RouterOS 6.43.16 [Long-term]

May 15, 2019, 12:47 am

≪ Previous: RouterOS 6.45beta45 [Testing]

6.43.16 changelog:

*) w60g - fixed memory leak (introduced in v6.43.15);

Download the new 'RouterOS 6.43.16' version here: https://mikrotik.com/download

↧

RouterOS 6.45beta50 [Testing]

May 20, 2019, 11:26 pm

≫ Next: RouterOS 6.45beta54 [Testing]

≪ Previous: RouterOS 6.43.16 [Long-term]

6.45beta50 changelog:

MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------

Changes in this release:

!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) ccr - improved packet processing after overloading interface;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - improved firmware upgrade process;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added "pwr-line" section to supout file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;

Other changes since v6.44.3:

*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Download the new 'RouterOS 6.45beta50' version here: https://mikrotik.com/download

↧

RouterOS 6.45beta54 [Testing]

May 28, 2019, 2:52 am

≫ Next: RouterOS 6.45beta62 [Testing]

≪ Previous: RouterOS 6.45beta50 [Testing]

6.45beta54 changelog:

Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.

MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
!) user - removed insecure password storage;
----------------------

Changes in this release:

!) user - removed insecure password storage;
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) conntrack - fixed GRE protocol packet connection-state matching;
*) crs317 - fixed known multicast flooding to the CPU;
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for IKE rekeying for initiator;
*) ike2 - improved child SA rekeying process;
*) lte - added initial support for Vodafone R216-Z;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols;

Other changes since v6.44.3:

*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

Download the new 'RouterOS 6.45beta54' version here: https://mikrotik.com/download

↧

RouterOS 6.45beta62 [Testing]

June 13, 2019, 10:26 pm

≫ Next: RouterOS 6.44.4 [Stable]

≪ Previous: RouterOS 6.45beta54 [Testing]

6.45beta62 changelog:

Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.

MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) user - removed insecure password storage;
----------------------

Changes in this release:

!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) crs3xx - fixed "tx-drop" counter;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added passthrough interface subnet selection;
*) lte - fixed LTE interface running state on RBSXTLTE3-7 (introduced in v6.45beta);
*) m33g - added support for additional Serial Console port on GPIO headers;
*) routerboard - renamed 'sim' menu to 'modem';
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - improved reliability on SNMP service packet validation;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";

Other changes since v6.44.3:

*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);

Download the new 'RouterOS 6.45beta62' version here: https://mikrotik.com/download

↧

RouterOS 6.44.4 [Stable]

June 30, 2019, 11:15 pm

≫ Next: RouterOS 6.45 [Stable]

≪ Previous: RouterOS 6.45beta62 [Testing]

6.44.4 changelog:

(factory only release)

Download the new 'RouterOS 6.44.4' version here: https://mikrotik.com/download

↧

RouterOS 6.45 [Stable]

June 30, 2019, 11:26 pm

≫ Next: RouterOS 6.45.1 [Stable]

≪ Previous: RouterOS 6.44.4 [Stable]

6.45 changelog:

(factory only release)

Download the new 'RouterOS 6.45' version here: https://mikrotik.com/download

↧

RouterOS 6.45.1 [Stable]

June 30, 2019, 11:39 pm

≫ Next: RouterOS 6.46beta6 [Testing]

≪ Previous: RouterOS 6.45 [Stable]

6.45.1 changelog:

Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.

MAJOR CHANGES IN v6.45.1:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) security - fixed vulnerabilities CVE-2018-1157, CVE-2018-1158;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
!) user - removed insecure password storage;
----------------------

Changes in this release:

*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - correctly handle bridge host table;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - improved stability when receiving traffic over USB modem with bridge firewall enabled;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) certificate - fixed self signed CA certificate handling by SCEP client;
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) certificate - removed "set-ca-passphrase" parameter;
*) chr - legacy adapters require "disable-running-check=yes" to be set;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - fixed "tx-drop" counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv4-server - added IP conflict logging;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - fixed running (R) flag not present on x86 interfaces and CHR legacy adapters;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) gps - use "serial0" as default port on LtAP mini;
*) hotspot - added "interface-mac" variable to HTML pages;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) m33g - added support for additional Serial Console port on GPIO headers;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) routerboard - renamed 'sim' menu to 'modem';
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - fixed "send-trap" with multiple "trap-targets";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - keep host keys when resetting configuration with "keep-users=yes";
*) ssh - use correct user when "output-to-file" parameter is used;
*) sstp - improved stability when received traffic hits tarpit firewall;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);

Download the new 'RouterOS 6.45.1' version here: https://mikrotik.com/download

↧

RouterOS 6.46beta6 [Testing]

July 4, 2019, 5:28 am

≫ Next: RouterOS 6.44.5 [Long-term]

≪ Previous: RouterOS 6.45.1 [Stable]

6.46beta6 changelog:

Changes in this release:

*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);

Download the new 'RouterOS 6.46beta6' version here: https://mikrotik.com/download

↧

RouterOS 6.44.5 [Long-term]

