Search changelog entries
| Component | Change |
|---|---|
| app | added birdnet-go, cryptpad, diagrams-net, metube, nextcloud-whiteboard, paperless-ngx, wbo, zulip apps; |
| app | allow filtering by installed apps; |
| app | allow picking app category from drop-down; |
| app | automatically restart app when required hardware device is changed; |
| app | bundled ollama with openwebui; |
| app | fixed issue where XFS disks did not appear in the app disk drop-down; |
| app | make sure all layer .tar.gz files are deleted after extraction finishes; |
| bfd | fixed source address selection for IPv6 multihop sessions; |
| bgp | fixed stability issue when nonexistent output select-chain was specified; |
| bgp-vpn | fixed non-working import filter after reboot; |
| bridge | improved MAC synchronization for MLAG (additional fixes); |
| bth | fixed WireGuard client config IP address netmask; |
| chr | improved guest tool config for arm64 CHR; |
| console | removed the "reset" command from shared settings menus (IP/IPv6/Bridge/L3HW/Neighbor-Discovery/Connection-Tracking); |
| container | added support for noexec option to mounts; |
| container | added support for USB audio devices for containers; |
| container | do not allow starting container/shell with non-existing user or group; |
| container | draw graphs in container stats; |
| container | remove container backup directory if import fails; |
| container | show container size and container data size; |
| container | show default DNS servers; |
| dhcpv4-server | changed lease agent-circuit-id and agent-remote-id format to HEX; |
| discovery | added option to disable/enable LLDP MED; |
| discovery | added separate read-only menu "/ip/neighbor/lldp" for neighbors discovered by LLDP the (CLI only); |
| discovery | dynamically update advertised "interface-name"; |
| discovery | fixed LLDP MAC/PHY TLV; |
| disk | added disk check and repair for ext4, btrfs and xfs file systems; |
| disk | use USB UASP interface for supported devices; |
| file | added copy, tail, head commands (CLI only) (additional fixes); |
| graphing | improved service stability when storing data; |
| interface | show warning when same MAC address is used on more than one virtual interface; |
| iot | improved LoRa stability; |
| ip | added SNI logging for reverse-proxy; |
| ip-settings | added ipv4-fragment-time and ipv4-high-fragment-thresh settings, use default values based on total device memory (additional fixes); |
| ippool6 | properly follow pool changes for already used prefixes; |
| log | added ssld error logging (additional fixes); |
| log | do not provide non-existent logging topics for configuration; |
| log | fixed "/system/logging/action/get" command (introduced in v7.22); |
| lte | added fast SIM switchover support using AT channel for MBIM modems without MBIM_CID_MS_UICC_RESET firmware support; |
| lte | configure IP address for AT modems even if no DNS is received from the network; |
| lte | do not reconfigure modem in passthrough mode if passthrough cannot be activated because of slave interface; |
| lte | fixed automatic modeswitch for "Chateau 5G R16" and "Chateau 5G"; |
| lte | fixed broken network scan after being interrupted by reconfiguration; |
| lte | fixed LTE modem automatic modeswitch (introduced in v7.22); |
| lte | fixed missing automatic redial when cellular connectivity is lost for R11e-LTE; |
| lte | improved system stability; |
| lte | stop network scan on interruption for QMI modems; |
| lte | unify "modem-init" for all driver types; |
| ospf | allow adding interface configuration manually, bypassing interface-template; |
| ospf | change virtual link configuration to use OSPF interface directly; |
| ospf | fixed missing interface-template configuration which previously was converted by upgrading from RouterOS v6; |
| qos-hw | added ECN and PFC support on CRS8xx (additional fixes); |
| qos-hw | display queue0 limits for CPU port; |
| qos-hw | fixed "offline" tx-manager ability to queue at least one packet (introduced in v7.21); |
| qos-hw | fixed CPU traffic mapping to queues on CRS8xx switches; |
| qos-hw | prohibit setting CPU port with "offline" tx-manager; |
| route | fixed link-local interface check when resolving IPv6 nexthops; |
| route | improved service stability when removing routes; |
| routerboard | fixed applying settings via WinBox on devices with fixed CPU frequency; |
| routerboot | fixed Netinstall failure when using multiple partitions on AL73400, AL52400, AL32400 CPUs ("/system routerboard upgrade" required); |
| sftp | fixed path canonicalization request; |
| snmp | added missing BRIDGE-MIB OIDs (dot1dBaseNumPorts, dot1dBaseType, dot1dStpDesignatedRoot, dot1dStpRootCost, dot1dStpRootPort, dot1dStpHoldTime, dot1dStpBridgeMaxAge, dot1dStpBridgeHelloTime, dot1dStpBridgeForwardDelay, dot1dStpPortForwardTransitions, dot1dTpAgingTime); |
| snmp | added missing LLDP-MIB OIDs (lldpMessageTxInterval, lldpMessageTxHoldMultiplier, lldpLocManAddrTable); |
| snmp | fixed compliance of LLDP-MIB lldpRemManAddrTable; |
| snmp | fixed dot1dStpPortDesignatedPort OID; |
| snmp | fixed ifSpeed and ifHighSpeed OIDs for 802.3ad and balance-xor bonding interfaces; |
| snmp | fixed lldpLocSysDesc OID; |
| snmp | fixed return value for certain string OIDs (introduced in v7.23beta2); |
| snmp | use "/ip/neighbor/lldp" for lldpRemTable and lldpRemManAddrTable (fixes lldpRemTable showing neighbors discovered by MNCP or CDP); |
