en-usMikroTik Bugfixhttps://www.mikrotik.comCopyright 2018, Mikrotikls LtdMikroTik Rss60Feed for newest RouterOS updates.RouterOS 6.42.9 [Long-term]https://www.mikrotik.com/download/changelogs/long-term

6.42.9 changelog:

Important note!!! Backup before upgrade!
RouterOS v6.41 and above contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus.
Please, note that downgrading below RouterOS v6.41 will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) ike2 - improved subsequent phase 2 initialization when no child exist;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP, hAP ac lite and LtAP mini devices;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed LTE registration in 2G/3G mode;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) routerboard - show "boot-os" option only on devices that have such feature;
*) routerboot - fixed RouterOS booting on devices with particular NAND memory;
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) supout - added "files" section to supout file;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) webfig - fixed www service becoming unresponsive;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;

What's new in 6.42.8 (2018-Sep-21 13:30):

(factory only release)

Download the new 'RouterOS 6.42.9' version here: https://www.mikrotik.com/download

]]>
Long-termMon, 01 Oct 2018 10:05:45 +0300c79ebcb05a738bbdf57ca006715b082d
RouterOS 6.40.9 [Long-term]https://www.mikrotik.com/download/changelogs/long-term

6.40.9 changelog:

MAJOR CHANGES IN v6.40.9:
----------------------
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
----------------------

*) certificate - fixed "add-scep" template existence check when signing certificate;
*) defconf - fixed wAP LTE kit default configuration;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) filesystem - fixed NAND memory going into read-only mode;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed interface configuration responsiveness;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ldp - properly load LDP configuration;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) snmp - added remote CAP count OID for CAPsMAN;
*) supout - added "partitions" section to supout file;
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) userman - improved unique username generation process when adding batch of users;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show "scep-url" for certificates;
*) winbox - show "sector-writes" on ARM devices that have such counters;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - improved client "channel-width" detection;
*) wireless - improved Nv2 PtMP performance;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) wireless - updated "united-states" regulatory domain information;

Download the new 'RouterOS 6.40.9' version here: https://www.mikrotik.com/download

]]>
Long-termWed, 22 Aug 2018 12:35:26 +0300b14c218c58ce75a59fe44eff96bd56d5
RouterOS 6.40.8 [Long-term]https://www.mikrotik.com/download/changelogs/long-term

6.40.8 changelog:

!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) ssh - fixed SSH service becoming unavailable;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) winbox - show "Switch" menu on cAP ac devices;
*) wireless - improved compatibility with BCM chipset devices;

Download the new 'RouterOS 6.40.8' version here: https://www.mikrotik.com/download

]]>
Long-termTue, 24 Apr 2018 12:18:25 +03008b8670d574296c52523e332237f9ba88
RouterOS 6.40.7 [Long-term]https://www.mikrotik.com/download/changelogs/long-term

6.40.7 changelog:

!) smb - fixed buffer overflow vulnerability, everyone using this feature is urged to upgrade;
*) console - do not allow variables that start with digit to be referenced without "$" sign;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) romon - make "secret" field sensitive in console;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not installed;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed maximal ID for Traffic Generator stream;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - removed "Enable" and "Disable" buttons from IPsec "mode-config" list;
*) winbox - show "D" flag under "/ip dhcp-client" menu;
*) winbox - use proper graph name for HDD graphs;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;

Download the new 'RouterOS 6.40.7' version here: https://www.mikrotik.com/download

]]>
Long-termFri, 20 Apr 2018 13:13:14 +0300b7cb20a306c43c171054fe65cacfee45
RouterOS 6.40.6 [Long-term]https://www.mikrotik.com/download/changelogs/long-term

6.40.6 changelog:

