv4-client/server | added support for DHCPv4 reconfigure messages; |
| dhcpv4-server | "Relay-Agent-Information" (82) option moved at the end of option list in response packets; |
| dhcpv4-server | accept packets with htype 6; |
| dhcpv4/v6-client | added check-gateway parameter; |
| dhcpv4/v6-client | fixed default route when DHCP client interface is in VRF; |
| dhcpv6-client | allow selecting to which routing tables add default route; |
| dhcpv6-relay | clear saved routes on DHCP release; |
| dhcpv6-relay | show client address; |
| dhcpv6-server | allow unsetting prefix-pool for static bindings and show warning if prefix is not in selected prefix-pool; |
| dhcpv6-server | change bound status to waiting on binding disable; |
| dhcpv6-server | change static binding bound status to waiting on server disable; |
| dhcpv6-server | fix when expired static binding is declined with false "binding belongs to another server" reason; |
| dhcpv6-server | improved stability when disabled server have static bindings; |
| dhcpv6-server | improved stability when disabling server with active bindings; |
| disk | add "sector-size" property in print detail; |
| disk | add reset-counters to /disk btrfs filesystem; |
| disk | renamed "eject-drive" command to "eject" (CLI only); |
| disk | renamed "format-drive" command to "format" (CLI only); |
| dlna | improved folder indexing behavior; |
| dns | improved DNS server service stability; |
| dot1x | fixed dynamic switch ACL rules on boards with a lot of ports (e.g. CRS520); |
| ethernet | improved Ethernet and PoE port mapping to ensure a consistent and reliable interface order; |
| fetch | fixed false successful messages in FTP mode; |
| file | added show-hidden parameter to /file/print, allowing referencing and deleting hidden files; |
| file | fixed missing files from The Dude (introduced in v7.18); |
| file | improved responsiveness on slow filesystems; |
| firewall | always show "passthrough" when exporting mangle table; |
| firewall | detect VRF addresses as local; |
| firewall | fixed IP/Settings "ipv4-fasttrack-active" status showing as inactive when it is active; |
| general | system – added new "switch-marvell" and "wifi-mediatek" packages to support upcoming products; |
| general | vxlan -improved system stability when using IPv6 VTEP; |
| health | hide settings in CLI if there is nothing to show; |
| health | improved performance on devices with simple voltage sensors; |
| hotspot | improvements to memory usage; |
| igmp-proxy | do not try to send leave message for multicast groups that the device itself has joined on the upstream interface (cosmetic fix for proxy error logs); |
| ike2 | improved initial key exchange process on slow or unreliable connections; |
| iot | improvement to LoRa dev-addr-validation behavior; |
| iot | improvement to LoRa join eui/net id filtering behavior; |
| iot | improvement to LoRa stability and functionality; |
| iot | improvement to LoRa whitelist/blacklist support; |
| iot | iot-bt-extra package stability improvement; |
| ip-service | show all TCP/UDP connections on the system; |
| ip-service | show all TCP/UDP ports on system, including ports in containers; |
| ip-service | show error message when service enable fails; |
| ippool6 | properly free IPv6 pool used prefix when it is not used any more; |
| ipsec | fixed system failure on MMIPS devices when using IPsec services; |
| ipsec | lower standalone cipher, hash priority when using ctr aead; |
| ipv6 | avoid watchdog reboot due to link-local IPv6 address reconfiguration on thousand of interfaces at once; |
| ipv6 | fixed EUI-64 false error message on address update when "from-pool" option is used; |
| isis | properly validate 3-way hello handshake; |
| l2tp-ether | improved stability when trying to connect to disabled L2TP server with IPsec; |
| l3hw | remove VLAN tag before VXLAN encapsulation (fixes pvid behavior for bridged VXLAN); |
| log | added additional CEF fields from firewall and login logs; |
| log | fixed remote logging after reboot when hostname is forwarded to a DNS server; |
| log | populate in/out fields in firewall CEF logs with correct data; |
