Search changelog entries
| Component | Change |
|---|---|
| bonding | correctly remove HW offloaded bonding with ARP monitoring; |
| bridge | disable/enable bridge port when setting bpdu-guard; |
| bridge | do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged; |
| capsman | improved DFS channel switching when radar detected; |
| crs3xx | correctly handle L2MTU change; |
| crs3xx | remove previously set mirror-source property before changing it; |
| ethernet | automatically detect interface when using IP address for power-cycle-ping; |
| ethernet | send requests only from ethernet interface when using MAC address for power-cycle-ping; |
| ipsec | added "error" topic for identity check failure logging messages; |
| lte | fixed USB network device driver initialization (introduced in v6.46beta9); |
| smips | reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support); |
| switch | correctly update dynamic switch rule when dhcp-snooping is enabled; |
| switch | fix port isolation for non-CRS series switch chips; |
| tr069-client | added multiple LTE monitoring parameters; |
| wireless | fixed 802.11n rate selection when managed by CAPsMAN; |
| wireless | improved 802.11ac stability for all ARM devices with wireless; |
| wireless | improved U-APSD (WMM Power Save) support for 802.11e; |
| wireless | updated "ukraine" regulatory domain information; |
| Component | Change |
|---|---|
| bonding | fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45); |
| cloud | properly stop "time-zone-autodetect" after disable; |
| interface | fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44); |
| ipsec | added "connection-mark" parameter for mode-config initiator; |
| ipsec | allow peer argument only for "encrypt" policies (introduced in v6.45); |
| ipsec | fixed peer configuration migration from versions older than v6.43 (introduced in v6.45); |
| ipsec | improved stability for peer initialization (introduced in v6.45); |
| ipsec | show warning for policies with "unknown" peer; |
| ospf | fixed possible busy loop condition when accessing OSPF LSAs; |
| profile | added "internet-detect" process classificator; |
| radius | fixed "User-Password" encoding (introduced in v6.45); |
| ssh | do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45); |
| ssh | fixed executed command output printing (introduced in v6.45); |
| supout | fixed supout file generation outside of internal storage with insufficient space; |
| upgrade | fixed "auto-upgrade" to use new style authentication (introduced in v6.45); |
| vlan | fixed "slave" flag for non-running interfaces (introduced in v6.45); |
| wireless | improved 802.11ac stability for all ARM devices with wireless; |
| wireless | improved range selection when distance set to "dynamic"; |
| Component | Change |
|---|---|
| bonding | fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45); |
| bonding | properly handle MAC addresses when bonding WLAN interfaces; |
| dhcpv6-server | include "User-Name" parameter in accounting requests; |
| ipsec | added "connection-mark" parameter for mode-config initiator; |
| ipsec | allow peer argument only for "encrypt" policies (introduced in v6.45); |
| ipsec | fixed peer configuration migration from versions older than v6.43 (introduced in v6.45); |
| ipsec | show warning for policies with "unknown" peer; |
| ospf | fixed possible busy loop condition when accessing OSPF LSAs; |
| ppp | disable DTR send when using at-chat; |
| ssh | do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45); |
| ssh | fixed executed command output printing (introduced in v6.45); |
| supout | fixed supout file generation outside of internal storage with insufficient space; |
| upgrade | fixed "auto-upgrade" to use new style authentication (introduced in v6.45); |
| usb | general USB modem stability improvements; |
| userman | updated Authorize.Net to use SHA512 hashing; |
| vlan | fixed "slave" flag for non-running interfaces (introduced in v6.45); |
| winbox | properly show timestamp in file "Creation Time" field; |
| Component | Change |
|---|---|
| bridge | correctly handle bridge host table; |
| capsman | fixed CAP system upgrading process for MMIPS; |
| capsman | fixed interface-list usage in access list; |
| certificate | removed "set-ca-passphrase" parameter; |
| cloud | properly stop "time-zone-autodetect" after disable; |
| conntrack | fixed GRE protocol packet connection-state matching (CVE-2014-8160); |
| defconf | automatically set "installation" parameter for outdoor devices; |
| dhcpv6-client | fixed status update when leaving "bound" state; |
| dhcpv6-server | fixed dynamic IPv6 binding without proper reference to the server; |
| dhcpv6-server | override prefix pool and/or DNS server settings by values received from RADIUS; |
| discovery | fixed CDP packets not including address on slave ports (introduced in v6.44); |
| properly release e-mail sending session if the server's domain name can not be resolved; | |
| firewall | fixed fragmented packet processing when only RAW firewall is configured; |
| firewall | process packets by firewall when accepted by RAW with disabled connection tracking; |
| gps | strip unnecessary trailing characters from "longtitude" and "latitude" values; |
| hotspot | moved "title" HTML tag after "meta" tags; |
| ipv6 | improved system stability when receiving bogus packets; |
| ovpn | added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066); |
| rb3011 | improved system stability when receiving bogus packets; |
| rb921 | improved system stability ("/system routerboard upgrade" required); |
| snmp | improved reliability on SNMP service packet validation; |
| ssh | fixed non-interactive multiple command execution; |
| supout | added IPv6 ND section to supout file; |
| supout | added "pwr-line" section to supout file; |
| supout | changed IPv6 pool section to output detailed print; |
| winbox | do not allow setting "dns-lookup-interval" to "0"; |
| wireless | improved DFS radar detection when using non-ETSI regulated country; |
| wireless | improved installation mode selection for wireless outdoor equipment; |
| wireless | updated "china" regulatory domain information; |
| www | improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473); |
| Component | Change |
|---|---|
| cloud | properly stop "time-zone-autodetect" after disable; |
| conntrack | properly start manually enabled connection tracking; |
| dhcpv6-server | made "calling-station-id" contain MAC address if DUID contains it; |
| fetch | improved stability when processing large output data; |
| hotspot | fixed non-local NAT redirection to port TCP/64873; |
| ipsec | improved stability for peer initialization (introduced in v6.45); |
| lte | do not allow setting 3G and GSM modes on LTE only modems; |
| lte | show "primary-band" only for LTE modems; |
| radius | fixed "User-Password" encoding (introduced in v6.45); |
| tr069-client | reconnect to ACS when "ConnectionRequestURL" is updated; |
| w60g | added "region" setting to limit allowed frequencies (CLI only); |