| ssh | improved host resolve error logging; |
| switch | improved FDB operations on QCA8337, Atheros8327; |
| switch | rework how IEEE reserved MAC addresses are handled on QCA8337, Atheros8327; |
| system | added FCC Part 15 Compliance label to "System/Regulatory" menu; |
| system | included full certificate chain to Windows executables; |
| system | keep HTTP/2 connection open if it is not closed by system or server; |
| system | make default identity based on board name; |
| veth | fixed link-local address not being configurable as a gateway; |
| wifi-mediatek | fixed HE capabilities IE on 2GHz band; |
| winbox | added "MLD Static" and "MLD Datapath" properties under the "WiFi/CAP" menu; |
| winbox | added "Multipath" property under the "Routing/BGP/Instance" menu; |
| winbox | added "Supported HW Caps" and "Multi Link Mode" configuration options under the "WiFi/Provisioning" menu; |
| winbox | allow setting "CAPsMAN address" for CAP as domain name; |
| winbox | do not set empty chain when adding/editing routing rule; |
| winbox | improved "External Antenna" property display; |
| winbox | properly display multiple bands for multi-link interface clients under registration table; |
| winbox | show "IPv6 Address" property by default under the "IP/Neighbors" menu; |
| wireguard | improved system stability; |
| Component | Change |
|---|---|
| bgp-vpn | fixed non-working import filter after reboot; |
| certificate | added option to configure built-in trust store for all services (CLI only); |
| certificate | use "default" for built-in trust store default value; |
| chr | improved virtio_net stability; |
| console | removed the "reset" command from shared settings menus (IP/IPv6/Bridge/L3HW/Neighbor-Discovery/Connection-Tracking); |
| defconf | fixed architecture detection for apps; |
| hardware | name serial devices after port names; |
| hardware | name storage hardware devices after slot name in "/disk" menu; |
| l3hw | fixed a system stability issue (introduced in v7.21); |
| leds | allow multiple interface selection for interface-activity trigger; |
| log | do not provide non-existent logging topics for configuration; |
| log | fixed "/system/logging/action/get" command (introduced in v7.22); |
| lte | fixed LTE modem automatic modeswitch (introduced in v7.22); |
| lte | fixed Tx stat reporting in LTE passthrough mode (introduced in v7.22); |
| qos-hw | display queue0 limits for CPU port; |
| qos-hw | fixed "offline" tx-manager ability to queue at least one packet (introduced in v7.21); |
| qos-hw | prohibit setting CPU port with "offline" tx-manager; |
| quickset | fixed configuration of multi-link APs; |
| ssh | make login process asynchronous; |
| switch | disable EEE on RB5009 and CCR2004-16G-2S+ devices; |
| system | fixed total memory reporting on hAP be3 Media; |
| tr069 | fixed modem extended revision reporting; |
| wifi | fixed bridge VLAN configuration for multi-link interfaces; |
| wifi | fixed EAP authentication for multi-link clients; |
| wifi | improved link-specific parameter application after reboot for multi-link interfaces; |
| wifi | improved stability during association; |
| winbox | added "Supported HW Caps" and "Multi Link Mode" configuration options under the "WiFi/Provisioning" menu; |
| winbox | do not set empty chain when adding/editing routing rule; |
| winbox | fixed "Remote AS" setting under the "Routing/BGP/Connections" menu; |
| winbox | fixed "Src/Dst Address Type" under the "IP/Firewall/NAT" menu; |
| winbox | make the band field on the WiFi registration table multi-argument; |
| Component | Change |
|---|---|
| app | added docker-with-dockge, docker-with-komodo, docker-with-portainer, HA-otbr-matter, odoo, otbr, stalwart apps; |
| app | added possibility to set app command-line parameter from CLI; |
| app | allow apps on xfs file system; |
| app | allow overriding default stop signal; |
| app | allow parsing DNS in YAML; |
| app | allow passing stop signal from YAML and passing it to container as default; |
| app | allow updating name parameter from YAML for custom apps; |
| app | allow updating YAML for existing custom app, forces cleanup; |
| app | apps now check for port availability, apps will not start on "internal" if app masks existing service; |
| app | automatically pass any required devices to container, such as otbr; |
| app | disabled PiHole syncing NTP to host; |
| app | fixed potential crash when running cleanup on a lot of apps; |
| app | fixed saving custom apps; |
| app | fixed showing ui-url for apps; |
| app | fixed uptime-kuma and jupyter-notebook; |
| app | fixed YAML not exported for custom apps; |
| app | improved app networks and port behavior; |
| app | improved automatic hardware device passing to container; |
| app | improved YAML error message; |
| app | on file based devices, swap is enabled on the file itself instead of creating another one and enabling it on that; |
| app | stability fixes for the "/app" menu; |
| app | swap file is now created based on the mount-point it is attached to; |
| arm64,x86 | updated Broadcom bnxt Ethernet driver for 200G support; |
| bridge | added ability to set custom Option 82 with dhcp-agent-circuit-id, dhcp-agent-remote-id settings (replaces add-dhcp-option82 setting; configuration is automatically updated after upgrade); |
| bridge | added DHCPv6 snooping feature with ability to set custom Option 18 and Option 37; |
| bridge | improved MAC synchronization for MLAG; |
