|
app
|
added configurable app-store URL for custom apps; |
|
app
|
added health check for apps, which automatically rewrites the composed YAML; |
|
app
|
added jupyter-notebook, livebook, myip, and rustfs apps; |
|
app
|
added support for custom apps; |
|
app
|
allow configuring bridge port pvid for app; |
|
app
|
changed ui-url parameter for Smokeping and Nextcloud; |
|
app
|
clean the backup directory after container repull; |
|
app
|
do not show duplicate entries of required-mounts; |
|
app
|
enable swap on all devices that use apps to help with performance; |
|
app
|
fixed /app/export; |
|
app
|
fixed apps constantly polling the cloud; |
|
app
|
fixed elasticsearch, element, pmacct-netflow apps failing to start; |
|
app
|
fixed issue with Cinny not being able to create a root-dir; |
|
app
|
fixed missing reverse-proxy URL; |
|
app
|
fixed potential port collisions between apps; |
|
app
|
show app URL only when it is running; |
|
app
|
show DNS URL for app only if it has a reverse-proxy; |
|
bgp
|
added BGP unnumbered support; |
|
bgp
|
changed multipath to number argument; |
|
bgp
|
fixed BGP output sometimes not being cleaned after session restart; |
|
bgp
|
fixed early-cut not working properly; |
|
bgp
|
fixed ignore-as-path-len not being used; |
|
bgp
|
fixed update messages not being sent on default-prepend value change; |
|
bgp
|
implemented add-path; |
|
bgp
|
implemented multipath (ability for BGP best path to select ECMP routes); |
|
bgp
|
make remote.address parameter optional; |
|
bgp-vpn
|
allow modifying scopes with routing filters; |
|
bgp-vpn
|
use target scope for imported route; |
|
bridge
|
added local and static MAC synchronization for MLAG; |
|
bridge
|
added MLAG support per bridge interface (/interface/bridge/mlag menu is moved to /interface/bridge; configuration is automatically updated after upgrade; downgrading to an older version will result in MLAG configuration loss); |
|
bridge
|
added MLAG-specific aged and aged-peer flags to host table; |
|
bridge
|
added RA guard feature; |
|
bridge
|
fixed MAC moving between regular ports and bonds for MLAG; |
|
bridge
|
fixed MLAG state being permanently disabled when changing bridge interface settings; |
|
bridge
|
fixed performance regression in complex setups with vlan-filtering (introduced in v7.20); |
|
bridge
|
improved logic for interface remove; |
|
bridge
|
improved MAC synchronization for MLAG; |
|
bridge
|
improved VRRP MAC address handling; |
|
bridge
|
removed vlan-filtering check when changing the MVRP setting (allows disabling MVRP through WinBox); |
|
bth
|
use separate Let's Encrypt certificate for file-share; |
|
certificate
|
improved certificate export process; |
|
certificate
|
improved logging; |
|
chr
|
improved fast-path stability when using vmxnet3 driver; |
|
console
|
added :continue and :break commands for various loops; |
|
console
|
added :exit command to terminate scripts; |
|
console
|
added "comments" parameter to print command to control comment and error output; |
|
console
|
added comparison operators for ID values; |
|
console
|
added Ctrl+Left/Right word navigation; |
|
console
|
added Ctrl+w word deletion; |
|
console
|
added hint for dry-run import parameter; |
|
console
|
added left shift (<<) and right shift (>>) support for IPv6 addresses; |
|
console
|
added on-event script runner support to print follow/follow-only; |
|
console
|
added timestamp support to print follow/follow-only; |
|
console
|
allow undefined variables in dry-run import; |
|
console
|
changed autocomplete expansion criteria; |
|
console
|
disable follow command in /ip/firewall/connection menu; |
|
console
|
fixed brief print for entries with multiple comments; |
|
console
|
fixed setting of /interface/wireless/scan-list; |
|
console
|
fixed time drift for interface last-link-down-time and last-link-up-time; |
|
console
|
fixed value type names in comparison errors; |
|
console
|
implemented string casting in :tobool command; |
|
console
|
improved command decoding to drop extraneous commands (visible in history logging); |
|
console
|
improved error tracing when using find command; |
|
console
|
improved export command to avoid empty [find]; |
|
console
|
improved history logging when performing object rename with set/reset; |
|
console
