Search changelog entries
| Component | Change |
|---|---|
| bgp | allow to filter BGP sessions by AFI; |
| bgp | changed default VPNv4 import distance to iBGP value (200); |
| bgp | do not check route distinguisher on import; |
| bgp | fixed "as-override" and rename to "output.as-override"; |
| bgp | fixed "remove-private-as" and rename to "output.remove-private.as"; |
| bgp | show address family in advertisements; |
| bgp | show approximate received prefix count by the session; |
| branding | fixed custom logo (introduced in v7.8); |
| conntrack | added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only); |
| console | fixed "print without-paging" output in some cases; |
| defconf | allow to use device factory preset credentials in Flashfig and Netinstall configuration files; |
| dhcpv4-server | added name for "IPv6-Only Preferred" option (108) in debug logs; |
| doh | less verbose logging; |
| ipsec | added hardware acceleration support for IPQ-5010 (hAP ax lite); |
| ipsec | removed "ec2n185" and "ec2n155" values from proposal configurations; |
| l3hw | added "autorestart" option to L3HW settings; |
| l3hw | added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start; |
| l3hw | fixed offloading of /32 IPv4 and /128 IPv6 routes; |
| l3hw | improved offloading of IPv6 hosts after L3HW driver restart; |
| l3hw | improved performance of partial offloading; |
| l3hw | improved route offloading after gateway change; |
| lora | improved gateway card detection and upgrade logic; |
| lora | updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards); |
| lte | fixed APN authentication for R11e-LTE6 modem; |
| lte | improved MBIM modem firmware reported error handling when settings RAT modes; |
| lte | improved modem firmware upgrade stability for MBIM modems; |
| lte | reduced SIM slot switchover time for MBIM modems with UUIC reset support; |
| netwatch | added warning about non-running probe due to "startup-delay" (CLI only); |
| poe | fixed bogous "poe-in-voltage" values when using DC jack for RB5009; |
| qos-hw | renamed VLAN "priority" field to "pcp" to avoid confusion; |
| rose-storage | added support for multiple smb users and smb shares; |
| routerboot | increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required); |
| scheduler | fixed incorrectly started scheduler during reboot or shutdown; |
| sfp | fixed combo-sfp linking at 1G rate for CRS312 switch; |
| sfp | improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices; |
| sniffer | fixed large .pcap file limit; |
| snmp | added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1); |
| tr069 | added 5G SCC "SNR" parameter for modems that report it; |
| vrrp | added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive; |
| vrrp | added warning if the VRRP group is misconfigured; |
| vrrp | added warning if VRRP or its interface does not have an IP address; |
| vrrp | do not start connection synchronization if the global connection tracking is inactive; |
| vrrp | fixed issue where disabled VRRP interface is affecting group; |
| vrrp | fixed VRRP interface state on physical cable disconnection; |
| vrrp | improved system stability on changing "group-authority" or "sync-connection-tracking"; |
| vrrp | renamed "group-master" to "group-authority" to avoid confusion with VRRP master; |
| vrrp | send VRRP announcements only by "group-authority"; |
| wifiwave2 | do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5); |
| wifiwave2 | fixed CAP interface name when using "name-format"; |
| wifiwave2 | fixed connectivity issues wheen access-list is used; |
| wifiwave2 | fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices; |
| wifiwave2 | improve protections against DoS attacks on WPA3-PSK; |
| wifiwave2 | less verbose logging when WPA3-PSK clients are connecting; |
| wireguard | retry "endpoint-address" DNS query on failed resolve; |
| Component | Change |
|---|---|
| bridge | fixed HW offloaded STP state on port disable; |
| bridge | fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8); |
| certificate | fixed displaying of certificate serial number; |
| certificate | improved error reporting for Let's Encrypt certificate; |
| certificate | restore available "key-usage" property options; |
| console | added timeout error for configuration export; |
| console | changed time format according to ISO standard; |
| console | disable output when using "as-value" parameter; |
| console | fixed ":terminal inkey" input when resizing terminal; |
| console | hide past commands with sensitive arguments; |
| container | fixed "container pull" to support OCI manifest format; |
| container | fixed crash due to missing system directories; |
| container | improved default internal environment values; |
| defconf | fixed default configuration for RBSXTLTE3-7; |
