Search changelog entries
| Component | Change |
|---|---|
| tools | fixed "ip-scan" (introduced in v7.9beta4); |
| user-manager | fixed process startup after booting (introduced in v7.9beta4); |
| Component | Change |
|---|---|
| bgp | copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4); |
| bgp | fixed BGP VPNv4 origin attribute (introduced in v7.9beta4); |
| console | fixed syntax highlighting when editing scripts (introduced in v7.9beta4); |
| console | replaced "fingerprint" with "skid" in "/certificate print"; |
| health | fixed bogus value reporting for CRS510 device; |
| ike1 | improved service stability when handling non-RSA keys (introduced in v7.9beta4); |
| ike2 | fixed minor logging typo; |
| ipsec | added error log message when peer ID does not match certificate; |
| ipsec | improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4); |
| ipv6 | fixed IPv6 ND configuration change storing (introduced in v7.9beta4); |
| ipv6 | send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated; |
| netinstall-cli | improved device reinstall on failed attempt; |
| snmp | improved outputting of routes; |
| ssh | added support for Ed25519 key export and import in PKCS8 format; |
| ssh | improved system stability when using SSH tunneling (introduced in v7.9beta4); |
| timezone | updated timezone information from "tzdata2023c" release; |
| wifiwave2 | fixed key handshake timeout for re-associating client devices on 802.11ac interfaces; |
| winbox | fixed changing slot name under "System/Disk" menu; |
| Component | Change |
|---|---|
| bgp | improved BGP VPN selection; |
| bridge | added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips; |
| bridge | fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall"; |
| certificate | fixed bogus log messages; |
| chr | fixed public SSH key pulling when running on AWS; |
| console | added "/task" submenu (CLI only); |
| console | added option to create new files using "/file add" command (CLI only); |
| console | improved stability when doing "/console inspect" in certain menus; |
| console | improved stability when editing long strings; |
| console | improved system stability; |
| console | removed bogus "reset" command from "/system resource usb" menu; |
| console | rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu; |
| console | show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation; |
| container | fixed invoking "container shell" more than once; |
| container | improved "container pull" to support OCI manifest format; |
| detnet | fixed interface state detection after reboot; |
| dhcp | changed the default lease time for newly created DHCP servers to 30 minutes; |
| dhcpv4-server | release lease if "check-status" reveals no conflict; |
| disk | improved system stability when removing USB while formatting; |
| ethernet | fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices; |
| filesystem | fixed partition "copy-to" function; |
| firewall | added "connection-nat-state" to IPv6 mangle and filter rules; |
| general | mpls- fixed LDP "preferred-afi" parameter; |
| health | added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices; |
| ipsec | fixed packet processing by hardware encryption engine on RB850Gx2 device; |
| ipsec | refactor X.509 implementation; |
| ipv6 | added "valid" and "lifetime" parameters for SLAAC IPv6 addresses; |
| ipv6 | send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated; |
| l3hw | improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips; |
| leds | disable LEDs after "/system shutdown"; |
| lte | capped maximum lifetime of SLAAC address to 1 hour; |
| lte | fixed CA band clearing on RAT mode change; |
| lte | fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used; |
| lte | fixed LTE interface not showing up when resetting RouterOS configuration; |
| lte | fixed passthrough mode when used together with another APN for Chateau 5G; |
| lte | fixed R11-LTE-US in LTE passthrough mode; |
| lte | fixed R11e-LTE-US reporting of RSSI in LTE mode; |
| lte | fixed re-attach in some cases where module would stay in not-running state after network detach; |
| lte | fixed second modem halt on dual R11e-LTE6 setup; |
| netwatch | added "startup-delay" setting (CLI only); |
| netwatch | improved ICMP status evaluation when no reply was present; |
| netwatch | limit "start-delay" range; |
| ospf | fixed processing of fragmented LSAs; |
| ovpn | added support for OVPN server configuration export and client configuration import from .ovpn file; |
| quickset | fixed displaying of "SINR" when value is 0; |
| rose-storage | added option to nvme-discover with hostname (CLI only); |
| rose-storage | fixed crash on nvme-tcp disable; |