*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) certificate - do not use UTF-8 for SCEP challenge password;
*) certificate - fixed PKCS#10 version;
*) chr - generate new system ID on first boot;
*) crs317 - fixed reliability on FAN controller;
*) defconf - fixed DISC Lite5 LED default configuration;
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) disk - fixed disk detach process;
*) dude - fixed e-mail notifications when default port is not used;
*) export - fixed "/system routerboard mode-button" compact export;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - limited maximum "address-list-timeout" value to “35w3d13h13m56s”;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on XAUTH if user does not exist;
*) ike1 - fixed memory corruption when IPv6 is used;
*) ike1 - improved stability on phase1 rekeying;
*) ike2 - added support for multiple split networks;
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) ike2 - kill connection when peer changes address;
*) ike2 - use peer configuration address when available on empty TSi;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) l2tp - improved reliability on packet processing in FastPath;
*) netinstall - improved LTE package description;
*) netinstall - properly generate skins folder when branding package is installed;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) ppp - do not disconnect active PPP connection after "idle-timeout";
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) ppp - fixed "change-mss" functionality when MSS is not set on forwarded packets;
*) ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
*) pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
*) quickset - do not automatically change mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) route - fixed DHCP/PPP “add-default-route” “distance” minimal value to 1;
*) route - improved reliability on routing table update;
*) routerboard - properly report warnings under "/system routerboard" menu;
*) scheduler - properly display long scheduler configuration;
*) sfp - improved SFP module compatibility;
*) sms - fixed minor problem for SMS delivery;
*) snmp - added IPv6 addresses support on default "public" community;
*) snmp - fixed bulk requests when non-repeaters are used;
*) snmp - fixed consecutive OID bulk get from the same table;
*) traceroute - fixed "/tool traceroute" results print;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed router getting reset to default configuration;
*) webfig - fixed column ordering;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) wireless - fixed wireless protocol mode restrictions if lockpack is installed and has limits for it;
*) wireless - removed unused monitor command from CLI;
*) wireless - updated "Australia", "Czech Republic", "UK 5.8 Fixed" and "United Kingdom" regulatory domain information;

Download the new 'RouterOS 6.40.6' version here: https://www.mikrotik.com/download

]]>
Long-termThu, 01 Mar 2018 14:39:04 +020009581ce8a9da0aca1f84c6cfd736c47a
RouterOS 6.39.3 [Long-term]https://www.mikrotik.com/download/changelogs/long-term

6.39.3 changelog:

