Version: 7.23beta2
Development175 changelog entries across 55 component(s)
2026-Mar-13 (1 month ago)
| Component | Change |
|---|---|
| app | added docker-with-dockge, docker-with-komodo, docker-with-portainer, HA-otbr-matter, odoo, otbr, stalwart apps; |
| app | added possibility to set app command-line parameter from CLI; |
| app | allow apps on xfs file system; |
| app | allow overriding default stop signal; |
| app | allow parsing DNS in YAML; |
| app | allow passing stop signal from YAML and passing it to container as default; |
| app | allow updating name parameter from YAML for custom apps; |
| app | allow updating YAML for existing custom app, forces cleanup; |
| app | apps now check for port availability, apps will not start on "internal" if app masks existing service; |
| app | automatically pass any required devices to container, such as otbr; |
| app | disabled PiHole syncing NTP to host; |
| app | fixed potential crash when running cleanup on a lot of apps; |
| app | fixed saving custom apps; |
| app | fixed showing ui-url for apps; |
| app | fixed uptime-kuma and jupyter-notebook; |
| app | fixed YAML not exported for custom apps; |
| app | improved app networks and port behavior; |
| app | improved automatic hardware device passing to container; |
| app | improved YAML error message; |
| app | on file based devices, swap is enabled on the file itself instead of creating another one and enabling it on that; |
| app | stability fixes for the "/app" menu; |
| app | swap file is now created based on the mount-point it is attached to; |
| arm64,x86 | updated Broadcom bnxt Ethernet driver for 200G support; |
| bridge | added ability to set custom Option 82 with dhcp-agent-circuit-id, dhcp-agent-remote-id settings (replaces add-dhcp-option82 setting; configuration is automatically updated after upgrade); |
| bridge | added DHCPv6 snooping feature with ability to set custom Option 18 and Option 37; |
| bridge | improved MAC synchronization for MLAG; |
| bridge | recognize more DHCP message types when dhcp-snooping is enabled; |
| certificate | added option to configure built-in trust store for all services (CLI only); |
| certificate | use "default" for built-in trust store default value; |
| chr | improved virtio_net stability; |
| cloud | show error if cloud services are not supported on the device; |
| console | added syntax highlight for script properties in some menus (e.g. dhcp-client, dhcp-server, ppp/profile, interface/vrrp); |
| console | export mentions custom defconf script presence in header; |
| console | fixed "/log/print follow on-event" to work with "where" (introduced in v7.22); |
| console | removed redundant keepalive for the serial-terminal, ensure that the device no longer periodically outputs /0 while using "/system/serial-terminal"; |
| console | show "/system/resource/hardware/usb-power-reset" only on x86; |
| container | added restart-policy=no/always/on-failure, stop-on-unhealthy, restart-count, restart-interval, restart-max-count properties; |
| container | allow disabling individual container environment variables without deleting them; |
| container | allow picking mount source directories with the file picker in WinBox; |
| container | allow setting memory-max global and per container; |
| container | allow user-defined mounts overriding /sys and /dev; |
| container | clean up layers of non-existing containers; |
| container | detect and show containers killed by out-of-memory killer; |
| container | fixed container entrypoint and shell override by user; |
| container | fixed container layer size calculation; |
| container | fixed container shell not working with multi-arg commands; |
| container | fixed losing container after reboot; |
| container | fixed repull if root-dir of container was in tmpfs; |
| container | fixed running "/container shell" with the correct user, if container user is set or overridden; |
| container | improved errors at container start; |
| container | improved running container instance memory usage; |
| container | layers are now accessible under "Layers" tab; |
| container | pass any container startup error message back to "run" and make it exit immediately; |
| container | removed "Layers" button; |
| container | show layer size calculation status; |
| crypto | fixed fallback flag loss in qcrypto; |
| crypto | improved safexcel driver with upstream changes and patches; |
| dhcpv4-server | do not raise an alert when receiving a packet originating from the same device; |
| dhcpv4-server | do not suggest bogus pools when using setup command (e.g. when address is /31 or /32); |
| dhcpv4-server | fixed an issue where renew packets without giaddr were sometimes not processed; |
| disk | added "/disk" smart-info; |
| disk | show disk io errors in "/disk" menu; |
| dns | added HTTP/2 support to DoH on ARM64 and x86/CHR devices; |
| fetch | fixed non-working idle-timeout in some cases; |
| file | added copy, tail, head commands (CLI only); |
| firewall | improved stability for SIP helper; |
| hardware | name serial devices after port names; |
| hardware | name storage hardware devices after slot name in "/disk" menu; |
| hardware | report the correct state of PCI devices in "/system/resource/hardware" menu; |
| iot | added LoRa Tx delay setting; |
| iot | added MQTT subscribe message real-time monitoring option; |
| iot | added Wiliot support; |
| iot | fixed LoRa LBT issues, which caused Tx packets not getting delivered; |
| iot | improved LoRa Tx handling; |
| ip-settings | added ipv4-fragment-time and ipv4-high-fragment-thresh settings, use default values based on total device memory; |
| ipip | disabled IPv6 link-local address generation; |
| ippool | fixed issue when changing pool with already used addresses; |
| ippool6 | allow variable length pool; |
| ipsec | added netlink-based SA and policy handling; |
| ipsec | fixed SA proto parameter conversion and policy "none" type handling; |