| dhcp-server | fixed accounting on RADIUS interim update; |
| firewall | added "endpoint-independent-nat" support; |
| firewall | added "nth" option for IPv6 firewall; |
| gps | expose GPS port for Quectel RM520N-GL; |
| ike2 | improved child SA delete request processing; |
| iot | added option to send Modbus function code commands directly from RouterOS (CLI only); |
| ipsec | added hardware acceleration support for IPQ-5010 (hAP ax lite); |
| ipsec | refactor public key authentication; |
| ipv6 | fixed IPv6 address removal; |
| l3hw | added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only); |
| l3hw | added monitoring options for L3HW utilization (CLI only); |
| l3hw | fixed /32 route deletion; |
| l3hw | improved system stability for partial routing table offload; |
| lte | added serving cell query for MBIM modems with necessary MBIM extension; |
| lte | disable DHCP request filtering (UDP port 67) for Chateau 5G; |
| lte | fixed Google Pixel 7 tethering support; |
| lte | improved stability for Chateau 5G LTE modem firmware upgrade; |
| lte | stop "cell-monitor" on LTE interface configuration change for MBIM modems; |
| mpls | added FastPath support; |
| ovpn | added initial support for V2 data transfer protocol; |
| ovpn | improved system stability; |
| pppoe | fixed PPPoE client scan when server is sending PADO messages without Service-Name tag; |
| qos-hw | added QoS marking support for 98DXxxxx switches (CLI only); |
| route | improved system stability when removing multicast forwarding entries; |
| routerboard | fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required); |
| routerboard | improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required); |
| sfp | fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch; |
| sfp | improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches; |
| sfp | improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices; |
| sfp | improved system stability with certain SFP modules for CCR2216 and CRS518 devices; |
| sfp | report EEPROM data even if "auto-init-failed" has occurred; |
| smb | improved SMB v1 operation; |
| snmp | added "engine-id-suffix" setting and display actual "engine-id" as read-only property; |
| snmp | added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB; |
| ssh | added inline key "passphrase" property; |
| switch | added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only); |
| switch | fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches; |
| system | improved watchdog reporting in log after reboots for several ARM and ARM64 devices; |
| tile | fixed support for microSD card; |
| upgrade | do not run manual upgrade if some packages are missing; |
| ups | fixed updating of "battery-voltage" property; |
| w60g | improved interface stability for PTMP setups; |
| webfig | added high-resolution favicon; |
| webfig | allow limitless upper bounds for number range; |
| webfig | allow to set "0" second time for fields with default values; |
| webfig | changed time format according to ISO standard; |
| webfig | display date and time in local time zone; |
| webfig | fixed missing "WifiWave2" menu; |
| webfig | fixed missing property names in "WifiWave2" menu; |
| webfig | redesigned item configuration display; |
| webfig | redesigned top menu bar; |
| webfig | removed "Tools/Telnet" menu; |
| webfig | removed auto-login with default credentials (admin without a password); |
| wifiwave2 | avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag; |
| wifiwave2 | do not show placeholder transmit power values on interface startup; |
| wifiwave2 | fixed CAP connection when provisioning "manager=capsman"; |
| wifiwave2 | fixed DFS channel availability warning (introduced in v7.9); |
| wifiwave2 | fixed dynamic interface adding to bridge on CAP device; |
| wifiwave2 | fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected; |
| wifiwave2 | fixed incorrect limits on number of interfaces in station mode; |
| wifiwave2 | fixed interface name change when restoring backup; |
| wifiwave2 | fixed key handshake timeout with re-associating clients; |
| wifiwave2 | fixed OWE authentication compatibility with 802.11ax client devices; |
| wifiwave2 | fixed OWE authentication compatibility with third-party client devices (introduced in v7.8); |
| wifiwave2 | improved logging when an interface is unable to assign a VLAN tag to client; |
| wifiwave2 | improved system stability when trying to exceed virtual AP limit; |
| wifiwave2 | improved system stability; |
| wifiwave2 | restore interface running state when connection to CAPsMAN is lost; |
| winbox | added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu; |
| winbox | rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu; |
| wireguard | fixed IPv6 traffic processing with multiple peers; |