| bridge | recognize more DHCP message types when dhcp-snooping is enabled; |
| certificate | added option to configure built-in trust store for all services (CLI only); |
| certificate | use "default" for built-in trust store default value; |
| chr | improved virtio_net stability; |
| cloud | show error if cloud services are not supported on the device; |
| console | added syntax highlight for script properties in some menus (e.g. dhcp-client, dhcp-server, ppp/profile, interface/vrrp); |
| console | export mentions custom defconf script presence in header; |
| console | fixed "/log/print follow on-event" to work with "where" (introduced in v7.22); |
| console | removed redundant keepalive for the serial-terminal, ensure that the device no longer periodically outputs /0 while using "/system/serial-terminal"; |
| console | show "/system/resource/hardware/usb-power-reset" only on x86; |
| container | added restart-policy=no/always/on-failure, stop-on-unhealthy, restart-count, restart-interval, restart-max-count properties; |
| container | allow disabling individual container environment variables without deleting them; |
| container | allow picking mount source directories with the file picker in WinBox; |
| container | allow setting memory-max global and per container; |
| container | allow user-defined mounts overriding /sys and /dev; |
| container | clean up layers of non-existing containers; |
| container | detect and show containers killed by out-of-memory killer; |
| container | fixed container entrypoint and shell override by user; |
| container | fixed container layer size calculation; |
| container | fixed container shell not working with multi-arg commands; |
| container | fixed losing container after reboot; |
| container | fixed repull if root-dir of container was in tmpfs; |
| container | fixed running "/container shell" with the correct user, if container user is set or overridden; |
| container | improved errors at container start; |
| container | improved running container instance memory usage; |
| container | layers are now accessible under "Layers" tab; |
| container | pass any container startup error message back to "run" and make it exit immediately; |
| container | removed "Layers" button; |
| container | show layer size calculation status; |
| crypto | fixed fallback flag loss in qcrypto; |
| crypto | improved safexcel driver with upstream changes and patches; |
| dhcpv4-server | do not raise an alert when receiving a packet originating from the same device; |
| dhcpv4-server | do not suggest bogus pools when using setup command (e.g. when address is /31 or /32); |
| dhcpv4-server | fixed an issue where renew packets without giaddr were sometimes not processed; |
| disk | added "/disk" smart-info; |
| disk | show disk io errors in "/disk" menu; |
| dns | added HTTP/2 support to DoH on ARM64 and x86/CHR devices; |
| fetch | fixed non-working idle-timeout in some cases; |
| file | added copy, tail, head commands (CLI only); |
| firewall | improved stability for SIP helper; |
| hardware | name serial devices after port names; |
| hardware | name storage hardware devices after slot name in "/disk" menu; |
| hardware | report the correct state of PCI devices in "/system/resource/hardware" menu; |
| iot | added LoRa Tx delay setting; |
| iot | added MQTT subscribe message real-time monitoring option; |
| iot | added Wiliot support; |
| iot | fixed LoRa LBT issues, which caused Tx packets not getting delivered; |
| iot | improved LoRa Tx handling; |
| ip-settings | added ipv4-fragment-time and ipv4-high-fragment-thresh settings, use default values based on total device memory; |
| ipip | disabled IPv6 link-local address generation; |
| ippool | fixed issue when changing pool with already used addresses; |
| ippool6 | allow variable length pool; |
| ipsec | added netlink-based SA and policy handling; |
| ipsec | fixed SA proto parameter conversion and policy "none" type handling; |
| ipv6 | added from-pool-policy address property that controls how address is acquired from the pool; |
| ipv6 | added without-acquire address property; |
| ipv6 | always ensure that prefix length matches the one given by the pool even if address was set to 0; |
| ipv6,ra | added option to ignore MTU and DNS servers; |
| ipv6,ra | added router-advertisement-route-distance setting; |
| ipv6,ra | allow receiving DNS servers over multiple interfaces; |
| ipv6,ra | clamp valid-lifetime to minimum of 2h on deprecation; |
| ipv6,ra | extend processed RA logging; |
| ipv6,ra | fixed advertised DNS parameter logging; |
| ipv6,ra | fixed changing default "all" interface configuration; |
| ipv6,ra | fixed DNS and pref64 property unset; |
| ipv6,ra | fixed sending only DNS or MTU when prefix is set to "none"; |
| ipv6,ra | warn when interface is under the bridge; |
| l3hw | added HW offloaded VRF support on CRS8xx switches; |
| l3hw | added VRF assignment via switch ACL rules on CRS8xx switches (CLI only); |
| l3hw | fixed VXLAN packet matching by local IP; |
| l3hw | improved system stability (introduced in v7.21); |
| leds | added new PoE fault LED cases (bad fw, PoE card power cable disconnected, PoE card not inserted); |
| leds | allow multiple interface selection for interface-activity trigger; |
| log | added CC option for e-mail action; |
| log | added ssld error logging; |
| log | added TLS support; |
| lte | do not duplicate primary-band also in ca-band for QMI modems in 5G SA network; |