|
improved set/remove command handling in /file menu; |
|
console
|
look up variable in global scope if argument scope lookup failed; |
|
console
|
parse width parameter for non-interactive SSH commands; |
|
console
|
show smaller QR codes where possible; |
|
console
|
use the same flag output format for both print brief and detail; |
|
container
|
added support for zstd extraction; |
|
container
|
automatically stop/repull/start the container on repull or remote-image change; |
|
container
|
fixed issue where the container may not start after upgrading if root-dir was not set; |
|
container
|
improved error message if container fails to start; |
|
container
|
internal stability improvements; |
|
container
|
use the user-defined envs and envlist for container shell command; |
|
defconf
|
fixed L009 configuration (introduced in v7.21); |
|
detnet
|
added request-interval setting; |
|
detnet
|
changed default port from MNDP to a random unused UDP port; |
|
dhcp-server
|
improved failure/error logging for both IPv4 and IPv6; |
|
dhcpv4-client
|
fixed inability to reference disabled DHCP client by interface name; |
|
dhcpv4-client
|
request DOMAINNAME (15) option from the server; |
|
dhcpv4-server
|
improved DHCP option handling; |
|
dhcpv4-server
|
improved logging; |
|
dhcpv4-server
|
send all found lease options in reply to DHCPINFORM; |
|
dhcpv6-client
|
allow unsetting "pool-prefix-length" parameter; |
|
dhcpv6-client
|
improved log messages; |
|
dhcpv6-relay
|
fixed link-layer address inconsistency with the original link-layer address in relay-forward packets; |
|
dhcpv6-server
|
swap input and output RADIUS accounting statistics counters; |
|
disk
|
added support for file-based swap space; |
|
disk
|
added trim command which functions similarly to fstrim; |
|
disk
|
fixed issue where iSCSI did not work with ESXi and XEN hypervisors; |
|
disk
|
fixed issue with disks not mounting after swapping devices; |
|
disk
|
fixed opening a drive in read-only mode if it became locked; |
|
disk
|
improved BTRFS stability on TILE devices; |
|
disk
|
renamed format file-system=trim and trim-secure to format file-system=discard and discard-secure; |
|
disk
|
show if drive is encrypted and locked; |
|
email
|
use default port if not specified; |
|
ethernet
|
increased Rx buffer size for devices with Alpine CPUs (reduces packet rx-drop in certain cases); |
|
fetch
|
added HTTP/2 support on ARM64 and x86/CHR devices; |
|
fetch
|
fixed fetch treating relative paths from redirects as hostnames; |
|
fetch
|
increased default maximum redirect count to 2; |
|
fetch
|
return error code and HTTP headers to :onerror script; |
|
fetch
|
treat HTTP 304 return code as success; |
|
gps
|
fixed GPS port disappearance after reboot for EC25-EU&KNe; |
|
health
|
added CPU temperature monitoring to L009 with ARM64; |
|
hotspot
|
allow WireGuard interface type; |
|
hotspot
|
check validity of base32 for otp-secret; |
|
hotspot
|
do not invalidate static ARP entries; |
|
hotspot
|
fixed www response after login by cookie; |
|
hotspot
|
set sensitive flag on /ip/hotspot/user otp-secret; |
|
ike1
|
added ChaCha20-Poly1305 ESP encryption support; |
|
ike1,ike2
|
improved netlink update handling; |
|
iot
|
added Bluetooth extended scanning and 1M/2M PHY support for the RB924i KNOT devices; |
|
iot
|
added Bluetooth extended scanning, advertising, and 1M/2M/CODED PHY support for EC25 KNOT devices; |
|
iot
|
added modbus delay using interframe-gap setting; |
|
iot
|
improved LoRa FSK modulation downlinking; |
|
ip
|
added error messages to reverse-proxy rules; |
|
ip
|
added reverse-proxy; |
|
ip-service
|
properly disable IP/Service on manual disable; |
|
ippool6
|
allow creating sub-pool by specifying "from-pool"; |
|
ipsec
|
added "none" option to IPsec key QKD certificate field; |
|
ipsec
|
added IKEv2 DDoS cookie activation setting; |
|
ipsec
|
added logging for IPsec policy template group; |
|
ipsec
|
added logging of IKEv2 connection SPI and initiator address; |
|
ipsec
|
adjusted minimum generated PSK key length; |
|
ipsec
|
fixed IKEv2 child policy reqid lost on rekey; |
|
ipsec
|
fixed IKEv2 child reqid handling on traffic selector update; |
|
ipsec
|
improved aes256-ctr stability on L009; |
|
ipsec
|
removed modp8192 proposal on MIPS architectures; |