| lte | added UICC parameter in LTE monitor for R11e-4G modem; |
| lte | additional fixes for eSIM management support; |
| lte | AT modems, improved redialing when modem lost connectivity without notifying host about APN status change; |
| lte | automatically enable roaming for known roaming only SIM/eSIM profiles; |
| lte | Chateau 5G R16 fix DHCP relay packet forwarding using LTE interface; |
| lte | deactivate current eSIM profile before activating new profile; |
| lte | fixed default APN for configless modems; |
| lte | fixed EC200A-EU APN authentication; |
| lte | fixed initialization for Neoway N75 modem; |
| lte | fixed initialization for R11e-LTE6 modem; |
| lte | fixed LTE passthrough activation issue when IPv6 APN is used; |
| lte | fixed LTE status update or possible crash when modem is unexpectedly removed from system; |
| lte | fixed MBIM modem recovery after modem unexpected restart; |
| lte | fixed modem recovery after firmware upgrade for R11e-LTE modem; |
| lte | fixed possible crash or missing IPv6 address on first APN activation when IPv6 capable APN is used; |
| lte | fixed Router Advertisement processing issue for AT modems when an APN with "ip-type=ipv6" was configured; |
| lte | improved dialer for EC200A-EU modem; |
| lte | improved R11e-LTE6 link recovery delay time after unexpected modem registration status changes; |
| lte | initial support for user settable modem redial timer; |
| lte | initialize Quectel modems as soon as they are ready after unexpected restart; |
| lte | reset internal link-recovery-timer on sim slot change; |
| lte | set apn profile name the same as apn if no name specified when creating the profile; |
| lte | show correct value for 5G SA "current-cellid"; |
| net | remove support for automatic multicast tunneling (AMT) interface (introduced in v7.18); |
| netinstall | improved network socket re-opening when NIC status changes while running the server; |
| netinstall | provide warning if memory on installed router is full after installation; |
| netinstall | show warning when network configuration on PC might not be appropriate for installation; |
| netinstall-cli | check for other running Netinstall servers on startup; |
| netinstall-cli | clear old configuration before user script using "-s"; |
| netinstall-cli | fixed issue with applying the branding package; |
| ospf | fixed "mismatch" typo in logs; |
| ospf | make auth-key parameter sensitive; |
| ovpn | properly match GCM hardware acceleration capabilities (introduced in v7.17); |
| ovpn-server | do not reset active connections when changing comment or name; |
| ovpn-server | fixed server start-up after a reboot; |
| ovpn-server | properly show "username" in log when authentication fails; |
| pimsm | fixed issue where own query caused querier detection; |
| poe-out | upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces); |
| port | added support for Huawei E3372-325 variant (vendor-id="0x3566" device-id="0x2001"); |
| port | added USB mode switch support for "huawei-alt-mode"; |
| port | fixed KNOT BG77 modem port lost after RouterOS upgrade from previous versions; |
| port | improvements to KNOT BG77 modem port channel handling; |
| ppc | fixed VLAN TCP packet transmit on PPC devices; |
| profiler | improved process classification; |
| ptp | added "ptp" logging topic; |
| ptp | allow multiple instances; |
| ptp | fixed PTP on 2.5G links; |
| ptp | fixed PTP on QSFP ports for CRS326, CRS510, CRS520, CCR2216 devices; |
| queue | fixed system failure when CAKE kind queue was configured but queue type definition does not exist anymore (introduced in v7.18); |
| queue | speed-up queue addition/removal process; |
| quickset | improved system stability; |
| rose-storage | added Btrfs disk balance command (CLI only); |
| rose-storage | added degraded Btrfs mount option (CLI only); |
| rose-storage | fixed mounting Btrfs subvolumes using macOS SMB client; |
| rose-storage | fixes for Btrfs; |
| rose-storage | improved system stability when removing NVMe disks; |
| rose-storage | rename default RAID device name from "raid" to "raid-array"; |