| lte | emit RS every 60s on LTE interface; |
| lte | filter packets by MAC in multi-apn setup for EC200A-EU modem; |
| lte | fixed RSSI signal monitor 3rd party modems where AT+CSQ responses are not parsed; |
| lte | fixed Tx stat reporting in LTE passthrough mode (introduced in v7.22); |
| lte | fixed user set MTU not applied to LTE interface; |
| lte | improved system stability for devices with QMI modems; |
| lte | improvements for passthrough mode in IPv6 only setup; |
| lte | read subscriber number also for QMI modems; |
| lte | removed LTE external-antenna scan; |
| lte | set SMS send timeout to 180s; |
| lte | show external-antenna as "none" before actual scan is done instead of empty value; |
| lte | show MTU as "auto" also on interface level if "auto" used; |
| lte | SIMCom modems, skip error state when modem sends improperly formatted CREG response/URC; |
| macsec | added aes-gcm-xpn-128 cipher support; |
| ospf | fixed nssa bit check; |
| ospf | fixed routes not being installed on ABRs; |
| pimsm | do not ignore priority when selecting RP from BSR; |
| pimsm | fixed possible BSR loop; |
| pimsm | improved stability; |
| ping | show time in microseconds for flood-ping; |
| poe-out | firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces); |
| port | added support for "tcp-client" and "udp" modes for "remote-access"; |
| pppoe | do not reset pppoe-client interface when adding a comment; |
| ptp | added support for CRS812, CRS804; |
| qos-hw | added automap setting to QoS Profiles (enabled by default); |
| qos-hw | added ECN and PFC support on CRS8xx; |
| qos-hw | added new default "auto" value to mirror-buffers, multicast-buffers, shared-buffers QoS Settings (old defaults are shown in export after upgrade); |
| qos-hw | added queueX-byte-max stats to port usage on CRS8xx; |
| qos-hw | introduced lossless-traffic-class and lossless-buffers settings; |
| qos-hw | removed shared-pool-index setting; |
| quickset | fixed configuration of multi-link APs; |
| smb | do not start /ip smb server on container interfaces; |
| sniffer | added IP ECN field; |
| sniffer | fixed missing VLAN tag in the TZSP packets; |
| snmp | enforce minimum password length; |
| snmp | fixed connection tracking counter OID; |
| snmp | fixed dot1dStpPortDesignatedRoot and added dot1dStpPortDesignatedBridge OID; |
| snmp | implemented LTE firmware upgrade option; |
| ssh | do not advertise password login method when it is disabled; |
| ssh | make login process asynchronous; |
| switch | disable EEE on RB5009 and CCR2004-16G-2S+ devices; |
| switch | updated switch-marvell.npk driver; |
| system | fixed total memory reporting on hAP be3 Media; |
| tr069 | fixed modem extended revision reporting; |
| upgrade | added the option to configure HTTP/HTTPS modes when connecting to MikroTik upgrade servers; |
| upgrade | changed status message for scheduled installs; |
| upgrade | check for available packages when opening System/Packages in GUI; |
| upgrade | use HTTPS by default when connecting to MikroTik upgrade servers; |
| usb | added ax88179_178a driver; |
| usb | improved USB Ethernet adapter recognition; |
| usb | show USB device reported maximum power; |
| vxlan | improved system stability for TILE devices; |
| webfig | added support for filter in tables; |
| wifi | fixed bridge VLAN configuration for multi-link interfaces; |
| wifi | fixed EAP authentication for multi-link clients; |
| wifi | improved link-specific parameter application after reboot for multi-link interfaces; |
| wifi | improved stability during association; |
| wifi-mediatek | fixed multicast-enhance functionality; |
| wifi-qcom-be | fixed forwarding of 4-address data from station to station; |
| wifi-qcom-be | fixed incorrect channel info for punctured channels; |
| winbox | added comment for DHCPv6 relay; |
| winbox | added group numbers for DH and PFS groups for IPsec; |
| winbox | fixed Remote AS setting under the Routing/BGP/Connections menu; |
| winbox | fixed Src/Dst Address Type under the IP/Firewall/NAT menu; |
| winbox | improved Routing/PIM SM menu; |
| winbox | move bridge IGMP Snooping checkbox to IGMP tab; |
| winbox | rename DHCPv6 server binding "Peer Address" to "Client Address"; |
| winbox | show "External Antenna Selected" field only when "auto" selected; |
| winbox | updated socksify icon for firewall NAT rules; |
| www | added partial content (HTTP 206) support; |
| www | improved system stability; |
| zerotier | upgraded to version 1.16.0; |
| Component | Change |
|---|---|
| app | added configurable app-store URL for custom apps; |
| app | added health check for apps, which automatically rewrites the composed YAML; |
| app | added jupyter-notebook, livebook, myip, and rustfs apps; |
| app | added support for custom apps; |
| app | allow configuring bridge port pvid for app; |
| app | changed ui-url parameter for Smokeping and Nextcloud; |
| app | clean the backup directory after container repull; |
| app | do not show duplicate entries of required-mounts; |
| app | enable swap on all devices that use apps to help with performance; |
| app | fixed /app/export; |
| app | fixed apps constantly polling the cloud; |
| app | fixed elasticsearch, element, pmacct-netflow apps failing to start; |
| app | fixed issue with Cinny not being able to create a root-dir; |
| app | fixed missing reverse-proxy URL; |
| app | fixed potential port collisions between apps; |