*) arp - properly update dynamic ARP entries after interface related changes;
*) bonding - fixed 802.3ad mode on RB1100AHx4;
*) bonding - improved reliability on bonding interface removal;
*) console - fixed different command auto complete;
*) crs1xx/2xx - fixed 1 Gbps forced mode for several SFP modules;
*) crs317 - added L2MTU support;
*) crs3xx - improved packet processing in slowpath;
*) dhcp - fixed downgrade from RouterOS v6.41 or higher;
*) dhcpv4-server - fixed lease renew for DHCP clients that sends renewal with "ciaddr = 0.0.0.0";
*) dhcpv6-client - do not run DHCPv6 client when IPv6 package is disabled;
*) dhcpv6-client - fixed IA evaluation order;
*) dhcpv6-client - require pool name to be unique;
*) dhcpv6-server - do not release address of static binding from pool after server removal;
*) discovery - fixed timeouts for LLDP neighbours;
*) ethernet - fixed occasional broken interface order after reset/first boot;
*) ethernet - fixed rare linking problem with forced 10Mbps full-duplex mode;
*) export - fixed export for PoE-OUT related settings;
*) export - fixed wireless "ssid" and "supplicant-identity" compact export;
*) fasttrack - fixed fasttrack over interfaces with dynamic MAC address;
*) firewall - fixed bridge "action=log" rules;
*) firewall - fixed crash on fasttrack dummy rule manual change attempt;
*) firewall - properly remove "address-list" entry after timeout ends;
*) firewall - removed unique address list name limit;
*) hAP ac lite - removed nonexistent "wlan-led";
*) hotspot - improved user statistics collection process;
*) hotspot - require "dns-name" to contain "." symbol under Hotspot Server Profile configuration;
*) ike1 - fixed initiator ID comparison to NAT-OA;
*) interface - improved interface state change handling when multiple interfaces are affected at the same time;
*) ipsec - do not deduct "dst-address" from "sa-dst-address" for "/0" policies;
*) ipv6 - fixed IPv6 address request from pool;
*) metarouter - fixed display of bogus error message on startup;
*) ntp-client - properly start NTP client after reboot if manual server IP is not configured;
*) ovpn - added support for "push-continuation";
*) ovpn - added support for topology subnet for IP mode;
*) ovpn - fixed duplicate default gateway presence when receiving extra routes;
*) ovpn - improved performance when receiving too many options;
*) ping - fixed ping getting stuck (after several thousands of ping attempts);
*) ppp - fixed non-standart PAP or CHAP packet handling;
*) pppoe-client - fixed incorrectly formed PADT packet;
*) pppoe-client - fixed wrong MRU detection over VLAN interfaces;
*) proxy - fixed rare program crash after closing client connection;
*) quickset - fixed incorrect VPN address value on arm and tilera;
*) rb1100ahx4 - fixed HW acceleration fragmented packet decryption when fragment is smaller than 64 bytes;
*) rb1100ahx4 - fixed startup problems (requires additional reboot after upgrade);
*) rb2011 - fixed possible LCD blinking along with ethernet LED;
*) rb3011 - fixed packet passthrough on switch2 while booting;
*) rb922 - restored missing wireless interface on some boards;
*) safe-mode - fixed session handling when Safe Mode is used on multiple sessions at the same time;
*) sfp - fixed invalid temperature readings when ambient temperature is below 0C;
*) sfp - fixed OPTON module DDM information readings;
*) sfp - fixed temperature readings for various SFP modules;
*) sniffer - do not skip L2 packets when "all" interface mode was used;
*) snmp - fixed "/caps-man registration-table" uptime values;
*) snmp - fixed "/system license" parameters for CHR;
*) snmp - fixed "/system resource cpu print oid";
*) snmp - fixed crash on interface table get;
*) ssh - do not execute command if it starts with "-" symbol;
*) supout - fixed IPv6 firewall section;
*) switch - fixed multicast forwarding on CRS326;
*) tile - fixed copying large amount of text over serial console;
*) tile - improved reliability on MPLS package processing;
*) traffic-flow - fixed reboots when IPv6 address has been set as target address without active IPv6 package;
*) trafficgen - fixed "lost-ratio" showing incorrect statistics after multiple sequences;
*) userman - do not send disconnect request for user when "simultaneous session limit reached";
*) userman - fixed "limitation" and "profile-limitation" update;
*) userman - fixed CoA packet processing after changes in "/tool user-manager router" configuration;
*) userman - lookup language files also in "/flash" directory;
*) vlan - do not allow VLAN MTU to be higher than L2MTU;
*) vlan - do not delete existing VLAN interface on "failure: already have such vlan";
*) webfig - allow to unset "rate-limit" for DHCP leases;
*) webfig - fixed wireless "scan-list" parameter not being saved after applying changes;
*) webfig - improved reliability of login process;
*) winbox - added possibility to define "comment" for "/routing bgp network" entries;
*) winbox - added support for certificate CRL list;
*) winbox - do not show LCD menu for devices which does not have it;
*) winbox - fixed ARP table update after entry changes state to incomplete;
*) winbox - hide "level" and "tunnel" parameters for IPSec policy templates;
*) winbox - hide FAN speed if it is 0RPM;
*) winbox - make IPSec policies table an ordered list;
*) winbox - properly show "dhcp-server" warnings;
*) winbox - show "/interface wireless cap print" warnings;
*) winbox - show "/system health" only on boards that have health monitoring;
*) winbox - show "D" flag under "/interface mesh port" menu;
*) wireless - added "etsi1" and "russia3" regulatory domain information;
*) wireless - fixed compatibility with "AR5212" wireless chips;
*) wireless - improved WPA2 key exchange reliability;
*) wireless - updated "china", "norway" and "new-zealand" regulatory domain information;

Download the new 'RouterOS 6.39.3' version here: https://www.mikrotik.com/download

]]>
Long-termMon, 16 Oct 2017 08:57:36 +0300078b76e97c20c8d05b90653b93282119
RouterOS 6.38.7 [Long-term]https://www.mikrotik.com/download/changelogs/long-term

6.38.7 changelog:

