RouterOS Changelog

What's new in RouterOS 7.15 Beta 9

Apr 2, 2024

bgp - added initial vpnv6 support;
bridge - added MVRP support;
console - added "sanitize-names" property under "/console/settings" menu (option for replacing reserved characters with underscores for files, disabled by default);
console - added multi-line print in "/file" menu;
console - remove unnecessary serial ports for Alpine CPUs;
defconf - fixed 5ghz-ax channel width for L11, L22 devices;
dhcpv4-relay - added VRF support (CLI only);
eap - improved eap-peap, eap-mschap2 client authentication (dot1x/wireless/ipsec);
health - fixed missing "cpu-temperature" on IPQ-60xx devices (introduced in v7.15beta8);
ipv6 - properly initialize default ND "interface=all" entry;
media - added support for DLNA;
ppp - added "enable-ipv6-accounting" option under PPP AAA menu (CLI only);
ppp - fixed "Framed-IPv6-Pool" usage when received from RADIUS;
ppp - fixed reporting of frame error rate (introduced in v7.15beta8);
qos-hw - added "profile" and "map" support for CPU port;
qos-hw - added per-queue traffic shapers (CLI only);
sfp - added "100M-baseFX" link mode support for compatible devices;
sms - removed SMS for SMIPS;
system - general work on optimizing the size of RouterOS packages;
system - show "cpu-frequency" for Alpine CPUs;
vlan - added MVRP (applicant) configuration option;
wifi - added "reselect-interval" support;
wifi - rename "available-channels" parameter to "channel-priorities" and include desirability rating for each channel;
wifi - report current CAPsMAN address and identity on CAP;
wifi-qcom - added configuration.distance setting to enable operation over multi-kilometer distances (CLI only);
wifi-qcom - updated driver;
winbox - added key type and key length column for user SSH keys;
winbox - added passphrase option for SSH host key export;
winbox - added passphrase option for SSH host key import;
winbox - allow specifying size and rtmpfs size with M, G units under "System/Disks" menu;
winbox - do not show "Host Key Size" when using ed25519 key under "IP/SSH" menu;
winbox - renamed "Channel" column to "Current Channel" under "Wifi" menu;
winbox - show inherited properties for wifi interfaces;
winbox - updated icons for certain menus;
wireguard - added option to mark peer as responder only;
wireguard - fixed performance issues showing QR code;

New in RouterOS 7.14.2 Stable (Mar 27, 2024)

New in RouterOS 7.15 Beta 8 (Mar 21, 2024)

Bridge - added MVRP support;
Bridge - improved protocol-mode STP, RSTP and MSTP stability;
Bridge - reworked dynamic VLAN creation;
Certificate - added support for different ACME servers for ssl-certificate (CLI only);
Console - fixed DHCP server "authoritative=no" configuration export;
Console - improved stability;
Container - do not allow negative number for "ram-high" setting;
Defconf - do not override default DHCP server lease time;
Disk - improved system stability when adding partition with no parent;
Eap - improved eap-peap, eap-mschap2 client authentication (dot1x/wireless/ipsec);
Ethernet - fixed interface disable for CRS326-4C+20G+2Q;
Ethernet - improved port speed downshift functionality for CRS326-4C+20G+2Q;
Fetch - changed topic "info" to "error" for permission denied logs;
Fetch - fixed slow throughput due to "raw" logging which occurred even when not listening to the topic (introduced in v7.13);
File - fixed moving files to/from external storage (introduced in v7.15beta4);
Health - added "cpu-temperature" for IPQ50xx devices;
Health - fixed fan behavior for CRS310-1G-5S-4S+ (introduced in v7.14);
Health - fixed rogue voltage on CRS510-8XS-2XQ-IN;
Leds - fixed LEDs for L22 device;
Lte - fixed firmware upgrade not found issue for Chateau LTE12 (introduced in v7.15beta4);
Media - added support for DLNA;
Metarouter - removed support;
Netinstall - improved stability;
Ovpn - fixed import ovpn config when remote port is missing;
Package - reduced "wireless" package size for ARM, ARM64 devices;
Package - reduced package size for SMIPS;
Ppp - added "enable-ipv6-accounting" option under PPP AAA menu (CLI only);
Ppp - added addition support to monitor modem registration state, RSRP, RSRQ, SINR, PCI, CellID for BG77 modem;
Qos-hw - fixed port "print stats/usage" when using "from" property;
Quickset - only show LTE mode for devices without other wireless interfaces;
Route - rework of route attributes;
Route-filter - allow setting different AFI gateways;
Sfp - fixed "sfp-tx-fault" state indication for CRS510;
Sfp - improved auto-negotiation linking for some MikroTik cables and modules;
Sfp - improved system stability with some GPON modules for CCR2004 and CCR2116 devices;
Sms - added workaround for modems which do not notify regarding new SMS arrival (missing URC);
Socks - attempt to parse domain name as IP before resolving;
Ssh - require "policy" user policy when adding public key;
System - fixed upgrade for CCR2004-1G-12S+2XS (introduced in v7.15beta6);
System - updated office address in RouterOS license;
System - updated online manual links from "wiki" to the help documentation;
Timezone - updated timezone information from "tzdata2024a" release;
Traffic-flow - improved system stability;
Webfig - allow pasting with ctrl+v into terminal;
Webfig - fixed column preferences for ordered tables;
Wifi - changed interface default to "disabled=yes";
Wifi - improve regulatory compliance for L11, L22 devices;
Wifi - improved stability of DFS check in the 5GHz-A band;
Wifi - improved system stability when provisioning CAPs in certain cases;
Wifi - show inherited properties with "print" command (replaces "actual-configuration") and added "print config" for showing only configured values;
Winbox - fixed the issue where the skin file fails to appear in the user group menu after creation;
Winbox - updated icons for WireGuard and ZeroTier menus;
Wireguard - added option to mark peer as responder only (CLI only);
Wireless - perform shorter channel availability check for 5600-5650MHz if regulatory domain permits it;
X86 - improved stability for RTL8125 driver;
x86/chr - improved panic saving (increased minimal RAM requirements to 256MB);