| app | show app URL only when it is running; |
| app | show DNS URL for app only if it has a reverse-proxy; |
| bgp | added BGP unnumbered support; |
| bgp | changed multipath to number argument; |
| bgp | fixed BGP output sometimes not being cleaned after session restart; |
| bgp | fixed early-cut not working properly; |
| bgp | fixed ignore-as-path-len not being used; |
| bgp | fixed update messages not being sent on default-prepend value change; |
| bgp | implemented add-path; |
| bgp | implemented multipath (ability for BGP best path to select ECMP routes); |
| bgp | make remote.address parameter optional; |
| bgp-vpn | allow modifying scopes with routing filters; |
| bgp-vpn | use target scope for imported route; |
| bridge | added local and static MAC synchronization for MLAG; |
| bridge | added MLAG support per bridge interface (/interface/bridge/mlag menu is moved to /interface/bridge; configuration is automatically updated after upgrade; downgrading to an older version will result in MLAG configuration loss); |
| bridge | added MLAG-specific aged and aged-peer flags to host table; |
| bridge | added RA guard feature; |
| bridge | fixed MAC moving between regular ports and bonds for MLAG; |
| bridge | fixed MLAG state being permanently disabled when changing bridge interface settings; |
| bridge | fixed performance regression in complex setups with vlan-filtering (introduced in v7.20); |
| bridge | improved logic for interface remove; |
| bridge | improved MAC synchronization for MLAG; |
| bridge | improved VRRP MAC address handling; |
| bridge | removed vlan-filtering check when changing the MVRP setting (allows disabling MVRP through WinBox); |
| bth | use separate Let's Encrypt certificate for file-share; |
| certificate | improved certificate export process; |
| certificate | improved logging; |
| chr | improved fast-path stability when using vmxnet3 driver; |
| console | added :continue and :break commands for various loops; |
| console | added :exit command to terminate scripts; |
| console | added "comments" parameter to print command to control comment and error output; |
| console | added comparison operators for ID values; |
| console | added Ctrl+Left/Right word navigation; |
| console | added Ctrl+w word deletion; |
| console | added hint for dry-run import parameter; |
| console | added left shift (<<) and right shift (>>) support for IPv6 addresses; |
| console | added on-event script runner support to print follow/follow-only; |
| console | added timestamp support to print follow/follow-only; |
| console | allow undefined variables in dry-run import; |
| console | changed autocomplete expansion criteria; |
| console | disable follow command in /ip/firewall/connection menu; |
| console | fixed brief print for entries with multiple comments; |
| console | fixed setting of /interface/wireless/scan-list; |
| console | fixed time drift for interface last-link-down-time and last-link-up-time; |
| console | fixed value type names in comparison errors; |
| console | implemented string casting in :tobool command; |
| console | improved command decoding to drop extraneous commands (visible in history logging); |
| console | improved error tracing when using find command; |
| console | improved export command to avoid empty [find]; |
| console | improved history logging when performing object rename with set/reset; |
| console | improved set/remove command handling in /file menu; |
| console | look up variable in global scope if argument scope lookup failed; |
| console | parse width parameter for non-interactive SSH commands; |
| console | show smaller QR codes where possible; |
| console | use the same flag output format for both print brief and detail; |
| container | added support for zstd extraction; |
| container | automatically stop/repull/start the container on repull or remote-image change; |
| container | fixed issue where the container may not start after upgrading if root-dir was not set; |
| container | improved error message if container fails to start; |
| container | internal stability improvements; |
| container | use the user-defined envs and envlist for container shell command; |
| defconf | fixed L009 configuration (introduced in v7.21); |
| detnet | added request-interval setting; |
| detnet | changed default port from MNDP to a random unused UDP port; |
| dhcp-server | improved failure/error logging for both IPv4 and IPv6; |
| dhcpv4-client | fixed inability to reference disabled DHCP client by interface name; |
| dhcpv4-client | request DOMAINNAME (15) option from the server; |
| dhcpv4-server | improved DHCP option handling; |
| dhcpv4-server | improved logging; |
| dhcpv4-server | send all found lease options in reply to DHCPINFORM; |
| dhcpv6-client | allow unsetting "pool-prefix-length" parameter; |
| dhcpv6-client | improved log messages; |
| dhcpv6-relay | fixed link-layer address inconsistency with the original link-layer address in relay-forward packets; |
| dhcpv6-server | swap input and output RADIUS accounting statistics counters; |
| disk | added support for file-based swap space; |
| disk | added trim command which functions similarly to fstrim; |
| disk | fixed issue where iSCSI did not work with ESXi and XEN hypervisors; |
| disk | fixed issue with disks not mounting after swapping devices; |
| disk | fixed opening a drive in read-only mode if it became locked; |
| disk | improved BTRFS stability on TILE devices; |