|
ipv6
|
added dhcp6-pd-preferred to /ipv6/nd/prefix to control P flag in Prefix Info Option RFC 9762; |
|
ipv6
|
delete SLAAC default route if there are no active SLAAC prefixes present and no new RAs received; |
|
ipv6
|
do not generate duplicate dynamic link-local addresses on tunnel type interfaces; |
|
ipv6
|
enable IPv6 fast-path after removing firewall rules; |
|
ipv6
|
improved system stability when manipulating IPv6 configuration that was added while IPv6 was disabled; |
|
isis
|
improved stability and fixed a small memory leak; |
|
l2tp
|
improved system stability on TILE architecture; |
|
l3hw
|
fixed missing VLAN counters on reboot (introduced in v7.21); |
|
l3hw
|
improved system stability on device shutdown/reboot; |
|
l3hw
|
improved system stability when enabling VLAN offloading under active traffic (introduced in v7.21); |
|
log
|
added comment support to rule entries; |
|
log
|
added option to clear echo logs; |
|
log
|
added option to prepend topics to BSD syslog message; |
|
log
|
added script target for log actions; |
|
log
|
fixed incorrect log message shown after canceling supout.rif creation; |
|
log
|
fixed minor spelling issues; |
|
log
|
fixed missing ID in trace logs after removing logging rule; |
|
log
|
log "Secret must be set to run scripts from SMS" error only if ":cmd" prefix is used in SMS message; |
|
log
|
use uppercase MAC address in firewall logging; |
|
lte
|
added "auto" MTU option for LTE interfaces to use network-advertised MTU on supported devices; |
|
lte
|
added AT command timeout for EC25-EU&KNe; |
|
lte
|
added multi-apn and framed routing support for EC200A-EU modem (requires latest FW version); |
|
lte
|
added roaming barring field to LTE "show-capabilities" menu; |
|
lte
|
added subscriber number to monitor command for MBIM modems; |
|
lte
|
added USB tethering support using iOS devices; |
|
lte
|
clear about field status on firmware upgrade; |
|
lte
|
do not allow modem firmware-upgrade on "inactive" interface; |
|
lte
|
do not allow setting unsupported roaming barring settings for R11e-4G; |
|
lte
|
do not flap LTE passthrough assigned interface on modem link state change; |
|
lte
|
do not reconfigure LTE interface on configuration change error; |
|
lte
|
enable DHCP relay packet forwarding to the cellular network for EG120K-EA and RG650E-AU; |
|
lte
|
fixed "allow-roaming" setting to return error for modems that do not support roaming barring; |
|
lte
|
fixed cases where AT dialer could get stuck in "modem not ready" state; |
|
lte
|
fixed cases where incorrect network modes and bands could be suggested for active interface; |
|
lte
|
fixed chained firmware update for Chateau 5G; |
|
lte
|
fixed changing eSIM profile nickname; |
|
lte
|
fixed changing MAC address for EC200A-EU modem; |
|
lte
|
fixed crash on LTE passthrough interface deactivation; |
|
lte
|
fixed displaying operator name for Chateau ax R17; |
|
lte
|
fixed eSIM errors appearing on devices without eSIM support; |
|
lte
|
fixed firmware update and status refresh for R11eL-EC200A-EU modem; |
|
lte
|
fixed LTE interface IPv6 address generation to use EUI-64 for EC25-EU&KNe; |
|
lte
|
fixed missing notifications to eSIM provider when eSIM provisioning canceled; |
|
lte
|
fixed tethering support for Google Pixel Pro 8; |
|
lte
|
fixed wrong MTU reading/setting for config-less modems; |
|
lte
|
hide external antenna selection menu for the Chateau AX R17; |
|
lte
|
improved APN IP type handling by enabling only the IP protocols defined in the assigned APN profile for config-less modems; |
|
lte
|
make inactive LTE interface settable, LTE interface settings can be set without waiting for modem initial initialization; |
|
lte
|
removed delay before querying modem status for config-less modems with info channel; |
|
lte
|
show ICCID and IMSI also when the interface is disabled; |
|
lte
|
strip modem reported padding characters for SIM card (ICCID) on Chateau ax R17; |
|
mac-telnet
|
added interface property; |
|
macsec
|
fixed hardware offload on S53 and C53 devices; |
|
mesh
|
fixed missing S flag on interfaces after mesh disable/enable; |
|
ospf
|
fixed typos in log messages; |
|
ping
|
added IPv6 support for flood-ping; |
|
poe-out
|
added LLDP support for dual-signature PDs; |
|
poe-out
|
firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces); |
|
poe-out
|
firmware update for 802.3bt capable boards (the update will cause a brief power interruption to poe-out interfaces); |
|
poe-out
|
firmware update for CRS354-48P-4S+2Q+ (the update will cause a brief power interruption to poe-out interfaces); |
|
poe-out
|
fixed controller-error for CRS354-48P-4S+2Q+; |
|
port
|
fixed baud rate change for TILE architecture devices; |
|
ppp
|
added initial support for BG770A-GL modem firmware update; |
|
ppp
|
fixed Framed-Route attribute not being applied to correct VRF; |
|
profiler
|
split "management" process into different smaller process groups; |
|
radius
|
fixed initialization of incoming UDP socket in some situations; |
|
radius
|
fixed RadSec SSL CPU usage increase on closed connections; |
|
radius
|
improved incoming RadSec packet processing on busy service; |
|
radius
|
improved logging; |
|
rip,pimsm
|
separate the interface property from the address in /routing/rip/interface and /routing/pimsm/interface menus; |
|
rose-storage
|
added XFS support; |
|
route
|
added logs for check-gateway state changes; |
|
route
|
added routing/settings policy-rules; |
|
route
|
added SLAAC route redistribution for IPv6 capable routing protocols; |
|
route
|
do not set blackhole flag for synthetic routes; |
|
route
|
fixed route removal after unexpected safe mode termination; |
|
route
|
fixed routes when scope was less than 10; |
|
routerboard
|
allow changing /system/routerboard/settings via Netinstall or FlashFig using a "mode script"; |
|
routerboot
|
allow installing ARM64 on L009 device ("/system routerboard upgrade" required; configure "/system/routerboard/settings set preferred-architecture=arm64 boot-device=try-ethernet-once-then-nand"; start Netinstall with ARM64 image and reboot the device (DO NOT load the backup routerboot with reset button); downgrading to older versions must be avoided); |
|
routerboot
|
fixed linking to 1000M-half for KNOT Embedded LTE4 ("/system routerboard upgrade" required); |
|
routerboot
|
fixed possible Netinstall failure for KNOT Embedded LTE4 ("/system routerboard upgrade" required); |
|
routing-filter
|
added possibility to match SLAAC and bgp-mpls-vpn route types; |
|
sfp
|
improved initialization and linking for some QSFP modules; |
|
smips
|
reduced package size and removed ip-scan, mac-scan, ping-speed, flood-ping features; |
|
snmp
|
added 5G NSA connection signal indications: nr-rsrp, nr-rsrq, nr-sinr; |
|
snmp
|
fixed CA band indication; |
|
snmp
|
fixed issue where bulk walk might skip the first OID; |
|
snmp
|
fixed minor memory leak when changing SNMP authentication/encryption passwords; |
|
snmp
|
fixed reply for empty snmpbulkwalk requests; |
|
snmp
|
report maximum "ifSpeed" value if out of bounds; |
|
snmp
|
report RouterOS version in SNMPv2-MIB::sysDescr; |
|
ssh
|
improved logging; |
|
supout
|
wait up to 5 minutes for export to complete and show incomplete output in case of timeout; |
|
switch
|
fixed missing switch-cpu port counters; |
|
switch
|
improved system stability when changing bridge multicast-router property on CRS1xx/2xx (introduced in v7.19); |
|
switch
|
updated switch-marvell.npk driver; |
|
system
|
added reset-configuration keep-apps=yes; |
|
system
|
display serial ports in the /system/resource/hardware menu; |
|
system
|
improved upgrade service stability when the server is unreachable; |
|
undo
|
show user when configuring DHCP server or hotspot with setup command; |
|
upgrade
|
added "password" parameter to "local-upgrade" feature when configuring through CLI; |
|
upgrade
|
added IPv6 support for local package source and mirror; |
|
upgrade
|
fixed local package mirror check interval; |
|
upgrade
|
removed redundant commands from local package menu; |
|
usb
|
updated device ids for ax88179_178a driver; |
|
user
|
properly apply login delay (introduced in v7.20); |
|
user-manager
|
added support for NAS-Identifier attribute; |
|
user-manager
|
always respond to accounting requests; |
|
user-manager
|
do not send Disconnect-Message for unknown usernames for Accounting-Request; |
|
user-manager
|
do not send invalid NAS-Port-Type on CoA/PoD messages; |
|
user-manager
|
fixed unauthenticated access to /PRIVATE/ userman web files; |
|
user-manager
|
