MikroTik Changelogs
← Back to search All versions

Version: 7.22

Stable

308 changelog entries across 72 component(s)

2026-Mar-09 (1 month ago)

Component Change
app added configurable app-store URL for custom apps;
app added health check for apps, which automatically rewrites the composed YAML;
app added jupyter-notebook, livebook, myip, and rustfs apps;
app added support for custom apps;
app allow configuring bridge port pvid for app;
app changed ui-url parameter for Smokeping and Nextcloud;
app clean the backup directory after container repull;
app do not show duplicate entries of required-mounts;
app enable swap on all devices that use apps to help with performance;
app fixed /app/export;
app fixed apps constantly polling the cloud;
app fixed elasticsearch, element, pmacct-netflow apps failing to start;
app fixed issue with Cinny not being able to create a root-dir;
app fixed missing reverse-proxy URL;
app fixed potential port collisions between apps;
app show app URL only when it is running;
app show DNS URL for app only if it has a reverse-proxy;
bgp added BGP unnumbered support;
bgp changed multipath to number argument;
bgp fixed BGP output sometimes not being cleaned after session restart;
bgp fixed early-cut not working properly;
bgp fixed ignore-as-path-len not being used;
bgp fixed update messages not being sent on default-prepend value change;
bgp implemented add-path;
bgp implemented multipath (ability for BGP best path to select ECMP routes);
bgp make remote.address parameter optional;
bgp-vpn allow modifying scopes with routing filters;
bgp-vpn use target scope for imported route;
bridge added local and static MAC synchronization for MLAG;
bridge added MLAG support per bridge interface (/interface/bridge/mlag menu is moved to /interface/bridge; configuration is automatically updated after upgrade; downgrading to an older version will result in MLAG configuration loss);
bridge added MLAG-specific aged and aged-peer flags to host table;
bridge added RA guard feature;
bridge fixed MAC moving between regular ports and bonds for MLAG;
bridge fixed MLAG state being permanently disabled when changing bridge interface settings;
bridge fixed performance regression in complex setups with vlan-filtering (introduced in v7.20);
bridge improved logic for interface remove;
bridge improved MAC synchronization for MLAG;
bridge improved VRRP MAC address handling;
bridge removed vlan-filtering check when changing the MVRP setting (allows disabling MVRP through WinBox);
bth use separate Let's Encrypt certificate for file-share;
certificate improved certificate export process;
certificate improved logging;
chr improved fast-path stability when using vmxnet3 driver;
console added :continue and :break commands for various loops;
console added :exit command to terminate scripts;
console added "comments" parameter to print command to control comment and error output;
console added comparison operators for ID values;
console added Ctrl+Left/Right word navigation;
console added Ctrl+w word deletion;
console added hint for dry-run import parameter;
console added left shift (<<) and right shift (>>) support for IPv6 addresses;
console added on-event script runner support to print follow/follow-only;
console added timestamp support to print follow/follow-only;
console allow undefined variables in dry-run import;
console changed autocomplete expansion criteria;
console disable follow command in /ip/firewall/connection menu;
console fixed brief print for entries with multiple comments;
console fixed setting of /interface/wireless/scan-list;
console fixed time drift for interface last-link-down-time and last-link-up-time;
console fixed value type names in comparison errors;
console implemented string casting in :tobool command;
console improved command decoding to drop extraneous commands (visible in history logging);
console improved error tracing when using find command;
console improved export command to avoid empty [find];
console improved history logging when performing object rename with set/reset;
console improved set/remove command handling in /file menu;
console look up variable in global scope if argument scope lookup failed;
console parse width parameter for non-interactive SSH commands;
console show smaller QR codes where possible;
console use the same flag output format for both print brief and detail;
container added support for zstd extraction;
container automatically stop/repull/start the container on repull or remote-image change;
container fixed issue where the container may not start after upgrading if root-dir was not set;
container improved error message if container fails to start;
container internal stability improvements;
container use the user-defined envs and envlist for container shell command;
defconf fixed L009 configuration (introduced in v7.21);
detnet added request-interval setting;
detnet changed default port from MNDP to a random unused UDP port;