| disk | renamed format file-system=trim and trim-secure to format file-system=discard and discard-secure; |
| disk | show if drive is encrypted and locked; |
| use default port if not specified; | |
| ethernet | increased Rx buffer size for devices with Alpine CPUs (reduces packet rx-drop in certain cases); |
| fetch | added HTTP/2 support on ARM64 and x86/CHR devices; |
| fetch | fixed fetch treating relative paths from redirects as hostnames; |
| fetch | increased default maximum redirect count to 2; |
| fetch | return error code and HTTP headers to :onerror script; |
| fetch | treat HTTP 304 return code as success; |
| gps | fixed GPS port disappearance after reboot for EC25-EU&KNe; |
| health | added CPU temperature monitoring to L009 with ARM64; |
| hotspot | allow WireGuard interface type; |
| hotspot | check validity of base32 for otp-secret; |
| hotspot | do not invalidate static ARP entries; |
| hotspot | fixed www response after login by cookie; |
| hotspot | set sensitive flag on /ip/hotspot/user otp-secret; |
| ike1 | added ChaCha20-Poly1305 ESP encryption support; |
| ike1,ike2 | improved netlink update handling; |
| iot | added Bluetooth extended scanning and 1M/2M PHY support for the RB924i KNOT devices; |
| iot | added Bluetooth extended scanning, advertising, and 1M/2M/CODED PHY support for EC25 KNOT devices; |
| iot | added modbus delay using interframe-gap setting; |
| iot | improved LoRa FSK modulation downlinking; |
| ip | added error messages to reverse-proxy rules; |
| ip | added reverse-proxy; |
| ip-service | properly disable IP/Service on manual disable; |
| ippool6 | allow creating sub-pool by specifying "from-pool"; |
| ipsec | added "none" option to IPsec key QKD certificate field; |
| ipsec | added IKEv2 DDoS cookie activation setting; |
| ipsec | added logging for IPsec policy template group; |
| ipsec | added logging of IKEv2 connection SPI and initiator address; |
| ipsec | adjusted minimum generated PSK key length; |
| ipsec | fixed IKEv2 child policy reqid lost on rekey; |
| ipsec | fixed IKEv2 child reqid handling on traffic selector update; |
| ipsec | improved aes256-ctr stability on L009; |
| ipsec | removed modp8192 proposal on MIPS architectures; |
| ipv6 | added dhcp6-pd-preferred to /ipv6/nd/prefix to control P flag in Prefix Info Option RFC 9762; |
| ipv6 | delete SLAAC default route if there are no active SLAAC prefixes present and no new RAs received; |
| ipv6 | do not generate duplicate dynamic link-local addresses on tunnel type interfaces; |
| ipv6 | enable IPv6 fast-path after removing firewall rules; |
| ipv6 | improved system stability when manipulating IPv6 configuration that was added while IPv6 was disabled; |
| isis | improved stability and fixed a small memory leak; |
| l2tp | improved system stability on TILE architecture; |
| l3hw | fixed missing VLAN counters on reboot (introduced in v7.21); |
| l3hw | improved system stability on device shutdown/reboot; |
| l3hw | improved system stability when enabling VLAN offloading under active traffic (introduced in v7.21); |
| log | added comment support to rule entries; |
| log | added option to clear echo logs; |
| log | added option to prepend topics to BSD syslog message; |
| log | added script target for log actions; |
| log | fixed incorrect log message shown after canceling supout.rif creation; |
| log | fixed minor spelling issues; |
| log | fixed missing ID in trace logs after removing logging rule; |
| log | log "Secret must be set to run scripts from SMS" error only if ":cmd" prefix is used in SMS message; |
| log | use uppercase MAC address in firewall logging; |
| lte | added "auto" MTU option for LTE interfaces to use network-advertised MTU on supported devices; |
| lte | added AT command timeout for EC25-EU&KNe; |
| lte | added multi-apn and framed routing support for EC200A-EU modem (requires latest FW version); |
| lte | added roaming barring field to LTE "show-capabilities" menu; |
| lte | added subscriber number to monitor command for MBIM modems; |
| lte | added USB tethering support using iOS devices; |
| lte | clear about field status on firmware upgrade; |
| lte | do not allow modem firmware-upgrade on "inactive" interface; |
| lte | do not allow setting unsupported roaming barring settings for R11e-4G; |
| lte | do not flap LTE passthrough assigned interface on modem link state change; |
| lte | do not reconfigure LTE interface on configuration change error; |
| lte | enable DHCP relay packet forwarding to the cellular network for EG120K-EA and RG650E-AU; |
| lte | fixed "allow-roaming" setting to return error for modems that do not support roaming barring; |
| lte | fixed cases where AT dialer could get stuck in "modem not ready" state; |
| lte | fixed cases where incorrect network modes and bands could be suggested for active interface; |
| lte | fixed chained firmware update for Chateau 5G; |
| lte | fixed changing eSIM profile nickname; |
| lte | fixed changing MAC address for EC200A-EU modem; |
| lte | fixed crash on LTE passthrough interface deactivation; |
| lte | fixed displaying operator name for Chateau ax R17; |
| lte | fixed eSIM errors appearing on devices without eSIM support; |
| lte | fixed firmware update and status refresh for R11eL-EC200A-EU modem; |
| lte | fixed LTE interface IPv6 address generation to use EUI-64 for EC25-EU&KNe; |
| lte | fixed missing notifications to eSIM provider when eSIM provisioning canceled; |
