Search changelog entries
| Component | Change |
|---|---|
| bridge | fixed incorrectly blocked ports by STP (introduced in v7.20); |
| console | fixed incorrect ids in /file/print relative mode (introduced in v7.20); |
| console | improved stability when printing ids for a non-existent directory (introduced in v7.20) |
| dhcpv6-client | improved system stability when DHCPv6 client uses "rapid-commit=no", "accept-prefix-without-address=no" and receives only prefix from the server; |
| dhcpv6-server | do not force set "address-pool" on static bindings with unset pool option after system reboot; |
| evpn | added basic logging support; |
| evpn | fixed MAC mobility; |
| firewall | reduce maximum connection tracking entry count; |
| iot | fixed an issue preventing LoRa downlink packets from being broadcasted; |
| ip | removed duplicate CLI parameters for socksify; |
| log | cleaned up older config by removing leading slashes from "disk-file-name" values; |
| mpls | fixed LDP label binding if nexthop is link-local address; |
| poe-out | fixed RB5009 PoE-in indication on cold-boot with no other power source; |
| routing-filter | change "^$" regexp to bgp-path-len=0 on upgrade from v6 to v7; |
| routing-filter | use bgp-out-med for set bgp-med on upgrade from v6 to v7; |
| snmp | fixed SNMP SET operation (introduced in v7.20); |
| snmp | set maximum message size to 8 KB; |
| system | fixed ".auto.rsc" file execution (introduced in v7.20); |
| system | fixed package list fetch from local upgrade server; |
| system | fixed Windows executable compatibility with Microsoft AppLocker; |
| winbox | added IP/Socksify menu; |
| winbox | added support for 200Gbps/400Gbps Rate fields; |
| winbox | fixed Ethernet Tx Stats (introduced in v7.20); |
| Component | Change |
|---|---|
| arm64 | allow enabling receive packet steering on /system/resource/irq/rps menu in order to overcome unbalanced CPU load (additional fixes); |
| console | fixed incorrect ids in /file/print relative mode (introduced in v7.20); |
| console | improved stability when printing ids for a non-existent directory (introduced in v7.20) |
| container | add initial Bluetooth device support; |
| container | added "/app" menu for simple containerized app installation (requires "container" package and enabled "container" device-mode); |
| container | do not allow layer-dir to be within some containers root-dir; |
| container | enable relevant kernel features to support more container apps (additional fixes); |
| ethernet | added "unsupported speed" warning for forced 1Gbps, 2.5Gbps, 5Gbps, 10Gbps baseT modes; |
| firewall | use the highest TTL as timeout value for domain address list entries if multiple domain names resolve to same IP (additional fixes); |
| ike1 | fixed an issue where policies could be released too early before re-acquisition; |
| ipv6 | added "self" option for IPv6/ND DNS advertise settings (additional fixes); |
| ipv6 | properly remove SLAAC installed route when prefixes expire; |
| ipv6,ra | fixed prefix unlinking from interface on configuration change and stop deprecating prefixes when the validity lifetime expires; |
| l3hw | added per-VLAN "l3-hw-offloading" setting and "H" flag for /interface/vlan menu (additional fixes); |
| l3hw | fixed issue with IPv4 ARP and IPv6 neighbor resolve for CRS812; |
| lte | added confirmation prompt when deleting eSIM profile; |
| qos-hw | always use qos-hw-offloading=yes for CRS812 device; |
| route | fixed missing connected routes on setups with large amount of interfaces (introduced in v7.20); |
| routerboard | fixed non-running interfaces for CRS310-8G+2S+IN after booting to SwOS ("/system routerboard upgrade" required) (introduced in v7.20); |
| snmp | fixed SNMP SET operation (introduced in v7.20); |
| snmp | fixed SNMP trap messages being corrupted when sent to multiple targets; |
| switch | fixed "failure: cpu flow control not supported" (introduced in v7.20); |
| system | fixed Windows executable compatibility with Microsoft AppLocker; |
| veth | fixes IP address not appearing in the app menu when VETH uses DHCP; |
| winbox | added support for 200Gbps/400Gbps Rate fields; |
| winbox | Bandwidth test, Speed test, Ping, Traceroute tools use RouterOS DNS service to resolve domain names (additional fixes); |
| winbox | make VETH gateway fields not required; |
| winbox | removed "Add" for dynamic DNS servers; |
| Component | Change |
|---|---|
| bgp | added output.network-blackhole setting; |
| bgp | do not auto-generate blackhole routes by default (introduced in v7.20); |
| bgp | fixed inactive flag in GUI after instance disable/enable; |
| console | fixed ".id" printing when using "group-by" (introduced in v7.20); |
| console | fixed relative path printing (introduced in v7.20); |
| ike1 | fixed an issue where policies could be released too early before re-acquisition; |
| ipv6,ra | fixed prefix unlinking from interface on configuration change and stop deprecating prefixes when the validity lifetime expires; |
| lte | fixed issue with firmware update for FG621-EA modem; |
| ppp | added support for KNOT BG77 modem firmware upgrade to version BG77LAR02A04_A0.301.A0.301; |
| qos-hw | always use qos-hw-offloading=yes for CRS812 device; |
| quickset | fixed issue where routes set by QuickSet did not appear in export; |
| route | fixed missing connected routes on setups with large amount of interfaces (introduced in v7.20); |
| route | improved stability; |
| routerboard | fixed non-running interfaces for CRS310-8G+2S+IN after booting to SwOS ("/system routerboard upgrade" required) (introduced in v7.20); |
| sfp | improved interface link speed configuration for CRS812; |
| snmp | fixed SNMP trap messages being corrupted when sent to multiple targets; |
| switch | fixed "failure: cpu flow control not supported" (introduced in v7.20); |
| system | improved system stability when using hardware-offloaded encryption on RB3011 and hAP ac2 (introduced in v7.20); |
| webfig | fixed form closing with saving when pressing Enter key (introduced in v7.20); |
| webfig | fixed interface settings and graphs (introduced in v7.20); |
| webfig | improved container form loading performance when router has a lot of files; |
| winbox | fixed WinBox 3 application failure when opening IPv6/Firewall/Connection entry (introduced in v7.20); |
| www | improved stability (CVE-2025-10948); |
| Component | Change |
|---|---|
| arm64 | allow enabling receive packet steering on /system/resource/irq/rps menu in order to overcome unbalanced CPU load; |
| bgp | added output.network-blackhole setting; |
| bgp | allow duplicate router-ids for eBGP sessions (RFC-6286); |
| bgp | always advertise extended nexthop cap for all supported address families; |
| bgp | do not allow iBGP with non-equal ASNs; |
| bgp | do not auto-generate blackhole routes by default (introduced in v7.20); |
| bgp | fixed inactive flag in GUI after instance disable/enable; |
| bgp | fixed route refresh subcode 0 warning; |