!) bridge - fixed BPDU rx/tx when “protocol-mode=none”;
!) bridge - reverted bridge BPDU processing back to pre-v6.38 behaviour (v6.40 will have another separate VLAN-aware bridge implementation);
*) 6to4 - fixed wrong IPv6 "link-local" address generation;
*) arp - fixed "make-static";
*) bonding - do not add bonding interface if "could not set MTU" error is received;
*) console - fixed "/ip neighbor discovery" export;
*) console - fixed unexpected console crash when using variables as functions;
*) console - instead of true/false report yes/no as LCD enabled state;
*) defconf - discard default configuration startup query with configuration change from Webfig;
*) defconf - discard default configuration startup query with RouterOS upgrade;
*) defconf - fixed default configuration generation when wireless package is disabled;
*) defconf - fixed Groove 52 ac band settings;
*) dns - made loading thousands of static entries faster;
*) ethernet - fixed "loop-protect" on "master-port";
*) ethernet - fixed rare switch chip hang (could cause port flapping);
*) fetch - fixed download issue over HTTPS;
*) firewall - do not allow to set "rate" value to 0 for "limit" parameter;
*) firewall - fixed "address-list" entry "creation-time" adjustment to timezone;
*) firewall - fixed "address-list" entry changing from IP to DNS and vice versa;
*) firewall - fixed cosmetic "invalid" flag when item was disabled;
*) ike1 - fixed crash on xauth message;
*) ike2 - allow multiple child SA traffic selectors on re-key;
*) ike2 - fixed last EAP authentication payload type;
*) ike2 - fixed policy release during SA negotiation;
*) ike2 - fixed RSA authentication without EAP;
*) ike2 - fixed situation when traffic selector prefix was parsed incorrectly;
*) ipsec - do not deduct policy src/dst address for tunnel policies;
*) ipsec - fixed generated policy priority;
*) ipsec - fixed peer "my-id" address reset;
*) ipv6 - fixed address becoming invalid when interface was removed from bridge/mesh;
*) led - fixed turning off LED when interface is lost;
*) log - added missing "license limit exceeded" log entry;
*) log - work on false CPU/RAM overclocked alarms;
*) netinstall - fixed typos in Netinstall status messages;
*) ntp - restart NTP client when it is stuck in error state;
*) ppp - fixed IPv6 address receiving on PPP interface;
*) pppoe - added warning on PPPoE client/server, if it is configured on slave interface;
*) pppoe-server - fixed "one-session-per-host" issue where 2 simultaneous sessions were possible from the same host;
*) queue - fixed queuing when at least one child queue has "default-small" and other/s is/are different (introduced in 6.35);
*) quickset - fixed LTE "signal-strength" graphs;
*) smb - fixed share path on devices with "/flash" directory;
*) sniffer - fixed VLAN tags when sniffing all interfaces;
*) snmp - added fan-speed OIDs in "/system health print oid";
*) snmp - fixed limited walk;
*) switch - fixed disabling of MAC learning on CRS1xx/CRS2xx;
*) tile - fixed EoIP keepalive when tunnel is made over VLAN interface;
*) traffic-flow - fixed IPFIX IPv6 data reporting;
*) upnp - fixed firewall NAT rule update when external IP address changes;
*) userman - allow "name-for-user" to be empty and not unique;
*) userman - fixed rare GUI crash when User Manager files are not accessible;
*) webfig - allow to enter frequency ranges in wireless “scan-list”;
*) webfig - allow to select "default-encryption" profile on PPP tunnels;
*) webfig - correctly specify routing filter prefix;
*) webfig - do not allow to reorder items if table is sorted by some column;
*) webfig - fixed "last-link-up" & "last-link-down" time information;
*) webfig - fixed Bridge Filter properties display when there are more than one Filter available;
*) webfig - show all available options under "Advanced Mode" for wireless interfaces;
*) winbox - added "Flush" button under “unicast-fdb” menu;
*) winbox - added "memory-scroll", "filter-cpu", "filter-ipv6-address", "filter-operation-between-entries" Sniffer parameters;
*) winbox - added “protected-routerboard” parameters under RouterBOARD settings menu;
*) winbox - allow shorten bytes to k,M,G in firewall "connection-bytes" and "connection-rates";
*) winbox - do not allow Packet Sniffer "memory-limit" and "file-limit" lower than 10KiB;
*) winbox - do not allow to open multiple same sub-menus at the same time;
*) winbox - do not show "dpd-max-failures" on IKEv2;
*) winbox - do not start Traffic Generator automatically when opening "Quick Start";
*) winbox - fixed "Montly" typo to "Monthly" in Graphing menu;
*) winbox - fixed firewall port selection with Winbox v2;
*) winbox - fixed IPSec "mode-config" DNS settings;
*) winbox - fixed issue when working IPSec policies were shown as invalid;
*) winbox - fixed switch ACL Policer statistics;
*) winbox - fixed typo in BGP advertisements menu Aggragator->Aggregator;
*) winbox - hide "wps-mode" & "security-profile" in wireless nv2 mode;
*) winbox - properly show "dhcp-server" warnings;
*) winbox - removed spare values from "loop-protect" setting for EoIPv6 tunnels;
*) winbox - removed unnecessary "/system health" menu on "hAP ac lite" and “RB450”;
*) winbox - show "A" flag for IPSec policies;
*) wireless - reduced load on CPU for high speed wireless links;

