MikroTik Changelogs
← Back to search All versions

Version: 7.21beta2

Testing

334 changelog entries across 77 component(s)

2025-Oct-06 (6 months ago)

Component Change
arm64 allow enabling receive packet steering on /system/resource/irq/rps menu in order to overcome unbalanced CPU load;
bgp added output.network-blackhole setting;
bgp allow duplicate router-ids for eBGP sessions (RFC-6286);
bgp always advertise extended nexthop cap for all supported address families;
bgp do not allow iBGP with non-equal ASNs;
bgp do not auto-generate blackhole routes by default (introduced in v7.20);
bgp fixed inactive flag in GUI after instance disable/enable;
bgp fixed route refresh subcode 0 warning;
bgp fixed selection of received BGP VPN routes;
bgp implement RFC 9234 route leak prevention and detection using roles;
bonding added lacp-system-id and lacp-system-priority settings;
bonding fixed lacp-mode=passive;
bonding improved stability for 802.3ad LACP;
bridge fixed filter and NAT matching with "mac-protocol=length";
bridge fixed missing local MAC after changing protocol-mode setting;
bridge fixed static host and MDB entry updates on VLAN add/remove;
bridge improved DHCP Option 82 values (circuit-id:"interface-name:vid", remote-id:"bridge MAC address");
bridge improved stability after failed protocol-mode=mstp change;
bth added file-share link preview;
bth fixed big file upload;
bth fixed file-share expire after reboot;
certificate added SHA384, SHA512 support for SCEP;
certificate allow ca-crl-host parameter for issued certificates;
certificate improved Let's Encrypt logging;
certificate on certificate import, added the "issued" flag if the certificate store contains the imported certificate's CA and its private key;
certificate refactored Certificate internal processes;
chr fixed guest OS type "Other Linux (64-bit)";
console added "mvrp" to mac-protocol setting;
console added changelog to /system/package/update/check-for-updates;
console added delimiter parameter to :toarray command;
console added reset command to settings directories;
console added sensitive flag to QR code in WireGuard "show-client-config";
console added show-sensitive option for print command, hide sensitive settings in print output by default;
console do not set values when "setup" command is interrupted;
console fixed :convert from=num on MIPSBE;
console fixed ".id" printing when using "group-by" (introduced in v7.20);
console fixed "special-login" setting incorrect channel;
console fixed autocomplete in fullscreen editor to append tabs, spaces, etc;
console fixed ip6-prefix visual representation;
console fixed relative path printing (introduced in v7.20);
console improved help for address arguments;
console improved printing visuals (column layout and paging);
console improved stability;
console remove unnecessary commands from /ip/hotspot/active menu;
console removed /quickset menu;
console return error values for certain commands if action failed (e.g. /system/routerboard/upgrade);
console show fullscreen script editor completions above hintbar;
console updated "Change your password" to "Change your password (Ctrl-C to skip)";
container added "/app" menu for simple containerized app installation (requires "container" package);
container added CPU usage;
container added hosts setting;
container added kill command to send signals (CLI only);
container added option to limit CPUs used by containers;
container added root dir size;
container added run command to allow interactive mode (CLI only);
container added stop-time setting;
container added update command (CLI only);
container allow to configure extra ENV variables directly in container;
container allow to disable/enable envs and mounts;
container allow to specify mounts directly in container;
container calculate volume sizes;
container convert container mounts setting to mountlists, old mount name becomes list name, list name can map to multiple mounts;
container enable relevant kernel features to support more container apps;
container fixed error for starting container which consists of large number of layers;
container fixed extract issues;
container fixed VETH when using long interface name;
container have per container layer-dir setting to be able to have separate layer stores for different sets of containers;
container improved stability and fixed other issues;