| bgp | fixed selection of received BGP VPN routes; |
| bgp | implement RFC 9234 route leak prevention and detection using roles; |
| bonding | added lacp-system-id and lacp-system-priority settings; |
| bonding | fixed lacp-mode=passive; |
| bonding | improved stability for 802.3ad LACP; |
| bridge | fixed filter and NAT matching with "mac-protocol=length"; |
| bridge | fixed missing local MAC after changing protocol-mode setting; |
| bridge | fixed static host and MDB entry updates on VLAN add/remove; |
| bridge | improved DHCP Option 82 values (circuit-id:"interface-name:vid", remote-id:"bridge MAC address"); |
| bridge | improved stability after failed protocol-mode=mstp change; |
| bth | added file-share link preview; |
| bth | fixed big file upload; |
| bth | fixed file-share expire after reboot; |
| certificate | added SHA384, SHA512 support for SCEP; |
| certificate | allow ca-crl-host parameter for issued certificates; |
| certificate | improved Let's Encrypt logging; |
| certificate | on certificate import, added the "issued" flag if the certificate store contains the imported certificate's CA and its private key; |
| certificate | refactored Certificate internal processes; |
| chr | fixed guest OS type "Other Linux (64-bit)"; |
| console | added "mvrp" to mac-protocol setting; |
| console | added changelog to /system/package/update/check-for-updates; |
| console | added delimiter parameter to :toarray command; |
| console | added reset command to settings directories; |
| console | added sensitive flag to QR code in WireGuard "show-client-config"; |
| console | added show-sensitive option for print command, hide sensitive settings in print output by default; |
| console | do not set values when "setup" command is interrupted; |
| console | fixed :convert from=num on MIPSBE; |
| console | fixed ".id" printing when using "group-by" (introduced in v7.20); |
| console | fixed "special-login" setting incorrect channel; |
| console | fixed autocomplete in fullscreen editor to append tabs, spaces, etc; |
| console | fixed ip6-prefix visual representation; |
| console | fixed relative path printing (introduced in v7.20); |
| console | improved help for address arguments; |
| console | improved printing visuals (column layout and paging); |
| console | improved stability; |
| console | remove unnecessary commands from /ip/hotspot/active menu; |
| console | removed /quickset menu; |
| console | return error values for certain commands if action failed (e.g. /system/routerboard/upgrade); |
| console | show fullscreen script editor completions above hintbar; |
| console | updated "Change your password" to "Change your password (Ctrl-C to skip)"; |
| container | added "/app" menu for simple containerized app installation (requires "container" package); |
| container | added CPU usage; |
| container | added hosts setting; |
| container | added kill command to send signals (CLI only); |
| container | added option to limit CPUs used by containers; |
| container | added root dir size; |
| container | added run command to allow interactive mode (CLI only); |
| container | added stop-time setting; |
| container | added update command (CLI only); |
| container | allow to configure extra ENV variables directly in container; |
| container | allow to disable/enable envs and mounts; |
| container | allow to specify mounts directly in container; |
| container | calculate volume sizes; |
| container | convert container mounts setting to mountlists, old mount name becomes list name, list name can map to multiple mounts; |
| container | enable relevant kernel features to support more container apps; |
| container | fixed error for starting container which consists of large number of layers; |
| container | fixed extract issues; |
| container | fixed VETH when using long interface name; |
| container | have per container layer-dir setting to be able to have separate layer stores for different sets of containers; |
| container | improved stability and fixed other issues; |
| container | show detailed import status, helps understand long imports; |
| container | show image-id field (CLI only); |
| container | store image import data (allows keeping container after netinstall); |
| detnet | do not try detection on slave interfaces; |
| detnet | fixed unnecessary process starting even when feature is not enabled; |
| dhcp | allow to set other gateway types not just IP for dhcp lease "routes" parameter; |
| dhcp-server | added "support-broadcom-tr101" setting to pass additional Option 82 suboptions to RADIUS server; |
| dhcp6-server | attempt to extract MAC from DUID for dual-stack purposes when client uses DUID-EN type of DUID; |
| dhcpv4-client | don't stop client on unsuccessful client option value change; |
| dhcpv4-server | added setting allowing to select client-id, MAC address or both for dynamic lease addition; |
| dhcpv4-server | improved logging; |
| dhcpv4-server | improved setup wizard prompts relating to DNS; |
| dhcpv4-server | respond with hlen 0 when htype is 8; |
| dhcpv4-server | send RADIUS Accounting Stop messages when interim-update is zero; |
| dhcpv6 | improved console hints; |
| dhcpv6-client | do not show I flag for disabled client; |
| dhcpv6-client | fixed misleading "couldn't acquire address, continue with prefix only" error when prefix is not even requested; |
| dhcpv6-relay | added "about" error message option; |
| dhcpv6-relay | enable configuration of options that are added to relayed DHCPv6 requests; |
| dhcpv6-server | added accounting to use-radius setting, similar to DHCPv4 server; |
| dhcpv6-server | improved event logging messages; |
| dhcpv6-server | improved service stability when receiving DHCP requests for PPP service clients without included IA_PD; |
| dhcpv6-server | include traffic usage statistics when accounting is stopped due to binding expiry and removal; |
| discovery | correctly report PoE dual signature per-pair class; |
| discovery | fixed MNDP IPv6 status reporting; |
| discovery | send out neighbor discovery immediately on IPv4/IPv6 changes; |
| disk | added nvme-tcp-server-nqn setting to be able to explicitly configure NQN, will default to "nqn.2000-02.com.mikrotik:slot" for new configurations; |
| disk | allow ":" and "." in slot name; |
| disk | allow only lowercase chars in iscsi-server-iqn; |
| disk | allow to have type=file devices without rose-storage (needed for file based swap); |
| disk | allow to set smb-share only for type=smb; |
| disk | consolidate client states into single field, as each item can be only one type of "client"; |
| disk | do not allow setting raid-master when have filesystem; |
| disk | do not allow starting Btrfs replace when replace is suspended; |
| disk | do not delete partition configs on device remove and eject (fixes lost config with unstable hardware); |
| disk | fixed for SMB mount to be writable by container; |
| disk | fixed iscsi client; |