| rose-storage | show Btrfs balance and scrub errors if any; |
| route | added options to set dynamic-in and connected-in chains in /routing/settings; |
| route | fixed stuck output when calling prints from multiple routing menus; |
| route | fixed route rule "min-prefix" unset; |
| route | improve stability on BGP reconnect; |
| route | make AFI naming consistent; |
| route | show "routing-table" by default on console print output; |
| route | show BGP session name instead of cache-id; |
| route-filter | fixed the "blackhole" option setting process; |
| route-filter | improved performance; |
| sfp | added sfp-encoding data output from EEPROM; |
| sfp | improved QSFP link stability for CRS354 devices; |
| sniffer | add max-packet-size (2k-64k) setting to be able to sniffer more than 2k data per packet; |
| snmp | fixed v2 getnext noSuchName error when OID with requested key does not exist; |
| ssh | fixed authorization with SSH key when multiple user SSH public keys are imported; |
| ssl/tls | respond with more precise alert error messages; |
| ssl/tls | send certificate authority in Certificate message even if it is not trusted; |
| switch | do not count rx-too-long multiple times on 100Gbps QSFP28; |
| switch | fixed egress mirroring for packets coming from external CPU port (e.g. CRS520, CCR2216, CCR2116); |
| switch | fixed switch name for hEX Refresh; |
| switch | flush CPU port FDB entries on switch disable; |
| switch | improve rate limit accuracy for MT7531, MT7621, EN7562CT; |
| switch | improved boot stability on devices with Alpine CPU and switch chip; |
| switch | improved stability when enabling IGMP snooping with VXLAN (introduced in v7.18); |
| switch | properly match IPv6 packets with empty ACL rule on CRS3xx, CRS5xx, CCR2004, CCR2116, CCR2216, RDS devices; |
| system | fixed "/system reboot" when the system disk is completely full; |
| system | improved internal "flash/" prefix handling for different file path related settings; |
| system | improved system stability when sending TCP data from the router; |
| timezone | updated timezone information from "tzdata2025b" release; |
| torch | improved data reporting; |
| upgrade | improved free disk space calculation; |
| upgrade | improved upgrade procedure reliability; |
| vrrp | fixed detection of connection tracking after reboot (introduced in v7.17); |
| webfig | allow table column resize over side toolbar; |
| webfig | don't reorder rows when selecting header cells with Alt+click; |
| webfig | show IPv6 firewall connections; |
| webfig | show missing data in "IP/DNS/Cache" records; |
| wifi | add channel.reselect-time parameter which allows to perform channel re-selection at given time of day (CLI only); |
| wifi | add information on CAP uptime and connection uptime in "Remote CAP" list; |
| wifi | added "eap-identity" to registration table; |
| wifi | added SSID to logs; |
| wifi | display error when trying to run snooper on interface which does not support wireless packet capture (sniffer); |
| wifi | fix authentication of clients which omit some RSN information at association; |
| wifi | fix incorrect info about current channel for station interfaces after AP has switched channel (introduced in v7.17); |
| wifi | fix possible snooper crash when parsing frames with malformed headers; |
| wifi | fixed 5GHz chain enumeration on Chateau PRO ax; |
| wifi | implement WPA2 PSK authentication with key derivation using SHA256 (CLI only); |
| wifi | improve parsing of captured frames which have nested flags in radiotap header; |
| wifi | improved stability for wifi interfaces; |
| wifi | improved stability when doing SNMP query; |
| wifi | improved wifi connection stability when used as a station for "b" mode access point; |
| wifi | re-word log entries about disconnections which are likely caused by peer using a wrong passphrase; |
| wifi | use at least TLS 1.2 for securing connection between CAPsMAN manager and CAPs; |
| wifi-qcom | fix inability of interfaces in station mode to connect if they do not support full bandwidth of AP; |
| wifi-qcom | fix OWE authentication for 802.11ac interfaces in station mode; |