July 9, 2019, 12:46 am

≫ Next: RouterOS 6.46beta9 [Testing]

≪ Previous: RouterOS 6.46beta6 [Testing]

6.44.5 changelog:

MAJOR CHANGES IN v6.44.5:
----------------------
!) security - fixed vulnerabilities CVE-2018-1157, CVE-2018-1158;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
----------------------

Changes in this release:

*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) certificate - removed "set-ca-passphrase" parameter;
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipv6 - improved system stability when receiving bogus packets;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) rb3011 - improved system stability when receiving bogus packets;
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added IPv6 ND section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - updated "china" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);

Download the new 'RouterOS 6.44.5' version here: https://mikrotik.com/download

↧

RouterOS 6.46beta9 [Testing]

July 11, 2019, 2:53 am

≫ Next: RouterOS 6.45.2 [Stable]

≪ Previous: RouterOS 6.44.5 [Long-term]

6.46beta9 changelog:

Changes in this release:

*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ppp - disable DTR send when using at-chat;
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) winbox - properly show timestamp in file "Creation Time" field;

Other changes since v6.45.1:

*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);

Download the new 'RouterOS 6.46beta9' version here: https://mikrotik.com/download

↧

RouterOS 6.45.2 [Stable]

July 19, 2019, 2:55 am

≫ Next: RouterOS 6.46beta16 [Testing]

≪ Previous: RouterOS 6.46beta9 [Testing]

6.45.2 changelog:

↧

RouterOS 6.46beta16 [Testing]

July 24, 2019, 12:31 am

≫ Next: RouterOS 6.45.3 [Stable]

≪ Previous: RouterOS 6.45.2 [Stable]

6.46beta16 changelog:

Changes in this release:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
*) wireless - updated "ukraine" regulatory domain information;

Other changes since v6.45.2:

*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;

Download the new 'RouterOS 6.46beta16' version here: https://mikrotik.com/download

↧

RouterOS 6.45.3 [Stable]

August 1, 2019, 5:35 am

≫ Next: RouterOS 6.46beta28 [Testing]

≪ Previous: RouterOS 6.46beta16 [Testing]

6.45.3 changelog:

↧

RouterOS 6.46beta28 [Testing]

August 9, 2019, 3:20 am

≫ Next: RouterOS 6.46beta34 [Testing]

≪ Previous: RouterOS 6.45.3 [Stable]

6.46beta28 changelog:

Changes in this release:

*) certificate - improved CRL updating process;
*) defconf - require "policy" permission to print default configuration;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed basic rate reporting in snooper;

Other changes since v6.45.3:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;

Download the new 'RouterOS 6.46beta28' version here: https://mikrotik.com/download

↧

RouterOS 6.46beta34 [Testing]

August 22, 2019, 2:46 am

≫ Next: RouterOS 6.45.4 [Stable]

≪ Previous: RouterOS 6.46beta28 [Testing]

6.46beta34 changelog:

Changes in this release:

*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) log - increased log message length limit to 1024 characters;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";

Other changes since v6.45.3:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;

Download the new 'RouterOS 6.46beta34' version here: https://mikrotik.com/download

↧

RouterOS 6.45.4 [Stable]

August 28, 2019, 4:05 am

≫ Next: RouterOS 6.45.5 [Stable]

≪ Previous: RouterOS 6.46beta34 [Testing]

6.45.4 changelog:

(factory only release)

Download the new 'RouterOS 6.45.4' version here: https://mikrotik.com/download

↧

RouterOS 6.45.5 [Stable]

August 28, 2019, 4:12 am

≫ Next: RouterOS 6.46beta38 [Testing]

≪ Previous: RouterOS 6.45.4 [Stable]

6.45.5 changelog:

↧

RouterOS 6.46beta38 [Testing]

August 29, 2019, 4:04 am

≫ Next: RouterOS 6.45.6 [Stable]

≪ Previous: RouterOS 6.45.5 [Stable]

6.46beta38 changelog:

Changes in this release:

*) btest - removed duplicate "duration" parameter;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) supout - removed "file" option from "/system sup-output" command;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed RX chain selection;
*) wireless - include last frequency when manually setting frequency step in "scan-list";

Other changes since v6.45.5:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;

Download the new 'RouterOS 6.46beta38' version here: https://mikrotik.com/download

↧

RouterOS 6.45.6 [Stable]

September 11, 2019, 3:15 am

≫ Next: RouterOS 6.46beta44 [Testing]

≪ Previous: RouterOS 6.46beta38 [Testing]

6.45.6 changelog:

↧

RouterOS 6.46beta44 [Testing]

September 19, 2019, 4:30 am

≫ Next: RouterOS 6.46beta55 [Testing]

≪ Previous: RouterOS 6.45.6 [Stable]

6.46beta44 changelog:

Changes in this release:

*) capsman - fixed channel auto reselection;
*) chr - added support for Azure guest agent;
*) console - fixed "tobool" conversion;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - improved modem initialization;
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - use "src-address" also for traps;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;

Other changes since v6.45.6:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;

Download the new 'RouterOS 6.46beta44' version here: https://mikrotik.com/download

↧