| rose-storage | fixed rsync transfer permissions; |
| rose-storage | various stability fixes; |
| route | fixed "dynamic-id" for VRF tables; |
| route | improved system stability when making routing decision; |
| route | show SLAAC routes under the "/routing route" menu; |
| route-filter | improved stability when matching blackhole routes; |
| routerboot | added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only); |
| sfp | added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| sfp | allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| sfp | allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| sfp | fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8); |
| sfp | fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch; |
| sfp | improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| sfp | improved SFP28 interface stability with some optical modules for CRS518 switch; |
| sfp | improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices; |
| socks | added VRF support; |
| ssh | added Ed25519 host key support; |
| ssh | do not allow SHA1 usage with strong crypto enabled; |
| ssh | improved service responsiveness when changing SSH service settings; |
| ssh | improved SSH key import process; |
| storage | mount RAM drive for devices with 32MB flash; |
| supout | added DHCP server network section; |
| switch | fixed ACL rules matching IPv6 packets when using only IPv4 matchers; |
| switch | improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches; |
| vrrp | added "self" value for "group-master" setting; |
| vxlan | added forwarding table; |
| vxlan | fixed packet drops when host moves between remote VTEPs; |
| webfig | added inline comments; |
| webfig | fixed "Destination" value under "MPLS/Forwarding-Table" menu; |
| webfig | fixed issue where "Certificate" value disappears under "IP/Services" menu; |
| webfig | fixed issue where entries might be missing under "IP/DHCP-Server" menu; |
| webfig | various stability fixes; |
| wifiwave2 | added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only); |
| wifiwave2 | added ability to configure antenna gain; |
| wifiwave2 | added ability to configure beacon interval and DTIM period; |
| wifiwave2 | added information on additional interface capabilities to radio parameters; |
| wifiwave2 | automatically add a VLAN-tagged interface to the appropriate bridge VLAN; |
| wifiwave2 | exit sniffer command and return error when trying to sniff on an unsupported channel; |
| wifiwave2 | fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since; |
| wifiwave2 | fixed issue of some supported channels not being listed in the radio parameters; |
| wifiwave2 | fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs; |
| wifiwave2 | fixed VLAN tagging for unencrypted (open) APs; |
| wifiwave2 | improved general interface stability; |
| wifiwave2 | improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax; |
| wifiwave2 | increased maximum value for "channel.frequency" to 7300; |
| wifiwave2 | show information on captured packets and added ability to save them locally in a pcap file; |
| winbox | added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu; |
| winbox | added "Preferred AFI" property under "MPLS/LDP-Instance" menu; |
| winbox | added "S" flag under "IPv6/Firewall/Connections" menu; |
| winbox | added "Tx Power" property under "Wifiwave2/Status" menu; |
| winbox | added "Tx Queue Drops" property under interface settings "Traffic" tab; |
| winbox | added "Username" and "Password" properties under "Container/Config" menu; |
| winbox | added "Valid" and "Preferred" properties under "IPv6/Address" menu; |
| winbox | added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu; |
| winbox | changed route flag name from "invalid" to "inactive"; |
| winbox | fixed "TLS" property under "Tools/Email" menu; |
| winbox | fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed; |
| winbox | fixed default value for "Allow managed" property under "Zerotier" menu; |
| winbox | fixed duplicate "My ID" column under "IP/IPsec/Identities" menu; |
| winbox | fixed minor typo in "WifiWave2/Radios" menu; |
| winbox | fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8); |
| winbox | improved Ethernet advertise, speed and duplex settings; |
| winbox | only show permitted countries for wifiwave2 interfaces; |
| winbox | show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu; |
| www | allow unsecure HTTP access to REST API; |
| x86 | fixed changing software-id (introduced in v7.7); |
| zerotier | upgraded to version 1.10.3; |
| Component | Change |
|---|---|
| bgp | fixed setting of "default-prepend" parameter; |