| disk | fixed iscsi export disable; |
| disk | fixed issue with double "/" in SMB share path for some clients; |
| disk | fixed SATA eject/scan; |
| disk | fixed write RAID superblock; |
| disk | improved cleanup order to avoid waiting for timeouts on shutdown; |
| disk | improved RDS2216 SATA controller; |
| disk | improved system stability; |
| disk | rename nvme-tcp client name to nqn everywhere symmetrically with server; |
| disk | show NVMe critical warnings; |
| disk | unshare iscsi and nfs client/server ids, add iscsi-server-iqn; |
| disk | update interface type/speed after scan; |
| disk | use default label when nothing specified when formatting from WinBox; |
| dns | added VRF support for ":resolve" command; |
| dns | added VRF support for DNS servers; |
| return all errors to console when executed from console; | |
| eoipv6,gre6,ipip6 | added "dont-fragment" setting and allow packet fragmentation for packet sizes exceeding underlay interface MTU; |
| ethernet | added "unsupported speed" for forced 1Gbps modes; |
| ethernet | change default L2MTU 1518 to 1596 for RB5009; |
| ethernet | fixed 2.5G-baseT link-partner-advertising on RB5009, hAP ax3, Chateau ax devices; |
| evpn | fixed Ethernet Segment (ES) routes; |
| fetch | added "http-percent-encoding" parameter; |
| fetch | fixed http headers appearance when received payload is empty; |
| fetch | send http-data for any http method; |
| file | distinguish empty mount points from disks; |
| firewall | added "h" flag indicating that firewall service helper is applied for particular connection; |
| firewall | added support for TOS/mask matching for raw rules; |
| firewall | fixed hotspot value loss on rule enable/disable; |
| firewall | fixed strip-ipv4-options always passthrough; |
| firewall | hide hw-offload setting from devices that do not support it; |
| firewall | improved system stability and memory allocation when using firewall services; |
| firewall | make hw-offload=yes default setting in /ip/firewall/filter menu; |
| firewall | use the highest TTL as timeout value for domain address list entries if multiple domain names resolve to same IP; |
| health | upgraded fan controller firmware to latest version; |
| hotspot | added TOTP support for local hotspot users; |
| hotspot | improved system stability; |
| ike2 | adapt rekey procedure for compatibility with Libreswan; |
| iot | added mqtt disconnect/connect GUI options; |
| ip-service | do not duplicate entries for containers running in same netns; |
| ip-settings | limit IPv4/IPv6 max-neighbor-entries maximum value; |
| ippool6 | added "Valid Lifetime" and "Preferred Lifetime" options and use them when constructing IPv6 address; |
| ippool6 | fixed minor memory leak; |
| ippool6 | log address removal; |
| ippool6 | take into account "subnet-id" when specified on address; |
| ipsec | fixed CHACHA20 typo in log messages; |
| ipsec | support Post-Quantum Pre-shared Key (PPK) with QKD integration; |
| ipv6 | added "none" option for IPv6/ND/Prefix when advertising just options, not prefix; |
| ipv6 | added "self" option for IPv6/ND DNS advertise settings; |
| ipv6 | allow to specify on which interfaces to accept Router-Advertisements; |
| ipv6 | do not disable/enable Router-Advertisements functionality based on IPv6/ND configuration; |
| ipv6 | remove SLAAC installed DNS server and route on expire; |
| isis | improved stability; |
| l3hw | added per-VLAN "l3-hw-offloading" setting and "H" flag for /intervace/vlan menu; |
| l3hw | display warning when partial offloading is active (suggest users to use suppress-hw-offloading to control which routes gets HW offloaded and which are CPU processed); |
| l3hw | fixed partial offloading with /31 routes; |
| l3hw | fixed per-VLAN counters when packets are going through CPU; |
| l3hw | fixed VLAN and VXLAN counters for CRS520 device; |
| l3hw | improved stability and performance during L3HW enable with many routes; |
| l3hw | improvements and optimizations for IPv4 /32 and IPv6 /128 route offloading; |
| l3hw | prioritize local IP address over ARP/neighbor entry with same IP (fixes incorrect packet flow); |
| log | fixed ISO8601 time format; |
| log | fixed remote logging on remote-protocol configuration change; |
| log | fixed unnecessary file creation when configuring a disabled log action with "target=disk"; |
| log | hide irrelevant log action parameters; |
| log | limit firewall log prefix length; |
| log | limit log socket buffer memory size; |
| lte | added "force-delete" command to allow deletion of active eSIM profiles; |
| lte | added additional logging for error reported by modem during APN profile setup; |
| lte | added command to send out EUICC generated notifications manually; |
| lte | added confirmation prompt when deleting eSIM profile (CLI only); |
| lte | added support for additional D-Link DWM-222 variation (vendor-id="0x2001" device-id="0x7e46"); |
| lte | added support for additional Huawei E3372-325 variation (vendor-id="0x3566" device-id="0x2001"); |
| lte | added support for R11e-LTE6 v039 firmware release and availability notification; |
| lte | ask for user confirmation before installing eSIM profile (CLI only); |
| lte | clear SIM not present error when performing modem FW upgrade; |
| lte | discontinued support for RBSXTLTE3-7, further versions will use v7.20 LTE firmware package; |
| lte | fixed cases where LTE monitor could show abnormalities; |
| lte | fixed issue with firmware update for FG621-EA modem; |
| lte | force sms-protocol to AT for FG621-EA modem; |
| lte | improved AT modems at-chat control channel handling after modem has closed AT channel unexpectedly; |
| lte | improved modem recovery for Chateau 5G and Chateau 5G R16; |
| lte | improved stability for FG621-EA modem; |
| lte | improved system stability when receiving SMS messages; |
| lte | relay EUICC generated notifications after profile enable/disable/remove/provision; |
| lte | rework multiapn support for AT modems; |
| lte | unify "SIM not present" status for all modems; |
| macsec | work on hardware-offloaded support (available only on QCA8081 PHY: RB5009, hAP ax3, Chateau ax ether1 port); |
| media | fixed console autocomplete for path parameter; |
| mpls | fixed LDP filter upgrade from v6 where neighbor parameter is not specified; |
| mpls | fixed LDP label binding if nexthop is link-local address; |
| netinstall | fixed install with old RouterBOOT; |
| ospf | changed nssa-translator default value from no to candidate; |
| ospf | improved stability; |
| ospf | show interface as separate prop for interface and neighbor; |
| ovpn-server | added support for pushing IPv6 routes; |
| poe-out | added input name hint to poe max-power settings; |
| poe-out | added LED blink on error for RB5009; |
| poe-out | firmware update for 802.3at capable boards (the update will cause brief power interruption to poe-out interfaces); |
| poe-out | firmware update for 802.3bt capable boards (the update will cause brief power interruption to poe-out interfaces); |