container show detailed import status, helps understand long imports;
container show image-id field (CLI only);
container store image import data (allows keeping container after netinstall);
detnet do not try detection on slave interfaces;
detnet fixed unnecessary process starting even when feature is not enabled;
dhcp allow to set other gateway types not just IP for dhcp lease "routes" parameter;
dhcp-server added "support-broadcom-tr101" setting to pass additional Option 82 suboptions to RADIUS server;
dhcp6-server attempt to extract MAC from DUID for dual-stack purposes when client uses DUID-EN type of DUID;
dhcpv4-client don't stop client on unsuccessful client option value change;
dhcpv4-server added setting allowing to select client-id, MAC address or both for dynamic lease addition;
dhcpv4-server improved logging;
dhcpv4-server improved setup wizard prompts relating to DNS;
dhcpv4-server respond with hlen 0 when htype is 8;
dhcpv4-server send RADIUS Accounting Stop messages when interim-update is zero;
dhcpv6 improved console hints;
dhcpv6-client do not show I flag for disabled client;
dhcpv6-client fixed misleading "couldn't acquire address, continue with prefix only" error when prefix is not even requested;
dhcpv6-relay added "about" error message option;
dhcpv6-relay enable configuration of options that are added to relayed DHCPv6 requests;
dhcpv6-server added accounting to use-radius setting, similar to DHCPv4 server;
dhcpv6-server improved event logging messages;
dhcpv6-server improved service stability when receiving DHCP requests for PPP service clients without included IA_PD;
dhcpv6-server include traffic usage statistics when accounting is stopped due to binding expiry and removal;
discovery correctly report PoE dual signature per-pair class;
discovery fixed MNDP IPv6 status reporting;
discovery send out neighbor discovery immediately on IPv4/IPv6 changes;
disk added nvme-tcp-server-nqn setting to be able to explicitly configure NQN, will default to "nqn.2000-02.com.mikrotik:slot" for new configurations;
disk allow ":" and "." in slot name;
disk allow only lowercase chars in iscsi-server-iqn;
disk allow to have type=file devices without rose-storage (needed for file based swap);
disk allow to set smb-share only for type=smb;
disk consolidate client states into single field, as each item can be only one type of "client";
disk do not allow setting raid-master when have filesystem;
disk do not allow starting Btrfs replace when replace is suspended;
disk do not delete partition configs on device remove and eject (fixes lost config with unstable hardware);
disk fixed for SMB mount to be writable by container;
disk fixed iscsi client;
disk fixed iscsi export disable;
disk fixed issue with double "/" in SMB share path for some clients;
disk fixed SATA eject/scan;
disk fixed write RAID superblock;
disk improved cleanup order to avoid waiting for timeouts on shutdown;
disk improved RDS2216 SATA controller;
disk improved system stability;
disk rename nvme-tcp client name to nqn everywhere symmetrically with server;
disk show NVMe critical warnings;
disk unshare iscsi and nfs client/server ids, add iscsi-server-iqn;
disk update interface type/speed after scan;
disk use default label when nothing specified when formatting from WinBox;
dns added VRF support for ":resolve" command;
dns added VRF support for DNS servers;
email return all errors to console when executed from console;
eoipv6,gre6,ipip6 added "dont-fragment" setting and allow packet fragmentation for packet sizes exceeding underlay interface MTU;
ethernet added "unsupported speed" for forced 1Gbps modes;
ethernet change default L2MTU 1518 to 1596 for RB5009;
ethernet fixed 2.5G-baseT link-partner-advertising on RB5009, hAP ax3, Chateau ax devices;
evpn fixed Ethernet Segment (ES) routes;
fetch added "http-percent-encoding" parameter;
fetch fixed http headers appearance when received payload is empty;
fetch send http-data for any http method;
file distinguish empty mount points from disks;
firewall added "h" flag indicating that firewall service helper is applied for particular connection;
firewall added support for TOS/mask matching for raw rules;
firewall fixed hotspot value loss on rule enable/disable;
firewall fixed strip-ipv4-options always passthrough;
firewall hide hw-offload setting from devices that do not support it;