dhcp-server improved failure/error logging for both IPv4 and IPv6;
dhcpv4-client fixed inability to reference disabled DHCP client by interface name;
dhcpv4-client request DOMAINNAME (15) option from the server;
dhcpv4-server improved DHCP option handling;
dhcpv4-server improved logging;
dhcpv4-server send all found lease options in reply to DHCPINFORM;
dhcpv6-client allow unsetting "pool-prefix-length" parameter;
dhcpv6-client improved log messages;
dhcpv6-relay fixed link-layer address inconsistency with the original link-layer address in relay-forward packets;
dhcpv6-server swap input and output RADIUS accounting statistics counters;
disk added support for file-based swap space;
disk added trim command which functions similarly to fstrim;
disk fixed issue where iSCSI did not work with ESXi and XEN hypervisors;
disk fixed issue with disks not mounting after swapping devices;
disk fixed opening a drive in read-only mode if it became locked;
disk improved BTRFS stability on TILE devices;
disk renamed format file-system=trim and trim-secure to format file-system=discard and discard-secure;
disk show if drive is encrypted and locked;
email use default port if not specified;
ethernet increased Rx buffer size for devices with Alpine CPUs (reduces packet rx-drop in certain cases);
fetch added HTTP/2 support on ARM64 and x86/CHR devices;
fetch fixed fetch treating relative paths from redirects as hostnames;
fetch increased default maximum redirect count to 2;
fetch return error code and HTTP headers to :onerror script;
fetch treat HTTP 304 return code as success;
gps fixed GPS port disappearance after reboot for EC25-EU&KNe;
health added CPU temperature monitoring to L009 with ARM64;
hotspot allow WireGuard interface type;
hotspot check validity of base32 for otp-secret;
hotspot do not invalidate static ARP entries;
hotspot fixed www response after login by cookie;
hotspot set sensitive flag on /ip/hotspot/user otp-secret;
ike1 added ChaCha20-Poly1305 ESP encryption support;
ike1,ike2 improved netlink update handling;
iot added Bluetooth extended scanning and 1M/2M PHY support for the RB924i KNOT devices;
iot added Bluetooth extended scanning, advertising, and 1M/2M/CODED PHY support for EC25 KNOT devices;
iot added modbus delay using interframe-gap setting;
iot improved LoRa FSK modulation downlinking;
ip added error messages to reverse-proxy rules;
ip added reverse-proxy;
ip-service properly disable IP/Service on manual disable;
ippool6 allow creating sub-pool by specifying "from-pool";
ipsec added "none" option to IPsec key QKD certificate field;
ipsec added IKEv2 DDoS cookie activation setting;
ipsec added logging for IPsec policy template group;
ipsec added logging of IKEv2 connection SPI and initiator address;
ipsec adjusted minimum generated PSK key length;
ipsec fixed IKEv2 child policy reqid lost on rekey;
ipsec fixed IKEv2 child reqid handling on traffic selector update;
ipsec improved aes256-ctr stability on L009;
ipsec removed modp8192 proposal on MIPS architectures;
ipv6 added dhcp6-pd-preferred to /ipv6/nd/prefix to control P flag in Prefix Info Option RFC 9762;
ipv6 delete SLAAC default route if there are no active SLAAC prefixes present and no new RAs received;
ipv6 do not generate duplicate dynamic link-local addresses on tunnel type interfaces;
ipv6 enable IPv6 fast-path after removing firewall rules;
ipv6 improved system stability when manipulating IPv6 configuration that was added while IPv6 was disabled;
isis improved stability and fixed a small memory leak;
l2tp improved system stability on TILE architecture;
l3hw fixed missing VLAN counters on reboot (introduced in v7.21);
l3hw improved system stability on device shutdown/reboot;
l3hw improved system stability when enabling VLAN offloading under active traffic (introduced in v7.21);
log fixed incorrect log message shown after canceling supout.rif creation;
log fixed minor spelling issues;
log fixed missing ID in trace logs after removing logging rule;
log log "Secret must be set to run scripts from SMS" error only if ":cmd" prefix is used in SMS message;
log use uppercase MAC address in firewall logging;
log added comment support to rule entries;
log added option to clear echo logs;
log added option to prepend topics to BSD syslog message;
log added script target for log actions;
lte added "auto" MTU option for LTE interfaces to use network-advertised MTU on supported devices;
lte added AT command timeout for EC25-EU&KNe;
lte added multi-apn and framed routing support for EC200A-EU modem (requires latest FW version);
lte added roaming barring field to LTE "show-capabilities" menu;
lte added subscriber number to monitor command for MBIM modems;
lte added USB tethering support using iOS devices;
lte clear about field status on firmware upgrade;
lte do not allow modem firmware-upgrade on "inactive" interface;
lte do not allow setting unsupported roaming barring settings for R11e-4G;