Download the new 'RouterOS 6.38.7' version here: https://www.mikrotik.com/download

]]>
Long-termWed, 21 Jun 2017 11:00:11 +030097e0a9220c3d917f6c62afe8f0e7a182
RouterOS 6.37.5 [Long-term]https://www.mikrotik.com/download/changelogs/long-term

6.37.5 changelog:

!) www - fixed http server vulnerability;
*) chr - fixed problem when transmit speed was reduced by interface queues;
*) dhcp - do not listen on IPv4/IPv6 client to IPv6 MLD packets;
*) dude - (changes discussed here: https://wiki.mikrotik.com/wiki/Manual:The_Dude_v6/dude_v6.xx_changelog);
*) export - do not show "read-only" IRQ entries;
*) filesystem - implemented procedures to verify and restore internal file structure integrity upon upgrading;
*) firewall - do not allow to set "time" parameter to 0s for "limit" option;
*) firewall - fixed import of exported configuration that had updated "limit" setting;
*) graphing - fixed graphing crash when high amount of traffic is processed;
*) hotspot - fixed rare kernel crash on multicore systems;
*) hotspot - fixed redirect to URL where escape characters are used (requires newly generated HTML files);
*) hotspot - show Host table commentaries also in Active tab and vice versa;
*) interface - do not treat multiple zeros as single zero on name comparison;
*) irq - properly detect all IRQ entries;
*) l2tp-client - fixed IPSec policy generation after reboot;
*) lcd - show fan2 speed only if it is available;
*) leds - fixed defaults for RBSXT5HacD2nr2;
*) mmips - improved general stability;
*) rb3011 - fixed noise from buzzer after silent boot;
*) switch - fixed crash when trying to configure second master port on the same chipset (RB3011, RB2011, CCR1009-8G-1S+);
*) userman - allow access to User Manager users page only through "/user" URL;
*) userman - show warning when no users are selected for CSV file generation;
*) winbox - added "add-relay-info" and "relay-info-remote-id" to DHCP relay;
*) winbox - added H flag to "/ip arp" ;
*) winbox - added missing "use-fan2" and "active-fan2" to "/system health";
*) winbox - allow shorten bytes to k,M,G in bridge firewall just like in “/ip firewall”;
*) winbox - do not hide "power-cycle-after" option;
*) winbox - do not hide 00:00:00:00:00:00 MAC address in unpublished ARPs;
*) winbox - fixed matching "connection-state=untracked" connections;
*) winbox - fixed typo in “/system resources pci” list;
*) winbox - hide advertise tab in Hotspot user profile configuration if "transparent-proxy" is not enabled;
*) winbox - make "power-cycle-after" show correct value;
*) winbox - make "power-cycle-interval" not to depend on "power-cycle-ping-enabled" in PoE settings;
*) winbox - properly show BGP communities in routing filters table filter;
*) wireless - fixed scan tool stuck in background;
*) wireless - improved compatibility with Intel 2200BG wireless card;
*) wireless - update Thailand country frequency settings;