| poe-out | improved firmware update stability; |
| poe-out | improved power-on mechanism for 802.3at capable boards; |
| port | added comment for /port/remote-access (CLI only); |
| port | added support for additional baudrates for USB to serial adapters; |
| port | do not show serial port for ATL 5G R16; |
| port | fixed export for default serial port name; |
| port | give "gps" prefix for R11e-LR8G and R11e-LR9G GPS ports; |
| qos-hw | added "default" flags to default entries; |
| qos-hw | added "mirror-profile" which allows to select profile (traffic-class) for mirrored traffic; |
| qos-hw | always show usage and PFC counters, even when they are zero (CLI only); |
| qos-hw | fixed counters for ports that are configured with "offline" tx-manager; |
| qos-hw | fixed profile add/remove for CRS812; |
| qos-hw | fixed shared-pools for CRS812; |
| qos-hw | remove unnecessary "offline" tx-manager for CRS812 (not supported by hardware); |
| queue | improved system stability when using SFQ kind of queues; |
| quickset | fixed issue where routes set by Quickset did not appear in export; |
| route | added options in /routing/settings to adjust check-gateway=ping timers; |
| route | fixed SNMP output for ECMP routes having interface gateways; |
| route | hide suppress-hw-offload setting from devices that do not support it; |
| route | improved stability; |
| route | improved system stability with multicast routing; |
| route | make check-gateway=ping work on p2p interface gateways; |
| route | removed /routing stats mem-blocks; |
| routerboot | fixed boot MAC for CRS305-1G-4S+ and CRS328-4C-20S-4S+ switches ("/system routerboard upgrade" required); |
| sfp | expose sfp-cmis-module-state to monitor; |
| sfp | filter out non-breakout modes for breakout modules; |
| sfp | fixed combo-mode change for CRS326-4C+20G+2Q+; |
| sfp | fixed missing link up/down notifies; |
| sfp | improved initialization and linking for 25G DAC on CRS812; |
| sfp | improved system stability with some GPON modules for CRS418, CCR2004 and CCR2116 devices; |
| sfp | recognize 40G Active Cable (XLPPI); |
| sfp | remove 40G-baseCR4, 40G-baseSR4-LR4 from sfp-supported list for qsfp28-x-3 interfaces; |
| snmp | added lldpLocChassisId OID; |
| snmp | count only "bound" leases for mtxrDHCPLeaseCount OID; |
| snmp | make lldpLocPortId and lldpLocPortDesc OIDs information consistent with LLDP TLVs; |
| ssh | renamed User SSH keys "key-owner" field to "info"; |
| ssh | "always-allow-password-login" replaced with "password-authentication" in SSH settings; |
| ssh | added support for ED25519-SK keys; |
| ssh | improved logging of failed login attempts; |
| ssh | refactored SSH service internal processes; |
| supout | added info log entry when autosupout.rif is generated; |
| switch | added dynamic "copy-to-cpu" ACL rule for loop-protecct; |
| switch | automatically add local bridge MAC to switch FDB; |
| switch | improved stability on MediaTek switch chips; |
| swos | fixed "allow-from" setting for MIPSBE devices; |
| system | added disks to /system/resource/hardware list; |
| system | fixed local update package filename generation; |
| system | fixed network header offset for interfaces with MAC (fixes VRRP Tx on IGMP snooping bridge); |
| system | fixed potential configuration loss when available disk space was insufficient; |
| system | fixed saving panic logs to autosupout.rif for ARM CRS3xx devices; |
| system | improved incoming TCP connection responsiveness; |
| system | improved system stability when processing GRE packets on TILE devices; |
| system | improved system stability when using hardware-offloaded encryption on RB3011 and hAP ac2 (introduced in v7.20); |
| system | improved system stability; |
| system | limit number of interface-lists to 244; |
| tr069-client | added LTE link recovery timer setting; |
| tr069-client | allow disabling Device.WiFi.AccessPoint; |
| traffic-generator | added support for injecting pcapng files; |
| undo | do not show internally issued commands in /system/history; |
| undo | show console commands in winbox/webfig for /system/history entries; |
| usb | LTE modem and USB-Serial Controller enumeration fix; |
| usb | support video capture devices for arm64 and x86, for passthrough to containers; |
| user-manager | added RadSec support; |
| veth | add container-mac-address setting; |
| veth | added default print brief table mode; |
| veth | added dhcp setting that allows to auto-configure IPv4 address, works when VETH is bridged with other interfaces and there is a DHCP server running somewhere on that network; |
| veth | complain immediately when VETH gateway not reachable, more detailed error message when network setup fails; |
| veth | show only when container package installed; |
| vrf | added read-only property to IPv4/IPv6 addresses, ARP and IPv6 neighbor; |
| vrf | allow setting comment on default "lo" interface; |
| vrrp | do not show "ttl not 255" warning when received VRRP VRID does not match with configured VRID; |
| vrrp | fixed gratuitous ARP being sent after VRRP is disabled (fixes packet forwarding on HW offloaded bridge after VRRP is disabled); |
| webfig | added a hint for Undo/Redo buttons; |
| webfig | added Apps menu to login; |
| webfig | added capability to check/uncheck entry tree in skin designer; |
| webfig | added Copy capability; |
| webfig | added missing PPP types to Skin Designer; |
| webfig | added TCP State column for connection tracking table; |
| webfig | check if device is still reachable before disconnect on error; |
| webfig | fixed container config memory high input; |
| webfig | fixed form closing with saving when pressing Enter key (introduced in v7.20); |
| webfig | fixed interface settings and graphs (introduced in v7.20); |
| webfig | fixed issue where routes and PIM table did not load; |
| webfig | fixed issue where Torch stops running; |
| webfig | fixed name and title store in skins; |
| webfig | fixed new item window name when using skins; |
| webfig | improved container form loading performance when router has a lot of files; |
| webfig | improved mikrotik_logo.svg; |
| webfig | increase graph width for better scaling; |
| webfig | increase maximum number size in forms; |
| webfig | make close button a button instead of link; |
| webfig | make combobox accessible to screen readers; |
| webfig | remember last user in login page; |
| webfig | turn off auto-capitalize and auto-correct for on-screen keyboards; |
| wifi | added "CAP" information field on interfaces view; |
| wifi | added CAPsMAN forwarding support (datapath.traffic-processing=on-capsman); |
| wifi | enable configuration of "3gpp-info-raw" and "realms-raw" interworking parameters; |
| wifi | fixed issue when trying to use interface as bonding slave; |
| wifi | fixed multi-passphrase usage in combination with access-list; |
| wifi | fixed possible memory leak when failing to start AP on chosen channel; |