lte do not flap LTE passthrough assigned interface on modem link state change;
lte do not reconfigure LTE interface on configuration change error;
lte enable DHCP relay packet forwarding to the cellular network for EG120K-EA and RG650E-AU;
lte fixed "allow-roaming" setting to return error for modems that do not support roaming barring;
lte fixed cases where AT dialer could get stuck in "modem not ready" state;
lte fixed cases where incorrect network modes and bands could be suggested for active interface;
lte fixed chained firmware update for Chateau 5G;
lte fixed changing eSIM profile nickname;
lte fixed changing MAC address for EC200A-EU modem;
lte fixed crash on LTE passthrough interface deactivation;
lte fixed displaying operator name for Chateau ax R17;
lte fixed eSIM errors appearing on devices without eSIM support;
lte fixed firmware update and status refresh for R11eL-EC200A-EU modem;
lte fixed LTE interface IPv6 address generation to use EUI-64 for EC25-EU&KNe;
lte fixed missing notifications to eSIM provider when eSIM provisioning canceled;
lte fixed tethering support for Google Pixel Pro 8;
lte fixed wrong MTU reading/setting for config-less modems;
lte hide external antenna selection menu for the Chateau AX R17;
lte improved APN IP type handling by enabling only the IP protocols defined in the assigned APN profile for config-less modems;
lte make inactive LTE interface settable, LTE interface settings can be set without waiting for modem initial initialization;
lte removed delay before querying modem status for config-less modems with info channel;
lte show ICCID and IMSI also when the interface is disabled;
lte strip modem reported padding characters for SIM card (ICCID) on Chateau ax R17;
mac-telnet added interface property;
macsec fixed hardware offload on S53 and C53 devices;
mesh fixed missing S flag on interfaces after mesh disable/enable;
ospf fixed typos in log messages;
ping added IPv6 support for flood-ping;
poe-out added LLDP support for dual-signature PDs;
poe-out firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces);
poe-out firmware update for 802.3bt capable boards (the update will cause a brief power interruption to poe-out interfaces);
poe-out firmware update for CRS354-48P-4S+2Q+ (the update will cause a brief power interruption to poe-out interfaces);
poe-out fixed controller-error for CRS354-48P-4S+2Q+;
port fixed baud rate change for TILE architecture devices;
ppp added initial support for BG770A-GL modem firmware update;
ppp fixed Framed-Route attribute not being applied to correct VRF;
profiler split "management" process into different smaller process groups;
radius fixed initialization of incoming UDP socket in some situations;
radius fixed RadSec SSL CPU usage increase on closed connections;
radius improved incoming RadSec packet processing on busy service;
radius improved logging;
rip,pimsm separate the interface property from the address in /routing/rip/interface and /routing/pimsm/interface menus;
rose-storage added XFS support;
route added logs for check-gateway state changes;
route added routing/settings policy-rules;
route added SLAAC route redistribution for IPv6 capable routing protocols;
route do not set blackhole flag for synthetic routes;
route fixed route removal after unexpected safe mode termination;
route fixed routes when scope was less than 10;
routerboard allow changing /system/routerboard/settings via Netinstall or FlashFig using a "mode script";
routerboot allow installing ARM64 on L009 device ("/system routerboard upgrade" required; configure "/system/routerboard/settings set preferred-architecture=arm64 boot-device=try-ethernet-once-then-nand"; start Netinstall with ARM64 image and reboot the device (DO NOT load the backup routerboot with reset button); downgrading to older versions must be avoided);
routerboot fixed linking to 1000M-half for KNOT Embedded LTE4 ("/system routerboard upgrade" required);
routerboot fixed possible Netinstall failure for KNOT Embedded LTE4 ("/system routerboard upgrade" required);
routing-filter added possibility to match SLAAC and bgp-mpls-vpn route types;
sfp improved initialization and linking for some QSFP modules;
smips reduced package size and removed ip-scan, mac-scan, ping-speed, flood-ping features;
snmp added 5G NSA connection signal indications: nr-rsrp, nr-rsrq, nr-sinr;
snmp fixed CA band indication;
snmp fixed issue where bulk walk might skip the first OID;
snmp fixed minor memory leak when changing SNMP authentication/encryption passwords;
snmp fixed reply for empty snmpbulkwalk requests;
snmp report maximum "ifSpeed" value if out of bounds;
snmp report RouterOS version in SNMPv2-MIB::sysDescr;
ssh improved logging;
supout wait up to 5 minutes for export to complete and show incomplete output in case of timeout;
switch fixed missing switch-cpu port counters;
switch improved system stability when changing bridge multicast-router property on CRS1xx/2xx (introduced in v7.19);