firewall improved system stability and memory allocation when using firewall services;
firewall make hw-offload=yes default setting in /ip/firewall/filter menu;
firewall use the highest TTL as timeout value for domain address list entries if multiple domain names resolve to same IP;
health upgraded fan controller firmware to latest version;
hotspot added TOTP support for local hotspot users;
hotspot improved system stability;
ike2 adapt rekey procedure for compatibility with Libreswan;
iot added mqtt disconnect/connect GUI options;
ip-service do not duplicate entries for containers running in same netns;
ip-settings limit IPv4/IPv6 max-neighbor-entries maximum value;
ippool6 added "Valid Lifetime" and "Preferred Lifetime" options and use them when constructing IPv6 address;
ippool6 fixed minor memory leak;
ippool6 log address removal;
ippool6 take into account "subnet-id" when specified on address;
ipsec fixed CHACHA20 typo in log messages;
ipsec support Post-Quantum Pre-shared Key (PPK) with QKD integration;
ipv6 added "none" option for IPv6/ND/Prefix when advertising just options, not prefix;
ipv6 added "self" option for IPv6/ND DNS advertise settings;
ipv6 allow to specify on which interfaces to accept Router-Advertisements;
ipv6 do not disable/enable Router-Advertisements functionality based on IPv6/ND configuration;
ipv6 remove SLAAC installed DNS server and route on expire;
isis improved stability;
l3hw added per-VLAN "l3-hw-offloading" setting and "H" flag for /intervace/vlan menu;
l3hw display warning when partial offloading is active (suggest users to use suppress-hw-offloading to control which routes gets HW offloaded and which are CPU processed);
l3hw fixed partial offloading with /31 routes;
l3hw fixed per-VLAN counters when packets are going through CPU;
l3hw fixed VLAN and VXLAN counters for CRS520 device;
l3hw improved stability and performance during L3HW enable with many routes;
l3hw improvements and optimizations for IPv4 /32 and IPv6 /128 route offloading;
l3hw prioritize local IP address over ARP/neighbor entry with same IP (fixes incorrect packet flow);
log fixed ISO8601 time format;
log fixed remote logging on remote-protocol configuration change;
log fixed unnecessary file creation when configuring a disabled log action with "target=disk";
log hide irrelevant log action parameters;
log limit firewall log prefix length;
log limit log socket buffer memory size;
lte added "force-delete" command to allow deletion of active eSIM profiles;
lte added additional logging for error reported by modem during APN profile setup;
lte added command to send out EUICC generated notifications manually;
lte added confirmation prompt when deleting eSIM profile (CLI only);
lte added support for additional D-Link DWM-222 variation (vendor-id="0x2001" device-id="0x7e46");
lte added support for additional Huawei E3372-325 variation (vendor-id="0x3566" device-id="0x2001");
lte added support for R11e-LTE6 v039 firmware release and availability notification;
lte ask for user confirmation before installing eSIM profile (CLI only);
lte clear SIM not present error when performing modem FW upgrade;
lte discontinued support for RBSXTLTE3-7, further versions will use v7.20 LTE firmware package;
lte fixed cases where LTE monitor could show abnormalities;
lte fixed issue with firmware update for FG621-EA modem;
lte force sms-protocol to AT for FG621-EA modem;
lte improved AT modems at-chat control channel handling after modem has closed AT channel unexpectedly;
lte improved modem recovery for Chateau 5G and Chateau 5G R16;
lte improved stability for FG621-EA modem;
lte improved system stability when receiving SMS messages;
lte relay EUICC generated notifications after profile enable/disable/remove/provision;
lte rework multiapn support for AT modems;
lte unify "SIM not present" status for all modems;
macsec work on hardware-offloaded support (available only on QCA8081 PHY: RB5009, hAP ax3, Chateau ax ether1 port);
media fixed console autocomplete for path parameter;
mpls fixed LDP filter upgrade from v6 where neighbor parameter is not specified;
mpls fixed LDP label binding if nexthop is link-local address;
netinstall fixed install with old RouterBOOT;
ospf changed nssa-translator default value from no to candidate;
ospf improved stability;
ospf show interface as separate prop for interface and neighbor;