| wifi | fixed some CAPsMAN settings to be optional; |
| wifi | improved formatting of FT request action frames; |
| wifi | improved stability when capturing data at high rates with wifi sniffer; |
| wifi | increased accounting interval, maximum client entry count for 2.4GHz probe response delay feature; |
| wifi | rename ft-wpa2-eap authentication type to "ft-eap"; |
| wifi | split access-list time property in days and time; |
| wifi-qcom | added Unsolicited BSS Transition Management Request support; |
| wifi-qcom | enable forcing RTS/CTS hardware protection modes; |
| wifi-qcom | improved default RTS/CTS policy for CPE station radios; |
| wifi-qcom | multicast-enhance will no longer apply for station mode configured devices; |
| winbox | added file selector for BTH files; |
| winbox | added support for new settings and fixed several existing ones; |
| winbox | Bandwith test, Speed test, Ping, Traceroute tools use RouterOS DNS service to resolve domain names; |
| winbox | fixed "Too many entries" not showing in WinBox v4; |
| winbox | fixed Disk iscsi/smb configuration; |
| winbox | fixed Disk NVMe-TCP configuration; |
| winbox | fixed Dude/Tools appearance after Apply action; |
| winbox | fixed graphs in some forms with big numbers; |
| winbox | fixed WinBox 3 application failure when opening IPv6/Firewall/Connection entry (introduced in v7.20); |
| winbox | hide IPv6 addresses for IP neighbors that no longer have them; |
| winbox | make multiple address fields required; |
| winbox | make separate inputs for WiFi Interworking "Authentication Types" and "Connection Capabilities" fields; |
| winbox | move VRF from Ethernet to generic Interface table; |
| winbox | restore route max object 10000 limit; |
| winbox | show warnings in Disk menu; |
| winbox | updated and shortened window titles (e.g. Address List -> Addresses); |
| wireguard | added VRF option (CLI only); |
| wireless | added last-ip parameter for the CAPSMAN registration-table tab; |
| www | added option to disable individual web services in /ip/service/webserver and IP>Services>Web Server; |
| www | improved stability (CVE-2025-10948); |
| www | removed ability to publish directories via "/files" www service; |
| Component | Change |
|---|---|
| arm64/x86/chr | added Aquantia network driver; |
| bgp | added brief, unnumbered output for advertisements list; |
| bgp | added initial EVPN support; |
| bgp | added NLRI filter for more precise accept/discard of ipv4/6 prefixes; |
| bgp | automatically create output.network blackhole routes; |
| bgp | decode and log notifications; |
| bgp | fixed nexthop force-self for IPv4 and IPv6; |
| bgp | fixed selection of received BGP VPN routes; |
| bgp | improved configuration upgrade from versions prior to 7.20; |
| bgp | improved logging; |
| bgp | introduced BGP instance configuration (note, downgrading to earlier versions without instance support may cause config issues); |
| bgp | make "as" parameter optional in template configuration; |
| bgp | print aigp attribute in advertisements; |
| bgp | refresh WinBox when BGP session is created/deleted; |
| bgp | resend routes after nexthop-choice update; |
| bgp | support for Advertising IPv4 Network Layer Reachability Information (NLRI) with an IPv6 Next Hop; |
| bridge | added dynamic tagged entry named "switch-cpu" in scenarios where the same VLAN spans multiple switch chips or is used on both HW and SW ports; |
| bridge | added verbose STP debug logging (rx/tx BPDU, edge-port and port-role transitions, FDB flush); |
| bridge | added warning log when all MACs cannot be displayed under the host table; |
| bridge | disable/enable HW offload on bonding slave disable/enable (fixes potential MAC learning issue); |
| bridge | fixed MVRP leave indication; |
| bridge | fixed port-id when adding a new port in non-primary MLAG; |
| bridge | improved stability when disabling bridge with dynamic VLANs in MSTI; |
| bridge | refactored host learning logic in MLAG setups in order to make it more robust and predictable; |
| bth | added extra file-share functionality for use with apps; |
| bth | improved tunnel name in client config export; |
| bth,file | added direct file sharing from the WinBox Files menu; |
| certificate | added "Amazon Root CA 1" to built-in root certificate authorities store; |
| certificate | fixed ACME certificate usage after renewal; |
| certificate | improved stability after failed import; |
| certificate | trust built-in root certificate authority store after configuration reset; |
| chr | added Chelsio VF driver for PCIID 5803; |
| chr | improved virtio_net performance; |
| cloud | fixed restoring "BTH Files" service after a prolonged network outage; |
| cloud | reduced "BTH Files" ping interval dynamically upon failure; |
| console | added use-tz option to :timestamp command; |
| console | fixed :convert to=num on MIPSBE; |
| console | fixed incorrect multibyte to=num conversions; |
| console | fixed issue where file completion sometimes shows duplicates; |
| console | improved stability and visuals for /interface/wireless/snooper/snoop; |
| console | improved visuals for brief print when displaying large tables; |
| console | improved visuals for hexadecimal strings; |
| console | improved visuals for hiding sensitive commands; |
| console | include flags by default when printing to value; |
| console | prioritize directory specific parameters and hide rarely used ones in print autocomplete; |
| console | replace TAB characters with spaces when editing scripts and added tab-width user configuration in /console/settings; |
| console | unified string representation of ID values; |
| console | updated hints for some /file/print parameters; |
| console | use file name completions (and basic validation) for file output related parameters for export and print commands; |
| console | validate filenames upon addition (if enabled in /console/settings); |
| container | added "device" option to pass a device from /system/hardware menu to a container; |
| container | added /container/log menu, keep 100 messages per container; |
| container | added default print brief mode; |
| container | added initial support for container in container setups; |
| container | added option to execute commands inside a container using "/container/shell cmd= user="; |
| container | added per-container memory limiting and monitoring; |
| container | added repull command; |
| container | added SCTP support; |
| container | added support for cpuset, cpu, memory, pids cgroups; |
| container | allow picking passthrough devices by descriptive name; |
| container | allow read-only mounts; |
| container | allow to mount individual files, not just directories; |
| container | allow to specify multiple envlists; |
| container | allow to use multiple veths in a container, change the in container interface name to same as in RouterOS; |
| container | can use KVM (x86 and arm64) in container QEMU for faster virtualization; |