| lte | fixed tethering support for Google Pixel Pro 8; |
| lte | fixed wrong MTU reading/setting for config-less modems; |
| lte | hide external antenna selection menu for the Chateau AX R17; |
| lte | improved APN IP type handling by enabling only the IP protocols defined in the assigned APN profile for config-less modems; |
| lte | make inactive LTE interface settable, LTE interface settings can be set without waiting for modem initial initialization; |
| lte | removed delay before querying modem status for config-less modems with info channel; |
| lte | show ICCID and IMSI also when the interface is disabled; |
| lte | strip modem reported padding characters for SIM card (ICCID) on Chateau ax R17; |
| mac-telnet | added interface property; |
| macsec | fixed hardware offload on S53 and C53 devices; |
| mesh | fixed missing S flag on interfaces after mesh disable/enable; |
| ospf | fixed typos in log messages; |
| ping | added IPv6 support for flood-ping; |
| poe-out | added LLDP support for dual-signature PDs; |
| poe-out | firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces); |
| poe-out | firmware update for 802.3bt capable boards (the update will cause a brief power interruption to poe-out interfaces); |
| poe-out | firmware update for CRS354-48P-4S+2Q+ (the update will cause a brief power interruption to poe-out interfaces); |
| poe-out | fixed controller-error for CRS354-48P-4S+2Q+; |
| port | fixed baud rate change for TILE architecture devices; |
| ppp | added initial support for BG770A-GL modem firmware update; |
| ppp | fixed Framed-Route attribute not being applied to correct VRF; |
| profiler | split "management" process into different smaller process groups; |
| radius | fixed initialization of incoming UDP socket in some situations; |
| radius | fixed RadSec SSL CPU usage increase on closed connections; |
| radius | improved incoming RadSec packet processing on busy service; |
| radius | improved logging; |
| rip,pimsm | separate the interface property from the address in /routing/rip/interface and /routing/pimsm/interface menus; |
| rose-storage | added XFS support; |
| route | added logs for check-gateway state changes; |
| route | added routing/settings policy-rules; |
| route | added SLAAC route redistribution for IPv6 capable routing protocols; |
| route | do not set blackhole flag for synthetic routes; |
| route | fixed route removal after unexpected safe mode termination; |
| route | fixed routes when scope was less than 10; |
| routerboard | allow changing /system/routerboard/settings via Netinstall or FlashFig using a "mode script"; |
| routerboot | allow installing ARM64 on L009 device ("/system routerboard upgrade" required; configure "/system/routerboard/settings set preferred-architecture=arm64 boot-device=try-ethernet-once-then-nand"; start Netinstall with ARM64 image and reboot the device (DO NOT load the backup routerboot with reset button); downgrading to older versions must be avoided); |
| routerboot | fixed linking to 1000M-half for KNOT Embedded LTE4 ("/system routerboard upgrade" required); |
| routerboot | fixed possible Netinstall failure for KNOT Embedded LTE4 ("/system routerboard upgrade" required); |
| routing-filter | added possibility to match SLAAC and bgp-mpls-vpn route types; |
| sfp | improved initialization and linking for some QSFP modules; |
| smips | reduced package size and removed ip-scan, mac-scan, ping-speed, flood-ping features; |
| snmp | added 5G NSA connection signal indications: nr-rsrp, nr-rsrq, nr-sinr; |
| snmp | fixed CA band indication; |
| snmp | fixed issue where bulk walk might skip the first OID; |
| snmp | fixed minor memory leak when changing SNMP authentication/encryption passwords; |
| snmp | fixed reply for empty snmpbulkwalk requests; |
| snmp | report maximum "ifSpeed" value if out of bounds; |
| snmp | report RouterOS version in SNMPv2-MIB::sysDescr; |
| ssh | improved logging; |
| supout | wait up to 5 minutes for export to complete and show incomplete output in case of timeout; |
| switch | fixed missing switch-cpu port counters; |
| switch | improved system stability when changing bridge multicast-router property on CRS1xx/2xx (introduced in v7.19); |
| switch | updated switch-marvell.npk driver; |
| system | added reset-configuration keep-apps=yes; |
| system | display serial ports in the /system/resource/hardware menu; |
| system | improved upgrade service stability when the server is unreachable; |
| undo | show user when configuring DHCP server or hotspot with setup command; |
| upgrade | added "password" parameter to "local-upgrade" feature when configuring through CLI; |
| upgrade | added IPv6 support for local package source and mirror; |
| upgrade | fixed local package mirror check interval; |
| upgrade | removed redundant commands from local package menu; |
| usb | updated device ids for ax88179_178a driver; |
| user | properly apply login delay (introduced in v7.20); |
| user-manager | added support for NAS-Identifier attribute; |
| user-manager | always respond to accounting requests; |
| user-manager | do not send Disconnect-Message for unknown usernames for Accounting-Request; |
| user-manager | do not send invalid NAS-Port-Type on CoA/PoD messages; |
| user-manager | fixed unauthenticated access to /PRIVATE/ userman web files; |
| user-manager | show empty value for session NAS-IP-Address if empty; |
| webfig | added missing icons for Firewall table; |