ovpn-server added support for pushing IPv6 routes;
poe-out added input name hint to poe max-power settings;
poe-out added LED blink on error for RB5009;
poe-out firmware update for 802.3at capable boards (the update will cause brief power interruption to poe-out interfaces);
poe-out firmware update for 802.3bt capable boards (the update will cause brief power interruption to poe-out interfaces);
poe-out improved firmware update stability;
poe-out improved power-on mechanism for 802.3at capable boards;
port added comment for /port/remote-access (CLI only);
port added support for additional baudrates for USB to serial adapters;
port do not show serial port for ATL 5G R16;
port fixed export for default serial port name;
port give "gps" prefix for R11e-LR8G and R11e-LR9G GPS ports;
qos-hw added "default" flags to default entries;
qos-hw added "mirror-profile" which allows to select profile (traffic-class) for mirrored traffic;
qos-hw always show usage and PFC counters, even when they are zero (CLI only);
qos-hw fixed counters for ports that are configured with "offline" tx-manager;
qos-hw fixed profile add/remove for CRS812;
qos-hw fixed shared-pools for CRS812;
qos-hw remove unnecessary "offline" tx-manager for CRS812 (not supported by hardware);
queue improved system stability when using SFQ kind of queues;
quickset fixed issue where routes set by Quickset did not appear in export;
route added options in /routing/settings to adjust check-gateway=ping timers;
route fixed SNMP output for ECMP routes having interface gateways;
route hide suppress-hw-offload setting from devices that do not support it;
route improved stability;
route improved system stability with multicast routing;
route make check-gateway=ping work on p2p interface gateways;
route removed /routing stats mem-blocks;
routerboot fixed boot MAC for CRS305-1G-4S+ and CRS328-4C-20S-4S+ switches ("/system routerboard upgrade" required);
sfp expose sfp-cmis-module-state to monitor;
sfp filter out non-breakout modes for breakout modules;
sfp fixed combo-mode change for CRS326-4C+20G+2Q+;
sfp fixed missing link up/down notifies;
sfp improved initialization and linking for 25G DAC on CRS812;
sfp improved system stability with some GPON modules for CRS418, CCR2004 and CCR2116 devices;
sfp recognize 40G Active Cable (XLPPI);
sfp remove 40G-baseCR4, 40G-baseSR4-LR4 from sfp-supported list for qsfp28-x-3 interfaces;
snmp added lldpLocChassisId OID;
snmp count only "bound" leases for mtxrDHCPLeaseCount OID;
snmp make lldpLocPortId and lldpLocPortDesc OIDs information consistent with LLDP TLVs;
ssh renamed User SSH keys "key-owner" field to "info";
ssh "always-allow-password-login" replaced with "password-authentication" in SSH settings;
ssh added support for ED25519-SK keys;
ssh improved logging of failed login attempts;
ssh refactored SSH service internal processes;
supout added info log entry when autosupout.rif is generated;
switch added dynamic "copy-to-cpu" ACL rule for loop-protecct;
switch automatically add local bridge MAC to switch FDB;
switch improved stability on MediaTek switch chips;
swos fixed "allow-from" setting for MIPSBE devices;
system added disks to /system/resource/hardware list;
system fixed local update package filename generation;
system fixed network header offset for interfaces with MAC (fixes VRRP Tx on IGMP snooping bridge);
system fixed potential configuration loss when available disk space was insufficient;
system fixed saving panic logs to autosupout.rif for ARM CRS3xx devices;
system improved incoming TCP connection responsiveness;
system improved system stability when processing GRE packets on TILE devices;
system improved system stability when using hardware-offloaded encryption on RB3011 and hAP ac2 (introduced in v7.20);
system improved system stability;
system limit number of interface-lists to 244;
tr069-client added LTE link recovery timer setting;
tr069-client allow disabling Device.WiFi.AccessPoint;
traffic-generator added support for injecting pcapng files;
undo do not show internally issued commands in /system/history;
undo show console commands in winbox/webfig for /system/history entries;
usb LTE modem and USB-Serial Controller enumeration fix;
usb support video capture devices for arm64 and x86, for passthrough to containers;
user-manager added RadSec support;
veth add container-mac-address setting;