| x86 | ice driver update to v1.11.14; |
| zerotier | make "identity" setting sensitive; |
| Component | Change |
|---|---|
| bgp | improved BGP VPN selection; |
| bridge | added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips; |
| bridge | fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall"; |
| certificate | fixed bogus log messages; |
| chr | fixed public SSH key pulling when running on AWS; |
| console | added "/task" submenu (CLI only); |
| console | added option to create new files using "/file add" command (CLI only); |
| console | improved stability when doing "/console inspect" in certain menus; |
| console | improved stability when editing long strings; |
| console | improved system stability; |
| console | removed bogus "reset" command from "/system resource usb" menu; |
| console | rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu; |
| console | replaced "fingerprint" with "skid" in "/certificate print"; |
| console | show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation; |
| container | fixed invoking "container shell" more than once; |
| container | improved "container pull" to support OCI manifest format; |
| defconf | added CAPs mode script for wifiwave2 devices; |
| detnet | fixed interface state detection after reboot; |
| dhcp | changed the default lease time for newly created DHCP servers to 30 minutes; |
| dhcpv4-server | release lease if "check-status" reveals no conflict; |
| disk | improved system stability when removing USB while formatting; |
| ethernet | fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices; |
| filesystem | fixed partition "copy-to" function; |
| firewall | added "connection-nat-state" to IPv6 mangle and filter rules; |
| general | mpls- fixed LDP "preferred-afi" parameter; |
| health | added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices; |
| health | fixed bogus value reporting for CRS510 device; |
| ike2 | fixed minor logging typo; |
| ipsec | added error log message when peer ID does not match certificate; |
| ipsec | fixed packet processing by hardware encryption engine on RB850Gx2 device; |
| ipsec | refactor X.509 implementation; |
| ipv6 | added "valid" and "lifetime" parameters for SLAAC IPv6 addresses; |
| ipv6 | send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated; |
| l3hw | improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips; |
| leds | disable LEDs after "/system shutdown"; |
| lte | capped maximum lifetime of SLAAC address to 1 hour; |
| lte | fixed CA band clearing on RAT mode change; |
| lte | fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used; |
| lte | fixed LTE interface not showing up when resetting RouterOS configuration; |
| lte | fixed passthrough mode when used together with another APN for Chateau 5G; |
| lte | fixed R11-LTE-US in LTE passthrough mode; |
| lte | fixed R11e-LTE-US reporting of RSSI in LTE mode; |
| lte | fixed re-attach in some cases where module would stay in not-running state after network detach; |
| lte | fixed second modem halt on dual R11e-LTE6 setup; |
| lte | improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8); |
| netinstall-cli | improved device reinstall on failed attempt; |
| netwatch | added "startup-delay" setting (CLI only); |
| netwatch | improved ICMP status evaluation when no reply was present; |
| netwatch | limit "start-delay" range; |
| ospf | fixed processing of fragmented LSAs; |
| ovpn | added support for OVPN server configuration export and client configuration import from .ovpn file; |
| ovpn | improved system stability for Tile devices; |
| quickset | fixed displaying of "SINR" when value is 0; |
| rose-storage | added option to nvme-discover with hostname (CLI only); |
| rose-storage | fixed crash on nvme-tcp disable; |
| rose-storage | fixed rsync transfer permissions; |
| rose-storage | various stability fixes; |
| route | fixed "dynamic-id" for VRF tables; |
| route | improved system stability when making routing decision; |
| route | show SLAAC routes under the "/routing route" menu; |
| route-filter | improved stability when matching blackhole routes; |
| routerboot | added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only); |
| sfp | added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| sfp | allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| sfp | allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| sfp | fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8); |
| sfp | fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch; |
| sfp | improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| sfp | improved SFP28 interface stability with some optical modules for CRS518 switch; |
| sfp | improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| snmp | fixed SNMPv3 "Reportable" flag behavior; |