| ipv6 | added from-pool-policy address property that controls how address is acquired from the pool; |
| ipv6 | added without-acquire address property; |
| ipv6 | always ensure that prefix length matches the one given by the pool even if address was set to 0; |
| ipv6,ra | warn when interface is under the bridge; |
| ipv6,ra | added option to ignore MTU and DNS servers; |
| ipv6,ra | added router-advertisement-route-distance setting; |
| ipv6,ra | allow receiving DNS servers over multiple interfaces; |
| ipv6,ra | clamp valid-lifetime to minimum of 2h on deprecation; |
| ipv6,ra | extend processed RA logging; |
| ipv6,ra | fixed advertised DNS parameter logging; |
| ipv6,ra | fixed changing default "all" interface configuration; |
| ipv6,ra | fixed DNS and pref64 property unset; |
| ipv6,ra | fixed sending only DNS or MTU when prefix is set to "none"; |
| l3hw | added HW offloaded VRF support on CRS8xx switches; |
| l3hw | added VRF assignment via switch ACL rules on CRS8xx switches (CLI only); |
| l3hw | fixed VXLAN packet matching by local IP; |
| l3hw | improved system stability (introduced in v7.21); |
| leds | added new PoE fault LED cases (bad fw, PoE card power cable disconnected, PoE card not inserted); |
| leds | allow multiple interface selection for interface-activity trigger; |
| log | added CC option for e-mail action; |
| log | added ssld error logging; |
| log | added TLS support; |
| lte | do not duplicate primary-band also in ca-band for QMI modems in 5G SA network; |
| lte | emit RS every 60s on LTE interface; |
| lte | filter packets by MAC in multi-apn setup for EC200A-EU modem; |
| lte | fixed RSSI signal monitor 3rd party modems where AT+CSQ responses are not parsed; |
| lte | fixed Tx stat reporting in LTE passthrough mode (introduced in v7.22); |
| lte | fixed user set MTU not applied to LTE interface; |
| lte | improved system stability for devices with QMI modems; |
| lte | improvements for passthrough mode in IPv6 only setup; |
| lte | read subscriber number also for QMI modems; |
| lte | removed LTE external-antenna scan; |
| lte | set SMS send timeout to 180s; |
| lte | show external-antenna as "none" before actual scan is done instead of empty value; |
| lte | show MTU as "auto" also on interface level if "auto" used; |
| lte | SIMCom modems, skip error state when modem sends improperly formatted CREG response/URC; |
| macsec | added aes-gcm-xpn-128 cipher support; |
| ospf | fixed nssa bit check; |
| ospf | fixed routes not being installed on ABRs; |
| pimsm | do not ignore priority when selecting RP from BSR; |
| pimsm | fixed possible BSR loop; |
| pimsm | improved stability; |
| ping | show time in microseconds for flood-ping; |
| poe-out | firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces); |
| port | added support for "tcp-client" and "udp" modes for "remote-access"; |
| pppoe | do not reset pppoe-client interface when adding a comment; |
| ptp | added support for CRS812, CRS804; |
| qos-hw | added automap setting to QoS Profiles (enabled by default); |
| qos-hw | added ECN and PFC support on CRS8xx; |
| qos-hw | added new default "auto" value to mirror-buffers, multicast-buffers, shared-buffers QoS Settings (old defaults are shown in export after upgrade); |
| qos-hw | added queueX-byte-max stats to port usage on CRS8xx; |
| qos-hw | introduced lossless-traffic-class and lossless-buffers settings; |
| qos-hw | removed shared-pool-index setting; |
| quickset | fixed configuration of multi-link APs; |
| smb | do not start /ip smb server on container interfaces; |
| sniffer | added IP ECN field; |
| sniffer | fixed missing VLAN tag in the TZSP packets; |
| snmp | enforce minimum password length; |
| snmp | fixed connection tracking counter OID; |
| snmp | fixed dot1dStpPortDesignatedRoot and added dot1dStpPortDesignatedBridge OID; |
| snmp | implemented LTE firmware upgrade option; |
| ssh | do not advertise password login method when it is disabled; |
| ssh | make login process asynchronous; |
| switch | disable EEE on RB5009 and CCR2004-16G-2S+ devices; |
| switch | updated switch-marvell.npk driver; |
| system | fixed total memory reporting on hAP be3 Media; |
| tr069 | fixed modem extended revision reporting; |
| upgrade | added the option to configure HTTP/HTTPS modes when connecting to MikroTik upgrade servers; |
| upgrade | changed status message for scheduled installs; |
| upgrade | check for available packages when opening System/Packages in GUI; |
| upgrade | use HTTPS by default when connecting to MikroTik upgrade servers; |
| usb | added ax88179_178a driver; |
| usb | improved USB Ethernet adapter recognition; |
| usb | show USB device reported maximum power; |
| vxlan | improved system stability for TILE devices; |
| webfig | added support for filter in tables; |
| wifi | fixed bridge VLAN configuration for multi-link interfaces; |
| wifi | fixed EAP authentication for multi-link clients; |
| wifi | improved link-specific parameter application after reboot for multi-link interfaces; |
| wifi | improved stability during association; |
| wifi-mediatek | fixed multicast-enhance functionality; |
| wifi-qcom-be | fixed forwarding of 4-address data from station to station; |
| wifi-qcom-be | fixed incorrect channel info for punctured channels; |
| winbox | added comment for DHCPv6 relay; |
| winbox | added group numbers for DH and PFS groups for IPsec; |
| winbox | fixed Remote AS setting under the Routing/BGP/Connections menu; |
| winbox | fixed Src/Dst Address Type under the IP/Firewall/NAT menu; |
| winbox | improved Routing/PIM SM menu; |
| winbox | move bridge IGMP Snooping checkbox to IGMP tab; |
| winbox | rename DHCPv6 server binding "Peer Address" to "Client Address"; |
| winbox | show "External Antenna Selected" field only when "auto" selected; |
| winbox | updated socksify icon for firewall NAT rules; |
| www | added partial content (HTTP 206) support; |
| www | improved system stability; |
| zerotier | upgraded to version 1.16.0; |