veth added default print brief table mode;
veth added dhcp setting that allows to auto-configure IPv4 address, works when VETH is bridged with other interfaces and there is a DHCP server running somewhere on that network;
veth complain immediately when VETH gateway not reachable, more detailed error message when network setup fails;
veth show only when container package installed;
vrf added read-only property to IPv4/IPv6 addresses, ARP and IPv6 neighbor;
vrf allow setting comment on default "lo" interface;
vrrp do not show "ttl not 255" warning when received VRRP VRID does not match with configured VRID;
vrrp fixed gratuitous ARP being sent after VRRP is disabled (fixes packet forwarding on HW offloaded bridge after VRRP is disabled);
webfig added a hint for Undo/Redo buttons;
webfig added Apps menu to login;
webfig added capability to check/uncheck entry tree in skin designer;
webfig added Copy capability;
webfig added missing PPP types to Skin Designer;
webfig added TCP State column for connection tracking table;
webfig check if device is still reachable before disconnect on error;
webfig fixed container config memory high input;
webfig fixed form closing with saving when pressing Enter key (introduced in v7.20);
webfig fixed interface settings and graphs (introduced in v7.20);
webfig fixed issue where routes and PIM table did not load;
webfig fixed issue where Torch stops running;
webfig fixed name and title store in skins;
webfig fixed new item window name when using skins;
webfig improved container form loading performance when router has a lot of files;
webfig improved mikrotik_logo.svg;
webfig increase graph width for better scaling;
webfig increase maximum number size in forms;
webfig make close button a button instead of link;
webfig make combobox accessible to screen readers;
webfig remember last user in login page;
webfig turn off auto-capitalize and auto-correct for on-screen keyboards;
wifi added "CAP" information field on interfaces view;
wifi added CAPsMAN forwarding support (datapath.traffic-processing=on-capsman);
wifi enable configuration of "3gpp-info-raw" and "realms-raw" interworking parameters;
wifi fixed issue when trying to use interface as bonding slave;
wifi fixed multi-passphrase usage in combination with access-list;
wifi fixed possible memory leak when failing to start AP on chosen channel;
wifi fixed some CAPsMAN settings to be optional;
wifi improved formatting of FT request action frames;
wifi improved stability when capturing data at high rates with wifi sniffer;
wifi increased accounting interval, maximum client entry count for 2.4GHz probe response delay feature;
wifi rename ft-wpa2-eap authentication type to "ft-eap";
wifi split access-list time property in days and time;
wifi-qcom added Unsolicited BSS Transition Management Request support;
wifi-qcom enable forcing RTS/CTS hardware protection modes;
wifi-qcom improved default RTS/CTS policy for CPE station radios;
wifi-qcom multicast-enhance will no longer apply for station mode configured devices;
winbox added file selector for BTH files;
winbox added support for new settings and fixed several existing ones;
winbox Bandwith test, Speed test, Ping, Traceroute tools use RouterOS DNS service to resolve domain names;
winbox fixed "Too many entries" not showing in WinBox v4;
winbox fixed Disk iscsi/smb configuration;
winbox fixed Disk NVMe-TCP configuration;
winbox fixed Dude/Tools appearance after Apply action;
winbox fixed graphs in some forms with big numbers;
winbox fixed WinBox 3 application failure when opening IPv6/Firewall/Connection entry (introduced in v7.20);
winbox hide IPv6 addresses for IP neighbors that no longer have them;
winbox make multiple address fields required;
winbox make separate inputs for WiFi Interworking "Authentication Types" and "Connection Capabilities" fields;
winbox move VRF from Ethernet to generic Interface table;
winbox restore route max object 10000 limit;
winbox show warnings in Disk menu;
winbox updated and shortened window titles (e.g. Address List -> Addresses);
wireguard added VRF option (CLI only);
wireless added last-ip parameter for the CAPSMAN registration-table tab;
www added option to disable individual web services in /ip/service/webserver and IP>Services>Web Server;
www improved stability (CVE-2025-10948);
www removed ability to publish directories via "/files" www service;