show empty value for session NAS-IP-Address if empty; |
|
webfig
|
added missing icons for Firewall table; |
|
webfig
|
added new section "Common names" in skin designer; |
|
webfig
|
added support for collapsible tree view for menus like Interfaces, Files, Queues; |
|
webfig
|
added support for URL fields; |
|
webfig
|
fixed ability to set interworking.realms-raw WiFi interface attribute; |
|
webfig
|
fixed skin designer mobile view for QuickSet and Terminal; |
|
webfig
|
fixed Torch Filters default values; |
|
webfig
|
improved address type field input value validation; |
|
wifi
|
added keepalive message in CAPsMAN data channel; |
|
wifi
|
added optional show-frame=radiotap parameter value to make sniffer display the radiotap header of captured frames; |
|
wifi
|
allow specifying hostname to caps-man-addresses; |
|
wifi
|
fixed channel switching for MediaTek access points; |
|
wifi
|
fixed FT support with wpa2-psk-sha2; |
|
wifi
|
fixed functionality of the wireless-signal-strength LED trigger; |
|
wifi
|
fixed possible certificate failure after CAPsMAN disable/enable; |
|
wifi
|
improved spectral-history width for console; |
|
wifi
|
improved stability and fixed multiple issues; |
|
wifi
|
improved stability of interfaces in station mode during roaming; |
|
wifi
|
improved support for 802.11be access points; |
|
wifi
|
improved system stability when using spectral-scan; |
|
wifi
|
introduced /interface/wifi/network menu for higher level network configuration (CLI only); |
|
wifi
|
quicker re-connections to APs for interfaces in station mode; |
|
wifi
|
updated regulatory information for Malaysia; |
|
wifi-mediatek
|
fixed rx chains functionality; |
|
wifi-mediatek
|
updated driver and firmware; |
|
winbox
|
added "Force Check" for local upgrade; |
|
winbox
|
added comment in "System/Ports/Remote Access" menu; |
|
winbox
|
added confirmation message to Format Drive; |
|
winbox
|
added Container Repull command; |
|
winbox
|
added error reporting to CAPsMAN Manager menu; |
|
winbox
|
added GUI support for IPsec QDK; |
|
winbox
|
added missing LoRa channel fields; |
|
winbox
|
added missing route flags; |
|
winbox
|
added route ISIS tab; |
|
winbox
|
added socsify icon for firewall NAT rules; |
|
winbox
|
added SwOS Allow From field; |
|
winbox
|
added warning when changing global script variables; |
|
winbox
|
allow using specified skin without the sensitive policy; |
|
winbox
|
fixed applying a skin to a user authenticated with RADIUS; |
|
winbox
|
fixed applying a skin to WinBox if it was uploaded via the branding package; |
|
winbox
|
fixed default flag in certain menus; |
|
winbox
|
fixed empty "Realm Raw" value processing and value inheritance from configuration template (requires WinBox 4); |
|
winbox
|
fixed L3HW default value for VLAN interface (introduced in v7.21); |
|
winbox
|
fixed modem firmware-upgrade for the RG650E-EU modem; |
|
winbox
|
fixed the "New QoS Profile" field for switch rules; |
|
winbox
|
make File Share URL field clickable; |
|
winbox
|
move "Default" panel from "IPv6/ND/Proxy" to "IPv6/ND/Prefixes"; |
|
winbox
|
rearrange filter wizard parameters in tabs; |
|
winbox
|
recognize imported certificate key size; |
|
winbox
|
rename "Change Now" to "Change" button in "System/Password" menu; |
|
winbox
|
replace "DHCP" with "DHCPv6" in IPv6 menus; |
|
winbox
|
set "Mount Filesystem" by default under "System/Disk" menu; |
|
winbox
|
show MPLS tab only to relevant routes; |
|
winbox
|
show separator after "Protocol" field for IPv6 Firewall rules; |
|
winbox
|
show warnings in "MPLS/Traffic Eng/Tunnel" menu; |
|
winbox
|
updated some setting and title names; |
|
winbox
|
updated various WiFi properties; |
|
wireguard
|
fixed private key generation when creating a WireGuard interface; |
|
wireguard
|
improved stability; |
|
wireguard
|
merged upstream fixes and improvements; |
|
wireless
|
avoid joining BSS that previously failed until all other options tried; |
|
wireless
|
improved system stability when changing nstreme mode; |
|
wireless
|
improved system stability when eap-method=passthrough configured for station; |
|
x86
|
added JME network driver; |
|
x86
|
fixed interface hang on RTL8125 when processing IP-fragmented UDP traffic; |
|
x86
|
improved link establishing on Intel X710 series NIC; |