Download the new 'RouterOS 6.37.5' version here: https://www.mikrotik.com/download

]]>
Long-termThu, 09 Mar 2017 16:23:14 +020040242da3a9dc053461cce809b487336d
RouterOS 6.37.4 [Long-term]https://www.mikrotik.com/download/changelogs/long-term

6.37.4 changelog:

*) bonding - fixed "tx-drop" on VLAN over bonding on x86;
*) certificates - added year cap (invalid-after date will not exceed year 2039);
*) certificates - fixed crash when crl is removed while it is being fetched;
*) certificates - fixed fail on import from CAPs when both key and name already exist;
*) crs - added comment ability in more switch menus;
*) dhcpv6-client - fixed DHCPv6 rebind on startup;
*) dhcpv6-server - fixed server removal crash if static binding was present;
*) dns - fixed typo in regexp error message;
*) dude - (changes here: http://wiki.mikrotik.com/wiki/Manual:The_Dude_v6/dude_v6.xx_changelog);
*) export - updated default values to clean up export compact;
*) fan - improved RPM monitor on CCR1009;
*) firewall - do not defragment packets which are marked with "notrack" in raw firewall;
*) firewall - fixed "time" option by recognizing weekday properly (introduced in v6.37.2);
*) firewall - fixed dynamic raw rule behaviour;
*) firewall - fixed rule activation if "time" option is used and no other active rules are present;
*) firewall - nat action "netmap" now requires to-addresses to be specified;
*) health - report fan speed for RB800 and RB1100 when 3-pin fan is being used;
*) hotspot - fixed nat rule port setting in "hs-unauth-to" chain by changing it from "dst-port" to "src-port" on Walled Garden ip "return" rules;
*) ipsec - fixed kernel failure on tile with sha256 when hardware encryption is not being used;
*) ipv6 - added warning about having interface MTU less than minimal IPv6 packet fragment (1280);
*) ipv6 - moved empty IPv6 pool error message to error topic;
*) led - fixed dark mode for cAP 2nD (http://wiki.mikrotik.com/wiki/Manual:System/LEDS#Leds_Setting);
*) license - fixed demo license expiration after installation on x86;
*) log - improved firewall log messages when NAT has changed only connection ports;
*) lte - increased delay when setting sms send mode;
*) metarouter - fixed startup process (introduced in 6.37.2);
*) ppp - fixed packet size calculation when MRRU is set (was 2 bytes bigger than MTU allows);
*) ppp - significantly improved shutdown speed on servers with many active tunnels;
*) ppp - significantly improved tunnel termination process on servers with many active tunnels;
*) profile - added "bfd" and "remote-access" processes;
*) profile - added ability to monitor cpu usage per core;
*) profile - make profile work on mmips devices;
*) profile - properly classify "wireless" processes;
*) proxy - fixed "max-cache-object-size" export;
*) proxy - speed-up almost empty disk cache clean-up;
*) queue - fixed "time" option by recognizing weekday properly (introduced in v6.37.2);
*) quickset - various small changes;
*) rb750Gr3 - fixed ipsec with 3des+md5 to work on this board;
*) rb751u - fixed ethernet LEDs;
*) snmp - always report bonding speed as speed from first bonding slave;
*) snmp - fixed rare crash when incorrectly formatted packet was received;
*) ssh - fixed high memory consumption when transferring file over ssh tunnel;
*) switch - fix BPDU dynamic Host table entry on Atheros Gigabit switch chips;
*) time - updated time zones;
*) traceroute - fixed memory leak;
*) trafficgen - fixed compact export when "header-stack" includes tcp;
*) vlan - allow to add multiple VLANs which name starts with same number and has same length;
*) vrrp - do not show unrelated log warning messages about version mismatch;
*) watchdog - do not send supout file if "auto-send-supout" is disabled;
*) webfig - added extra protection against XSS exploits;
*) webfig - show properly interface last-link-up/down times;
*) webfig - show properly large BGP AS numbers;
*) winbox - added "Complete" flag to arp table;
*) winbox - added "make-static" to IPv6 DHCP server bindings;
*) winbox - added "prefix-pool" to DHCPv6 server binding;
*) winbox - added upstream flag to IGMP proxy interfaces;
*) winbox - allow to enable/disable traffic flow targets;
*) winbox - allow to specify "connection-bytes" & "connection-rate" for any protocol in “/ip firewall” rules;
*) winbox - allow to specify "sip-timeout" under ip firewall service-ports;
*) winbox - do not allow to set "loop-protect-send-interval" to 0s;
*) winbox - do not create empty rates.vht-basic/supported-mcs if not specified in CAPsMAN;
*) winbox - fixed crash when legacy Winbox version was used;
*) winbox - fixed default values for interface "loop-protect-disable-time" and "loop-protect-send-interval";
*) winbox - fixed missing "IPv6/Settings" menu;
*) winbox - fixed typo in "propagate-ttl" setting;
*) winbox - properly show VHT basic and supported rates in CAPsMAN;
*) winbox - show all related HT tab settings in 2GHz-g/n mode;
*) winbox - show dynamic IPv6 pools properly;
*) winbox - show errors on IPv6 addresses;
*) winbox - show proper ipv6 connection timeout;
*) winbox - specify metric for “/ip dns cache-used” setting;
*) wireless - fixed full "spectral-history" header print on AP modes;
*) wireless - fixed upgrade from older wireless packages when AP interface had empty SSID;
*) wireless - show comment on "security-profile" if it is set;