| snmp | improved outputting of routes; |
| socks | added VRF support; |
| ssh | added Ed25519 host key support; |
| ssh | added support for Ed25519 key export and import in PKCS8 format; |
| ssh | do not allow SHA1 usage with strong crypto enabled; |
| ssh | improved service responsiveness when changing SSH service settings; |
| ssh | improved SSH key import process; |
| storage | mount RAM drive for devices with 32MB flash; |
| supout | added DHCP server network section; |
| switch | fixed ACL rules matching IPv6 packets when using only IPv4 matchers; |
| switch | improved system stability during rapid MAC flapping for 98DXxxxx switches; |
| switch | improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches; |
| timezone | updated timezone information from "tzdata2023c" release; |
| vrrp | added "self" value for "group-master" setting; |
| vxlan | added forwarding table; |
| vxlan | fixed packet drops when host moves between remote VTEPs; |
| webfig | added inline comments; |
| webfig | fixed "Destination" value under "MPLS/Forwarding-Table" menu; |
| webfig | fixed issue where "Certificate" value disappears under "IP/Services" menu; |
| webfig | fixed issue where entries might be missing under "IP/DHCP-Server" menu; |
| webfig | various stability fixes; |
| wifiwave2 | added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only); |
| wifiwave2 | added ability to configure antenna gain; |
| wifiwave2 | added ability to configure beacon interval and DTIM period; |
| wifiwave2 | added information on additional interface capabilities to radio parameters; |
| wifiwave2 | automatically add a VLAN-tagged interface to the appropriate bridge VLAN; |
| wifiwave2 | exit sniffer command and return error when trying to sniff on an unsupported channel; |
| wifiwave2 | fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since; |
| wifiwave2 | fixed issue of some supported channels not being listed in the radio parameters; |
| wifiwave2 | fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs; |
| wifiwave2 | fixed key handshake timeout for re-associating client devices on 802.11ac interfaces; |
| wifiwave2 | fixed VLAN tagging for unencrypted (open) APs; |
| wifiwave2 | improved general interface stability; |
| wifiwave2 | improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax; |
| wifiwave2 | improved WPS connection speed; |
| wifiwave2 | increased maximum value for "channel.frequency" to 7300; |
| wifiwave2 | show information on captured packets and added ability to save them locally in a pcap file; |
| winbox | added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu; |
| winbox | added "Preferred AFI" property under "MPLS/LDP-Instance" menu; |
| winbox | added "S" flag under "IPv6/Firewall/Connections" menu; |
| winbox | added "Tx Power" property under "Wifiwave2/Status" menu; |
| winbox | added "Tx Queue Drops" property under interface settings "Traffic" tab; |
| winbox | added "Username" and "Password" properties under "Container/Config" menu; |
| winbox | added "Valid" and "Preferred" properties under "IPv6/Address" menu; |
| winbox | added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu; |
| winbox | changed route flag name from "invalid" to "inactive"; |
| winbox | fixed "TLS" property under "Tools/Email" menu; |
| winbox | fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed; |
| winbox | fixed changing slot name under "System/Disk" menu; |
| winbox | fixed default value for "Allow managed" property under "Zerotier" menu; |
| winbox | fixed duplicate "My ID" column under "IP/IPsec/Identities" menu; |
| winbox | fixed minor typo in "WifiWave2/Radios" menu; |
| winbox | fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8); |
| winbox | improved Ethernet advertise, speed and duplex settings; |
| winbox | only show permitted countries for wifiwave2 interfaces; |
| winbox | show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu; |
| www | allow unsecure HTTP access to REST API; |
| x86 | fixed changing software-id (introduced in v7.7); |
| zerotier | upgraded to version 1.10.3; |
| Component | Change |
|---|---|
| defconf | added CAPs mode script for wifiwave2 devices; |
| ovpn | improved system stability for Tile devices; |
| snmp | fixed several OIDs that were returning incorrect values (introduced in v7.9beta4); |
| snmp | fixed SNMPv3 "Reportable" flag behavior; |
| ssh | fixed SSH host key export (introduced in v7.9beta4); |
| switch | improved system stability during rapid MAC flapping for 98DXxxxx switches; |
| vxlan | improved system stability when printing FDB table (introduced in v7.9beta4); |
| webfig | fixed bogus comment for dynamic routes (introduced in v7.9beta4); |
| wifiwave2 | fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4); |
| wifiwave2 | improved WPS connection speed; |