| bridge | fixed adding disabled MSTI; |
| bridge | fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall"; |
| bridge | fixed possible DHCP packet corruption when using DHCP snooping; |
| bridge | fixed PVID warning typo; |
| bridge | improved HW offloading logic; |
| certificate | fixed export of a certificate when the last line of the certificate is exactly 64 bytes long; |
| certificate | fixed PBES2 certificate import; |
| certificate | improved certificate management, signing and storing processes; |
| certificate | improved multiple certificate import process; |
| conntrack | improved system stability when changing connection tracking state; |
| conntrack | improved system stability when PPTP helper is used; |
| console | added "as-string" parameter to the ":execute" command; |
| container | added authentication option for registry (CLI only); |
| container | fixed ".type" file ownership; |
| container | fixed file ownership after system upgrade for containers running on internal disk; |
| container | fixed multiple container automatic startup on boot; |
| dhcpv4-client | send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used; |
| disk | limit maximum TMPFS size; |
| dns | added configurable DoH concurrent query limitation parameters; |
| dns | do not cache results from ":resolve" command with specific server; |
| dns | fixed CNAME reading from the cache; |
| dns | limited "DoH max concurrent queries reached" logging messages to once per minute; |
| dns | respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server; |
| firewall | fixed bridge priority target; |
| firewall | fixed DSCP priority target for IPv6 Mangle; |
| firewall | fixed netmap range maximum address calculation for IPv6 NAT; |
| graphing | fixed hiding of target queues when "allow-target" is disabled; |
| graphing | fixed sorting of interface and queue graphs; |
| graphing | properly handle disabled and static-binding interface graphs; |
| graphing | removed "move" command for graphing rules; |
| health | fixed "temperature" and "power-consumption" readings for RB1100AHx4; |
| hotspot | fixed setting of "address" parameter for IP binding; |
| hotspot | restore cookie timeout on reboot; |
| ike2 | added support for "address", "key-id" and "dn" for Remote ID matching (CLI only); |
| ike2 | fixed active SA flush on responder after an unsuccessful peer connection attempt; |
| ipsec | added support for "Framed-Route" RADIUS attribute support; |
| ipsec | do not match incoming IKE requests by unresolved DNS name peers; |
| ipsec | fixed peer matcher for incoming connection with unresolved DNS; |
| ipv6 | added "pref64" option configuration for RA; |
| ipv6 | improved handling of "advertise" IPv6 address status changes; |
| ipv6 | limited "hop-limit" parameter value range to 255; |
| ipv6 | made distributed DNS lifetime RFC8106 compliant; |
| l3hw | added destination MAC address check for offloaded FastTrack connections; |
| led | fixed signal reading for KNOT device; |
| leds | always require to set interface name when setting "modem-signal" indication; |
| lte | added AT support for Telit LE910C4 in MBIM mode; |
| lte | fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems; |
| lte | fixed automatic antenna selection on Chateau LTE12/LTE18; |
| lte | fixed dialing for Fibocom L850-GL module; |
| lte | fixed displaying of "subscriber-number"; |
| lte | fixed possible memory leak when using passthrough mode on Chateau 5G; |
| lte | improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems; |
| lte | improved modem detection speed in lower mini-PCIe slot on LtAP; |
| lte | improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout; |
| lte | LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required); |
| lte | parse USSD even if encoding is unsupported; |
| mpls | fixed handling of more than 9 VRF's; |
| mpls | fixed LDP listen socket creation before IPv6 address is ready for use; |
| mpls | improved stability when neighboring router reboots; |
| ospf | fixed "ospf-type" parameter for OSPFv3 routes; |
| ospf | fixed simple auth for OSPFv3; |
| ovpn | added AES-GCM and multicore encryption support; |
| ovpn | improved server stability; |
| ovpn | improved TLS-related error logging; |
| pimsm | improved system stability; |
| poe | added LLDP power management support for 802.3at PSE; |
| poe | properly turn off power when link not detected on hAP ax2 and hAP ax3; |
| port | fixed modem channel number on KNOT; |
| pppoe | fixed PPPoE client scan showing only one server; |
| resource | show filesystem related statistics on CCR2004; |
| route | fixed IPv6 default route presence when received from RA; |