| winbox | added "MAC Telnet" under "Wifi/Registration" menu; |
| winbox | added "Multi Passphrase Group" for wifi; |
| winbox | added "Reset MAC address" for legacy wireless and wifi; |
| winbox | added comment fields for WiFi "Multi Passphrase Group" menu; |
| winbox | added comment under "User Manager/Routers" menu; |
| winbox | added country to wireless setup-repeater; |
| winbox | added missing "Switch" menu for RDS; |
| winbox | added missing file systems for disk formatting; |
| winbox | added missing parameters for BTRFS related action functions; |
| winbox | added mount-point parameter under "Disk/Settings" menu; |
| winbox | added netmask support for switch rule Src/Dst IPv6 Address settings; |
| winbox | allow opening BTRFS menu entries; |
| winbox | changed default wireless wds-cost-range values; |
| winbox | do not show not relevant values for certificate template; |
| winbox | fixed "Multi Passphrase Group" setting for wifi; |
| winbox | fixed "registry-url" field under "Containers" configuration menu; |
| winbox | fixed missing SMB client on non-ROSE devices; |
| winbox | fixed several statistics counters not being read only; |
| winbox | fixed switch menu for Chateau 5G; |
| winbox | fixed time interval type fields precision under "Disks" menu; |
| winbox | hide container File/Remote Image fields only when instance added; |
| winbox | improve graphing efficiency when communicating with WinBox; |
| winbox | make BTRFS "Parent" and "Send Parent" options optional; |
| winbox | properly show/hide OSPF, RIP and BGP tabs for IPv6 routes; |
| winbox | renamed "raid-member" to "raid member" flag for consistency; |
| winbox | show eSIM profiles under eSIM menu without manual refresh; |
| wireguard | add wg-import config-string parameter to import config directly from terminal; |
| wireguard | update peer info on "get" command; |
| wireless | added "eap-identity" to registration table; |
| wireless | implement handling of RADIUS disconnect messages by CAPsMAN; |
| wireless | suggest all legitimate frequencies for interfaces with 20/40mhz-XX channel width in GUI; |
| x86 | added support for Emulex NIC; |
| x86 | i40e updated driver to 2.27.8 version; |
| x86 | remove unnecessary console output on shutdown; |
| Component | Change |
|---|---|
| bridge | fixed multicast packet flow on hardware offloaded bridge which acts as "multicast-router" (additional fixes); |
| certificate | added built-in root certificate authorities store (additional fixes); |
| iot | improvements to LoRa stability and functionality; |
| iot | improvements to LoRa whitelist/blacklist support; |
| iot | iot-bt-extra package stability improvement; |
| ip-service | show all TCP/UDP ports on system, including ports in containers (additional fixes); |
| lte | fixed modem firmware upgrade process for Chateau 5G un Chateau 5G R16 (introduced in v7.19beta8); |
| lte | improved R11e-LTE6 link recovery delay time after unexpected modem registration status changes; |
| ospf | make auth-key parameter sensitive; |
| port | fixed KNOT BG77 modem port lost after RouterOS upgrade from previous versions; |
| switch | fixed switch name for hEX Refresh; |
| vrrp | fixed detection of connection tracking after reboot (introduced in v7.17); |
| wifi | improved stability when doing SNMP query; |
| winbox | hide container File/Remote Image fields only when instance added; |
| Component | Change |
|---|---|
| device-mode | fixed print command (introduced in v7.19rc1); |
| ip-service | show all TCP/UDP ports on system, including ports in containers (additional fixes); |
| lte | deactivate current eSIM profile before activating new profile; |
| lte | fixed default APN for configless modems; |
| route | fixed route rule "min-prefix" unset; |
| route | show "routing-table" by default on console print output; |
| switch | properly match IPv6 packets with empty ACL rule on CRS3xx, CRS5xx, CCR2004, CCR2116, CCR2216, RDS devices; |
| timezone | updated timezone information from "tzdata2025b" release; |
| winbox | properly show/hide OSPF, RIP and BGP tabs for IPv6 routes; |