Download the new 'RouterOS 6.37.4' version here: https://www.mikrotik.com/download

]]>
Long-termTue, 17 Jan 2017 11:33:51 +0200ac14ca41bbd8ebf34fc2daeeddeba238
RouterOS 6.36.4 [Long-term]https://www.mikrotik.com/download/changelogs/long-term

6.36.4 changelog:

!) ssl - fixed peer address/dns verification from certificate (affects sstp, fetch, capsman);
*) console - hotspot setup show wrong certificate name;
*) ethernet - added support for LAN9514 ethernet dongle;
*) ethernet - allow to force mtu value when actual-mtu is already the same;
*) firewall - fixed dynamic dummy firewall rules appearance in raw tables;
*) firewall - fixed time based rules on time/timezone changes (again);
*) hotspot - fixed nat rule dst-port by making it visible again;
*) ipsec - changed logging topic from error to debug for ph2 transform mismatch messages;
*) ipsec - fixed dynamic policy not deleted on disconnect for nat-t peers;
*) ipv6 - improved system responsiveness when ipv6 routes are frequently modified;
*) led - fixed default led settings for wAP2nDr2;
*) lte - added dlink dwm-157 D, dwm-222, Pantech UML295, Vodafone K4201-Z, ZTE MF823/MF831 support;
*) lte - added rndis for ZTE MF8xx;
*) lte - added ZTE K5008-Z back;
*) lte - fixed setting correct lte band for sxt lte;
*) mpls - fixed memory leak;
*) pppoe - fixed disconnects by idle timeout when fastpath is used;
*) rb3011 - fixed rare occasions when router would hang while loading kernel;
*) sstp - allow to specify proxy by dns name;
*) tile - do not reboot device after watchdog disable/enable;
*) traffic-flow - fixed dst-port reporting if connection is not maintained by connection tracking;
*) userman - always re-fetch table data when switching between different menus;
*) userman - fixed memory leak on user limitation calculations;
*) userman - fixed timezone adjustment in reports;
*) webfig - fixed certificate signing;
*) webfig - fixed channel selection in check-for-update menu in Firefox;
*) winbox - added auto refresh for BFD neighbors;
*) winbox - adjust on-event field dynamically depending on window size;
*) winbox - adjusted allowed values for http-proxy field;
*) winbox - allow to unset http-proxy field for sstp client;
*) winbox - fixed typo in dhcpv6 relay (DCHP to DHCP);
*) winbox - removed health menu from devices that do not support it;
*) winbox - removed unset button for L2MTU field;
*) wireless - show DFS flag in country-info command output;

Download the new 'RouterOS 6.36.4' version here: https://www.mikrotik.com/download

]]>
Long-termFri, 28 Oct 2016 14:44:29 +030060cf378dc2dd7c1483f112dee6d5c827