| container | display any error prominently in WinBox; |
| container | do not allow multiple containers with same root directory; |
| container | enable check-certificate by default for new remote imports; |
| container | fixed containers that use inotify interface; |
| container | fixed environment variables not being passed to "/container/shell" properly; |
| container | fixed QEMU VM to host bridge; |
| container | fixed shell exit causing freeze; |
| container | improved compatibility when running containers with custom "cmd" and "entrypoint" commands; |
| container | improved error and log messages; |
| container | prevent user from setting "root-dir=/" for a container; |
| container | show a more descriptive error when tar extraction fails, particularly "No space left on device"; |
| container | show config.json to user; |
| container | show explicit stopped flag for container; |
| container | stability improvements; |
| container | support for direct access to hardware devices; |
| container | terminate containers on shutdown, allow them to clean up properly; |
| dhcp | show error only after interface status is synced with the system (instead of erroneously displaying it immediately); |
| dhcp-client | show warning if DHCP client is configured on dot1x server port; |
| dhcp-server | do not show "I" flag when server is disabled; |
| dhcp-server | improved logging when dual-stack is enabled but fails to acquire client MAC from DUID; |
| dhcpv4-client | allow specifying DSCP of outgoing packets; |
| dhcpv4-client | allow specifying vlan-priority of outgoing packets (for VLAN interfaces only); |
| dhcpv4-client | show "custom-hostname-suffix" and "custom-source-mac-address" properties if set; |
| dhcpv4-server | added "add dns" step to setup wizard; |
| dhcpv4-server | added "lease-agent-circuit-id" and "lease-agent-remote-id" variables to the lease script; |
| dhcpv4-server | added "ntp-none" parameter; |
| dhcpv4-server | changed the default value of address-pool to "static-only" in the option matcher, removed "none" option; |
| dhcpv4/v6-client | properly resume client service after underlying interface status changes; |
| dhcpv4/v6-server | added CoA support; |
| dhcpv6-client | added "accept-prefix-without-address" allowing client to accept prefix when address is not available although requested; |
| dhcpv6-client | update the routing table and address list on manual client configuration changes; |
| dhcpv6-server | added "ignore-ia-na-bindings" setting that allows server to ignore address requests and work just with prefixes; |
| dhcpv6-server | do not trim real client DUID when assigning it to the binding; |
| discovery | disable discovery on loopback, LTE, ppp-out interfaces; |
| discovery | improved LLDP Power via MDI TLV with 802.3bt specific field support; |
| discovery | output LLDP fault message once per port poe-out status change; |
| discovery | report router as "CAPsMAN" on MNDP under "running" parameter; |
| discovery | set initial poe-out Tx power above 0dW; |
| disk | allow to format multiple disks at once; |
| disk | allow to remove Btrfs device by ID; |
| disk | better manage disks disappearing from RAID; |
| disk | cleanup mountpoint when setting mount-filesystem=no; |
| disk | disallow adding SMB share or user with empty name; |
| disk | do Btrfs remove-device asynchronously; |
| disk | offer to blink only PCI slots in console; |
| disk | rename raid-role=unspecified to spare; |
| disk | reset RAID role of old disk after spare assumes a new role; |
| disk | show error when file based block-device uses a mountpoint to be unmounted; |
| disk | show total/free inode counts for fs's that support it; |
| dlna | recognize flac extension; |
| dns | fixed memory leak when static CNAME record was matched; |
| fetch | display file sizes between 1-1023 bytes as 1KiB (instead of 0KiB); |
| fetch | include RouterOS version in the "User-Agent" field; |
| file | improved file handling performance in WinBox v4; |
| filesystem | improved calculation of free space on NAND flash (fixes potential "disk is too small" issue); |
| firewall | added "liberal-tcp-tracking" connection tracking setting; |
| firewall | added connection tracking "total-ip4-entries" and "total-ip6-entries" counters; |
| firewall | allow "dst-limit" matcher to work properly above value 10000; |
| firewall | fixed IPv6 firewall interface matchers not matching VRF interfaces; |
| firewall | improved IPv6 connection tracking lookup responsiveness; |
| firewall | improved system stability when processing connections on multicore systems; |
| firewall | reorganized firewall connection tracking table values and make them persistent between IPv4 and IPv6; |
| flashfig | bind to local address (fixes issue when multiple interfaces are enabled); |
| iot | added additional dongle firmwares to iot-bt-extra package; |
| iot | added an option to increase the amount of LoRa's traffic entries displayed; |
| iot | added support for MQTT last will message; |
| iot | adjusted default LoRa antenna gain values for specific devices; |
| iot | fixed an issue where channel #7 is ignored during LoRa LNS connection; |
| iot | fixed logic for unknown NetIDs; |
| iot | fixed support for LoRa Alliance NetID list; |
| iot | improved LoRa stability and error recovery; |
| iot | improvement to LoRa band verification logic; |
| iot | iot-bt-extra package stability improvement and additional dongle support; |
| iot | LoRa netid filters now can be configured as a "range"; |
| iot | LoRa server list is no longer generated if the LR card is not physically attached; |
| iot | LR8G/9G firmware update; |
| iot | removed lora-package, LoRa functionality was moved into iot-package; |
| iot | removed non-existent GPIO pin functionality; |
| ip | added socksify feature and new NAT action "socksify"; |
| ip-service | show service name "nfs" for port 2049; |
| ipsec | fixed degraded IPsec performance for IPQ-6010 (introduced in v7.17); |
| ipsec | move raw RSA keys to /ip/ipsec/key/rsa; |
| ipv6 | added support for IPv6 ND proxying of individual addresses; |
| ipv6 | do not allow removal of dynamic address on lo interface; |
| ipv6 | fixed "auto-link-local" feature on WireGuard interface; |
| ipv6 | make pref-src work and settable for static routes; |
| isis | added passive parameter for interface templates; |
| log | added command to clear memory action entries; |
| log | improved the "transmit loop detected" warning log; |
| lte | added "done" status for modem firmware-upgrade version check; |
| lte | added "remove-sent-sms-after-send" option to automatically delete sent SMS messages; |
| lte | added log entry if eSIM has no profiles on read; |
| lte | added modem-init string response to system log; |
| lte | added passthrough support for RG650E-EU modem; |
| lte | added show-capabilities eSIM presence detection for MBIM modems; |
| lte | allow only one IPv6 APN for AT modems; |
| lte | display ICCID regardless of SIM PIN entry status; |