| route | fixed printing of routing table's "count-only" parameter; |
| route | show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes; |
| routerboot | fixed format storage for RBM33G device ("/system routerboard upgrade" required); |
| routerboot | fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required); |
| sfp | fixed false link detection with S+RJ10 on RB5009; |
| sfp | fixed reading of SFP EEPROM on single SFP port devices; |
| sfp | improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices; |
| sms | improved reporting of SMS sending errors; |
| sms | log USSD response when USSD is sent over MBIM; |
| sniffer | added additional filtering parameters; |
| snmp | do not show identity in LLDP when branding is used with hide SNMP data; |
| snmp | fixed handling of disabled routes; |
| snmp | fixed reporting of total number of routes counter; |
| ssh | hard-coded "localhost" address for forwarding requests; |
| ssh | improved system stability when processing none-crypto SSH connection; |
| sstp | fixed TLS session establishment when "connect-to" is DNS name; |
| switch | fixed SFP rate select for CRS354 devices; |
| switch | improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches; |
| switch | improved system stability for 98DXxxxx switch chips; |
| swos | removed "/system swos" menu for CRS5xx series switches; |
| torch | allow "without-paging" parameter for Torch; |
| traffic-generator | increased maximum allowed stream count; |
| upgrade | show error message when license prohibits upgrade; |
| usb | changed USB auto detect behavior to default to the external USB, when no internal USB devices detected; |
| vxlan | added "dont-fragment" setting that allows managing fragmentation; |
| vxlan | added "max-fdb-size" parameter; |
| vxlan | added FastPath support; |
| webfig | allow setting numeric values in time interval fields; |
| webfig | fixed accessing of WebFig when "Interface" menu is disabled by skin; |
| webfig | fixed editing of multi-field parameters with "not" checkbox; |
| webfig | fixed handling of empty skin files; |
| webfig | improved navigation responsiveness; |
| webfig | improved skin file parsing; |
| webfig | improved terminal operation; |
| webfig | properly escape all reserved URI characters; |
| webfig | updated WebFig and graph web pages to HTML5; |
| wifiwave2 | added wireless sniffer tool to capture wireless transmissions (CLI only); |
| wifiwave2 | adjust monitoring of station interfaces to report when an interface is authorized, not just connected; |
| wifiwave2 | enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax; |
| wifiwave2 | fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21; |
| wifiwave2 | fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4); |
| wifiwave2 | implement 802.11w management protection SA Query procedures; |
| wifiwave2 | improve protections from denial-of-service attacks on WPA3; |
| winbox | added "Connect" button under "WifiWave2/Scan" menu; |
| winbox | added "Disable/Enable" buttons under "WifiWave2" menu; |
| winbox | added "Match Subdomain" parameter under "IP/DNS/Static" menu; |
| winbox | added "Provision" button under "WifiWave2" menu; |
| winbox | added "Start On Boot" checkbox under "Container" menu; |
| winbox | added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu; |
| winbox | added missing properties when setting "Use DoH Server"; |
| winbox | added missing WifiWave2 related parameters under "WifiWave2" menu; |
| winbox | added support for manual RAM file system (TMPFS) creation under "System/Disk" menu; |
| winbox | added Type "https-get" parameter under "Tools/Netwatch" menu; |
| winbox | allow selecting bridge for static entries under "Bridge/MDB" menu; |
| winbox | fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu; |
| winbox | fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu; |
| winbox | fixed displaying of flags under "System/Console" menu; |
| winbox | fixed displaying of multiple character flags; |
| winbox | fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu; |
| winbox | hide "TTL" value for static DNS entries with FWD type; |
| winbox | hide unnecessary properties for virtual interfaces under "WifiWave2" menu; |
| winbox | improved mouseover hint for "local" policy under "System/Users/Groups" menu; |
| winbox | rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu; |
| winbox | show "Gateway" column by default under "IPv6/Routes" menu; |
| x86 | added support for TP-Link TG-3468; |
| x86 | fixed SR-IOV support for Intel X710 series NIC; |
| x86 | improved Intel 500 series 10G SFP module support; |
| x86 | improved stability for Intel X550 series NIC with SR-IOV; |
| zerotier | fixed routes after VRF change; |