| webfig | added new section "Common names" in skin designer; |
| webfig | added support for collapsible tree view for menus like Interfaces, Files, Queues; |
| webfig | added support for URL fields; |
| webfig | fixed ability to set interworking.realms-raw WiFi interface attribute; |
| webfig | fixed skin designer mobile view for QuickSet and Terminal; |
| webfig | fixed Torch Filters default values; |
| webfig | improved address type field input value validation; |
| wifi | added keepalive message in CAPsMAN data channel; |
| wifi | added optional show-frame=radiotap parameter value to make sniffer display the radiotap header of captured frames; |
| wifi | allow specifying hostname to caps-man-addresses; |
| wifi | fixed channel switching for MediaTek access points; |
| wifi | fixed FT support with wpa2-psk-sha2; |
| wifi | fixed functionality of the wireless-signal-strength LED trigger; |
| wifi | fixed possible certificate failure after CAPsMAN disable/enable; |
| wifi | improved spectral-history width for console; |
| wifi | improved stability and fixed multiple issues; |
| wifi | improved stability of interfaces in station mode during roaming; |
| wifi | improved support for 802.11be access points; |
| wifi | improved system stability when using spectral-scan; |
| wifi | introduced /interface/wifi/network menu for higher level network configuration (CLI only); |
| wifi | quicker re-connections to APs for interfaces in station mode; |
| wifi | updated regulatory information for Malaysia; |
| wifi-mediatek | fixed rx chains functionality; |
| wifi-mediatek | updated driver and firmware; |
| winbox | added "Force Check" for local upgrade; |
| winbox | added comment in "System/Ports/Remote Access" menu; |
| winbox | added confirmation message to Format Drive; |
| winbox | added Container Repull command; |
| winbox | added error reporting to CAPsMAN Manager menu; |
| winbox | added GUI support for IPsec QDK; |
| winbox | added missing LoRa channel fields; |
| winbox | added missing route flags; |
| winbox | added route ISIS tab; |
| winbox | added socsify icon for firewall NAT rules; |
| winbox | added SwOS Allow From field; |
| winbox | added warning when changing global script variables; |
| winbox | allow using specified skin without the sensitive policy; |
| winbox | fixed applying a skin to a user authenticated with RADIUS; |
| winbox | fixed applying a skin to WinBox if it was uploaded via the branding package; |
| winbox | fixed default flag in certain menus; |
| winbox | fixed empty "Realm Raw" value processing and value inheritance from configuration template (requires WinBox 4); |
| winbox | fixed L3HW default value for VLAN interface (introduced in v7.21); |
| winbox | fixed modem firmware-upgrade for the RG650E-EU modem; |
| winbox | fixed the "New QoS Profile" field for switch rules; |
| winbox | make File Share URL field clickable; |
| winbox | move "Default" panel from "IPv6/ND/Proxy" to "IPv6/ND/Prefixes"; |
| winbox | rearrange filter wizard parameters in tabs; |
| winbox | recognize imported certificate key size; |
| winbox | rename "Change Now" to "Change" button in "System/Password" menu; |
| winbox | replace "DHCP" with "DHCPv6" in IPv6 menus; |
| winbox | set "Mount Filesystem" by default under "System/Disk" menu; |
| winbox | show MPLS tab only to relevant routes; |
| winbox | show separator after "Protocol" field for IPv6 Firewall rules; |
| winbox | show warnings in "MPLS/Traffic Eng/Tunnel" menu; |
| winbox | updated some setting and title names; |
| winbox | updated various WiFi properties; |
| wireguard | fixed private key generation when creating a WireGuard interface; |
| wireguard | improved stability; |
| wireguard | merged upstream fixes and improvements; |
| wireless | avoid joining BSS that previously failed until all other options tried; |
| wireless | improved system stability when changing nstreme mode; |
| wireless | improved system stability when eap-method=passthrough configured for station; |
| x86 | added JME network driver; |
| x86 | fixed interface hang on RTL8125 when processing IP-fragmented UDP traffic; |
| x86 | improved link establishing on Intel X710 series NIC; |
| Component | Change |
|---|---|
| app | added jupyter-notebook, livebook, myip, and rustfs apps (additional fixes); |
| app | added support for custom apps (additional fixes); |
| app | do not show duplicate entries of required-mounts; |
| app | fixed elasticsearch, element, pmacct-netflow apps failing to start (additional fixes); |
| bgp-vpn | allow modifying scopes with routing filters; |
| bgp-vpn | use target scope for imported route; |
| netinstall-cli | fixed empty configuration option (introduced in v7.22rc3); |
| ospf | fixed typos in log messages; |
| route | added SLAAC route redistribution for IPv6 capable routing protocols; |
| route | fixed /routing/settings not able to set configuration without specifying policy-rule parameter (introduced in v7.22rc3); |
| routing-filter | added possibility to match SLAAC and bgp-mpls-vpn route types; |
| switch | improved system stability when changing bridge multicast-router property on CRS1xx/2xx (introduced in v7.19); |
| system | added reset-configuration keep-apps=yes (additional fixes); |
| wifi | improved support for 802.11be access points (additional fixes); |
| winbox | fixed L3HW default value for VLAN interface (introduced in v7.21); |
| winbox | rearrange filter wizard parameters in tabs; |