| lte | do not reconfigure modem if deactive eSIM profile is deleted; |
| lte | exempt eSIM provision from global CRL certificate settings; |
| lte | exit LTE scan if modem reconfigured; |
| lte | fallback to RA for global IPv6 if unattained via AT channel (resets on config change); |
| lte | fixed inappropriate LTE interface inactive flag shown during modem initialization; |
| lte | fixed modem recovery on unexpected modem reboot for Chateau 5G and Chateau 5G R16; |
| lte | fixed progress message for R11e-LTE modem firmware-upgrade; |
| lte | fixed rare case where AT dialer could stop; |
| lte | improved EC200A-EU firmware-upgrade stability; |
| lte | improved SMS sending stability over MBIM protocol; |
| lte | refresh eSIM profile list after successful provision; |
| lte | renamed "uicc" to "iccid" in LTE monitor and eSIM profile print; |
| lte | show ip-type in /interface/lte/apn/print; |
| lte | use modem-supplied IPv6 address over EUI-64 when available; |
| macvlan | allow creating macvlan interfaces on all interfaces with a MAC address; |
| mpls | fixed minimal dynamic-label-range setting; |
| net | fixed possible slave flag issues after user configuration changes; |
| net | improved system stability when processing TCP/UDP connections; |
| net | prevent removal of lo interface via WinBox; |
| netinstall | added after-install controls (reboot after installation, shutdown after installation, none); |
| netinstall | alert on unreadable configuration scripts; |
| netinstall | detect inactive install interface; |
| netinstall | fixed install for PPC devices; |
| netinstall | fixed mutually exclusive checkbox behavior; |
| netinstall | show router and package architecture; |
| netinstall | warn user if not enough space on device; |
| netinstall-cli | added MAC filter option "--mac"; |
| netinstall-cli | added multiple install option "-m"; |
| netinstall-cli | improved client device architecture detection; |
| netwatch | added "early-success-detection" and "early-failure-detection" properties for ICMP probe; |
| netwatch | fixed date and time for stats; |
| ovpn | added support for sha384 hmac; |
| ovpn | improved tunnel setup speeds in configurations with large ammount of active OVPN clients; |
| partitions | fixed failure to repartition correctly from 32MB partition size; |
| partitions | hide partition menu on unsupported boards (without NAND); |
| partitions | limit minimal partition size to 60MB; |
| poe-out | added support for line-interactive and offline UPS on CRS320; |
| poe-out | firmware update for 802.3at capable boards (the update will cause brief power interruption to poe-out interfaces); |
| poe-out | firmware update for 802.3bt capable boards (the update will cause brief power interruption to poe-out interfaces); |
| poe-out | improved dual-signature detection on CRS320; |
| poe-out | improved short-circuit detection and reporting on CRS320; |
| poe-out | increased maximum power margin for all classes on CRS320; |
| port | added IPv6 support for "remote-access" tool; |
| port | improved port status handling at unexpected device removal; |
| ppp | added "dhcpv6-use-radius" PPP profile feature that enables "use-radius" option on dynamically created DHCPv6 servers; |
| ppp | added "remote-ipv6-prefix-reuse" PPP profile feature that allows to advertise same prefix on multiple VPN clients at the same time; |
| ppp | added DHCPv6 assigned prefix to address list when configured and received from RADIUS; |
| ppp | added dhcpv6-lease-time profile configuration property; |
| ppp | do not send initial echo request if keepalive-timeout=disabled; |
| ppp | improved system stability when closing connections; |
| pppoe-server | added accept-untagged=yes/no option to accept untagged traffic in combination with pppoe-over-vlan-rage property; |
| ptp | added PTP support for RDS2216 device; |
| ptp | removed delays between timestamping and packet transmission, improving PTP precision; |
| qos-hw | added mirror-buffers property and monitoring values; |
| radius | fixed issue with Session-Timeout attribute functionality; |
| romon | changed default "disabled=yes" to "disabled=no" under /tool/romon/port; |
| romon | improved error message; |
| route | added missing and remove unnecessary parameters from /ipv6/route menu; |
| route | afi naming consistency in logs; |
| route | attempt to clean up stuck routes in the routing table; |
| route | do not allow to modify dynamic routes; |
| route | fixed incorrectly set nexthop interfaces for BGP VPN routes; |
| route | fixed issue when route table is installed to kernel without fib setting; |
| route | fixed skipping updated destinations; |
| route | improved stability; |
| route | removed fib-reinstall; |
| route | update router ID when disabled address is removed; |
| routerboot | fixed boot MAC for CRS212 switch ("/system routerboard upgrade" required); |
| routing-filter | added filter-wizard (filter generator with v6-like syntax); |
| routing-filter | added sync command; |
| routing-filter | make "chain" and "list" parameters required when adding new item; |
| sfp | fixed low power mode pins on CRS326-4C+20G+2Q+ for optical QSFP modules; |
| sfp | fixed qsfp28 breakout disable; |
| sfp | improved initialization and linking for sfp28 on CRS518; |
| sfp | improved SFP handling for CRS418 device; |
| sfp | improved system stability with some GPON modules for CCR2004 and CCR2116 devices; |
| smips | reduced package size, removed hotspot feature and provide it as a separate package; |
| sniffer | added CPU number and fast-path status in per-packet comment; |
| sniffer | save packets in pcapng format, it now includes interface name the packet was sniffed on, packet direction and nanosecond timestamp resolution; |
| snmp | added SNMP OIDs for firewall connection tracking "total-entries", "total-ip4-entries" and "total-ip6-entries"; |
| snmp | improved service stability when processing v3 requests; |
| snmp | set maximum message size to 4 KB; |
| ssh | improved stability on busy server; |
| ssh | show user public key fingerprint under /user/ssh-keys; |
| ssh/sftp | fixed session disconnects during file transfer; |
| ssl/tls | fixed SSL looping behavior when multiple different TLS connections were used; |
| supout | added certificate settings section; |
| supout | added IP Service section; |
| supout | added MPLS settings section; |
| supout | added VXLAN VTEP section; |
| switch | fixed bonding MAC flush in certain cases for 98DX224S, 98DX226S, 98DX2528, and 98DX3236 switch chips; |
| switch | fixed egress-rate on QSFP ports; |
| switch | fixed port blocking by MSTP for 88E6393X, 88E6191X and 88E6190 switches; |
| switch | hide cpu-flow-control on irrelevant devices; |
| switch | improved bond MAC flush for 88E6393X, 88E6191X and 88E6190 switches; |
| switch | improved hash calculation for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98CX8410 switches (affects load balancing for bonds, ECMP routes, and VXLAN source port); |