switch updated switch-marvell.npk driver;
system added reset-configuration keep-apps=yes;
system display serial ports in the /system/resource/hardware menu;
system improved upgrade service stability when the server is unreachable;
undo show user when configuring DHCP server or hotspot with setup command;
upgrade added "password" parameter to "local-upgrade" feature when configuring through CLI;
upgrade added IPv6 support for local package source and mirror;
upgrade fixed local package mirror check interval;
upgrade removed redundant commands from local package menu;
usb updated device ids for ax88179_178a driver;
user properly apply login delay (introduced in v7.20);
user-manager added support for NAS-Identifier attribute;
user-manager always respond to accounting requests;
user-manager do not send Disconnect-Message for unknown usernames for Accounting-Request;
user-manager do not send invalid NAS-Port-Type on CoA/PoD messages;
user-manager fixed unauthenticated access to /PRIVATE/ userman web files;
user-manager show empty value for session NAS-IP-Address if empty;
webfig added missing icons for Firewall table;
webfig added new section "Common names" in skin designer;
webfig added support for collapsible tree view for menus like Interfaces, Files, Queues;
webfig added support for URL fields;
webfig fixed ability to set interworking.realms-raw WiFi interface attribute;
webfig fixed skin designer mobile view for QuickSet and Terminal;
webfig fixed Torch Filters default values;
webfig improved address type field input value validation;
wifi added keepalive message in CAPsMAN data channel;
wifi added optional show-frame=radiotap parameter value to make sniffer display the radiotap header of captured frames;
wifi allow specifying hostname to caps-man-addresses;
wifi fixed channel switching for MediaTek access points;
wifi fixed FT support with wpa2-psk-sha2;
wifi fixed functionality of the wireless-signal-strength LED trigger;
wifi fixed possible certificate failure after CAPsMAN disable/enable;
wifi improved spectral-history width for console;
wifi improved stability and fixed multiple issues;
wifi improved stability of interfaces in station mode during roaming;
wifi improved support for 802.11be access points;
wifi improved system stability when using spectral-scan;
wifi introduced /interface/wifi/network menu for higher level network configuration (CLI only);
wifi quicker re-connections to APs for interfaces in station mode;
wifi updated regulatory information for Malaysia;
wifi-mediatek fixed rx chains functionality;
wifi-mediatek updated driver and firmware;
winbox added "Force Check" for local upgrade;
winbox added comment in "System/Ports/Remote Access" menu;
winbox added confirmation message to Format Drive;
winbox added Container Repull command;
winbox added error reporting to CAPsMAN Manager menu;
winbox added GUI support for IPsec QDK;
winbox added missing LoRa channel fields;
winbox added missing route flags;
winbox added route ISIS tab;
winbox added socsify icon for firewall NAT rules;
winbox added SwOS Allow From field;
winbox added warning when changing global script variables;
winbox allow using specified skin without the sensitive policy;
winbox fixed applying a skin to a user authenticated with RADIUS;
winbox fixed applying a skin to WinBox if it was uploaded via the branding package;
winbox fixed default flag in certain menus;
winbox fixed empty "Realm Raw" value processing and value inheritance from configuration template (requires WinBox 4);
winbox fixed L3HW default value for VLAN interface (introduced in v7.21);
winbox fixed modem firmware-upgrade for the RG650E-EU modem;
winbox fixed the "New QoS Profile" field for switch rules;
winbox make File Share URL field clickable;
winbox move "Default" panel from "IPv6/ND/Proxy" to "IPv6/ND/Prefixes";
winbox rearrange filter wizard parameters in tabs;
winbox recognize imported certificate key size;
winbox rename "Change Now" to "Change" button in "System/Password" menu;
winbox replace "DHCP" with "DHCPv6" in IPv6 menus;
winbox set "Mount Filesystem" by default under "System/Disk" menu;
winbox show MPLS tab only to relevant routes;
winbox show separator after "Protocol" field for IPv6 Firewall rules;
winbox show warnings in "MPLS/Traffic Eng/Tunnel" menu;
winbox updated some setting and title names;
winbox updated various WiFi properties;
wireguard fixed private key generation when creating a WireGuard interface;
wireguard improved stability;
wireguard merged upstream fixes and improvements;
wireless avoid joining BSS that previously failed until all other options tried;
wireless improved system stability when changing nstreme mode;
wireless improved system stability when eap-method=passthrough configured for station;
x86 added JME network driver;
x86 fixed interface hang on RTL8125 when processing IP-fragmented UDP traffic;
x86 improved link establishing on Intel X710 series NIC;