| switch | improved ingress-rate limit precision for 88E6393X, 88E6191X and 88E6190 switches; |
| switch | reset all Ethernet counters on reset-counters command on QoS Port menu; |
| switch | rework ethernet counters for 98DXxxxx, 98PX1012 and CRS1xx/2xx switches (add tx-drop-queueX-byte/packet, tx-drop-byte/packet, tx-queueX-byte to /in/eth and updated GUI); |
| system | added support for OpenFlow 1.3 (new package "openflow" available); |
| system | do not automatically retry in case /system/package/update download fails; |
| system | fixed bb-upgrade failure on RB5009; |
| system | fixed certain notifications (e.g. kid-control activity, connection tracking table) (introduced in v7.17); |
| system | fixed stuck TCP transmit on virtual interfaces, leading to retransmits; |
| system | improved system configuration journaling procedure; |
| system | improved system stability for hEX refresh and hEX S (2025); |
| system | improved system stability when processing large amount of traffic; |
| system | merge /system/resource/usb and /system/resource/pci into /system/resource/hardware and create a device tree; |
| usb | improved system stability after unplugging USB device for RB5009; |
| user | added tiny delay on any user login attempt to limit login attempts; |
| user | change /user/active/request-logout to /user/active/remove; |
| veth | added dhcp=yes/no property to be able to easily run a container in LAN, runs a special dynamic dhcp-client on interface and sets acquired address/gateway/dns to in-container interface; |
| veth | added mac-address property; |
| veth | make veth interface MAC address stable in both RouterOS and container (container-side MAC incremented by +1 from RouterOS-side interface); |
| vrrp | added "connection-tracking-port" and "connection-tracking-mode" settings for "sync-connection-tracking"; |
| vrrp | added proxy-arp support; |
| vrrp | fixed invalid TCP connection state after failover with enabled sync-connection-tracking; |
| vrrp | fixed sync-connection-tracking issue when parent interface is disabled/enabled; |
| vrrp | improved responsiveness when router has many IP addresses depending on VRRP state; |
| vrrp | improved stability when removing VRRP interface with enabled sync-connection-tracking; |
| vrrp | make MTU property read-only; |
| vxlan | added checksum and learning properties; |
| vxlan | fixed unset behavior for "local-address" and "bridge" properties; |
| vxlan | prevent socket sharing (cannot create multiple VXLAN interfaces using the same UDP port with different checksum or vtep-vrf settings); |
| vxlan | rename "vrf" setting to "vtep-vrf"; |
| webfig | added token authentication (no password prompt on reload or new window, logout button will log out all related sessions, removing a user will disconnect from active sessions); |
| webfig | allow network map scrolling in Dude; |
| webfig | basic mobile keyboard support for terminal; |
| webfig | do not show Keepalive if not set in GRE Tunnel form; |
| webfig | filter out unusable Bands and Channels for wifi interfaces; |
| webfig | fixed an issue where dynamic dropdown lists were hidden despite having values; |
| webfig | fixed container parameters; |
| webfig | fixed hiding New button with skins; |
| webfig | fixed issue where legacy WebFig login page was used; |
| webfig | fixed skin limits for radio buttons; |
| webfig | fixed Target field duplicate when disabling simple queue; |
| webfig | improved stability when displaying read-only scripts; |
| webfig | make columns a bit wider in tables; |
| webfig | make the Close buttons actual buttons, not links; |
| webfig | mask certain fields where values match default value; |
| webfig | redesign logical "not" operator selector; |
| webfig | remove duplicate flag labels in QuickSet tables; |
| webfig | show system note on login; |
| webfig | use lexicographical sort in dropdown lists; |
| webfig | use time stamps for volatile graphs (improved graph visualization); |
| wifi | added tr069 support for wifi interfaces; |
| wifi | avoid picking 5GHz channels by default which are unlikely to be supported by clients, can be overridden with channel.deprioritize-unii-3-4; |
| wifi | fixed inability to apply steering profile to device's native wifi interfaces; |
| wifi | fixed issue where station mode looped connecting to the same BSSID, preventing switching to other APs; |
| wifi | increased wifi scan list; |
| wifi | restart CAPsMAN only on significant configuration changes; |
| wifi-qcom | accept VLAN-tagged packets from clients with vlan-id; |
| wifi-qcom | added country profile "UK 5.8 fixed" and "ETSI 5.5-5.7 Outdoor"; |
| winbox | added "Digest Algorithm" under "System/Certificates" menu; |
| winbox | added "Note" field in LTE Firmware Upgrade; |
| winbox | added "Reselect Time" for wifi; |
| winbox | added Address List Extra Time under "IP/DNS" menu; |
| winbox | added EAP identity under "WiFi/Registration" menu; |
| winbox | added Heartbeat under "Bridge/MLAG" menu; |
| winbox | added Installation under "WiFi" menu; |
| winbox | added missing columns under "System/Users/SSH Keys" menu; |
| winbox | added missing Comments under "User Manager" menus; |
| winbox | added missing properties to "Container" menu and improved field ordering; |
| winbox | added missing WPA2 PSK SHA2 option under "WiFi/Security" menu; |
| winbox | added MPLS Mangle; |
| winbox | added option to create new entries under "System/Users/SSH Keys" menu; |
| winbox | allow to specify CAPsMAN Address as IPv6 LL; |
| winbox | bump minimal WinBox version to 3.42; |
| winbox | correctly unset Locked CAPsMAN field; |
| winbox | differentiate PPP Profile Rx/Tx Queue settings; |
| winbox | display errors from the "Files/Sync" menu; |
| winbox | fixed "Rate" and "Full Duplex" monitor values after link down under "Interface/Ethernet" menu; |
| winbox | fixed container RAM parameter type; |
| winbox | fixed missing warning under "Routing/BGP/Instances" menu; |
| winbox | fixed Record Type field under "Tools/Netwatch" menu; |
| winbox | improved byte type field representation; |
| winbox | improved Switch QoS layout; |
| winbox | make IPv6 Immediate Gateway read-only; |
| winbox | make log message field as multiline; |
| winbox | move CAPsMAN settings button from Remote CAP to WiFi table; |
| winbox | removed duplicate mounts option; |
| winbox | rename Ping Timeout field to Interval; |
| winbox | rename SMS Type field to Modem Type; |
| winbox | rework LTE firmware upgrade buttons into one window; |
| winbox | show "Switch" related menus only on boards that support such features; |
| winbox | show all columns under "System/Users/SSH Keys" menu by default; |
| winbox | use same WireGuard default values as in console; |
| wireguard | fixed minor memory leak when IPv6 is disabled; |
| wireguard | improved system stability on busy devices; |
| wireless | changed CLI snooper column name "freq" to "channel"; |