New in RouterOS 7.14.1 Stable (Mar 11, 2024)

New in RouterOS 7.15 Beta 4 (Mar 4, 2024)

system - added support for AMPERE (R) hardware (new ARM64 ISO file, new ARM64 extra-nics.npk package);
bgp - fixed prefix count when BGP sessions run with multiple AFIs;
bgp-vpn - use VRF interface as gateway for leaked connected routes;
branding - added option to hide default configuration prompt;
branding - added option to hide or replace default caps-mode-script;
bridge - added MVRP support (CLI only);
bridge - rename monitor property "path-cost" to "actual-path-cost";
certificate - added trusted parameter for certificate import;
chr - allow to "generate-new-id" only while CHR is running on level "free" license;
console - added "proplist" parameter to interactive commands;
console - added "type" parameter to ":resolve" command;
console - added "use-script-permissions" option when running scripts from CLI;
console - added hotkey "F8" to print entire multiline input;
console - added log for script execution failures;
console - added option to get "about" value (dynamically created text field by RouterOS services like CAPsMAN);
console - added option to read and change file line endings in full-screen editor;
console - added warning log for modified filenames due to reserved characters;
console - do not convert string to array in ":deserialize" command;
console - fixed ":onerror" behavior when "do" block is missing;
console - fixed "export where" functionality in certain menus;
console - fixed console prompt when entering hot lock mode with "F7";
console - fixed do/while implementation not working with variables (introduced in v7.14);
console - fixed filtering by "dhcp" flag in "/ip/arp" menu;
console - fixed multiple typos in help;
console - optimized configuration export to prevent startup of processes without any configuration;
console - replace reserved characters to backup and certificate export file names with underscores;
console - show system note before serial login if enabled;
console - use user permissions when running scripts from WinBox and WebFig;
discovery - added LLDP MAC/PHY Configuration/Status TLV support;
discovery - added LLDP Maximum Frame Size TLV support;
discovery - added LLDP Port Description TLV support;
discovery - advertise only physical interface name for LLDP PortID TLV;
discovery - always send LLDP MED Power TLV if MED was received;
discovery - fixed high CPU utilization when "tx-only" mode is set;
discovery - optimized LLDP information update;
disk - added option to auto configure media sharing;
disk - added support for formatting exfat file-system;
disk - improved support for formatting ext4 file-system;
dns - added support for "adlist";
dns - added VRF support (CLI only);
dns - improved system stability when caching entries;
ethernet - fixed management port disable/enable on CCR2004-1G-12S+2XS, CCR2004-1G-2XS-PCIe, CCR2216, CCR2116 devices;
file - allow adding and renaming files and directories;
health - added log for fan state changes on CRS3xx, CRS5xx, CCR2xxx, CCR1016r2, CCR1036r2 devices;
install - cdrom and hdd install images contain additional packages that can be interactively selected;
lte - apply the same configuration for Microsoft branded EM12-G modem (Surface Mobile Broadband) as for Quectel EM12-G;
lte - fixed R11e-LTE-US modem dial-up;
media - added support for DLNA;
modem - send APN authentication for BG77 modem also if ppp-client interface created manually;
poe-out - added LLDP power management support for devices with single PoE-out port;
poe-out - fixed powering devices if input voltage is lower than 12V for hEX PoE (introduced in v7.9);
poe-out - moved "PoE LLDP" property from "/interface/ethernet/poe" to "/ip/neighbor/discovery-settings" and enable it by default;
ppp - added "Mikrotik-IPV6-Stats-Prefix" option for RADIUS "Delegated-IPv6-Prefix" account by using statistics from dynamic queues;
ppp - added log when disconnecting a client due to "WISPr-Session-Terminate-Time" RADIUS attribute;
ppp - fixed "on-down" script running even when tunnel was not up;
profiler - added "neighbor-discovery" task;
qos-hw - added congestion avoidance support for 98DX8xxx, 98DX4xxx, 98DX325x switch chips (CLI only);
qos-hw - added ECN marking support for compatible switches;
qos-hw - added support for QoS profile assignment via ACL rules;
qos-hw - added WRED support for compatible switches;
radius - added "require-message-auth" option that requires "Message-Authenticator" in received Access-Accept/Challenge/Reject messages;
radius - include "Message-Authenticator" in any RADIUS communication messages besides accounting for all services;
route - do not allow routes with empty "dst-address";
route - fixed bgp-vpn prefix import with the same route distinguisher (RD);
route - improved system stability;
route - show route-distinguisher (RD) in route print;
route-filter - fixed ext community list matcher;
sfp - added "100M-baseFX" link mode support for compatible devices;
sfp - added "sfp-ignore-rx-los" setting;
sfp - fixed link establishment with 100Mbps optical modules (requires "/interface ethernet reset" or adding "100M-baseFX" modes for advertise or speed properties);
sfp - fixed missing Tx traffic at 10Gbps rate on CCR2004-16G-2S+ in rare cases;
sfp - ignore SFP RX LOS signal for modules with bad EEPROM;
sfp - improved "sfp-tx-power" value monitoring in certain cases;
sms - added option to select SMS storage;
sms - added SMS PDU to SMS inbox "print detail";
sms - improved SMS handling;
sms - use "gsm" logging topic for serial modem SMS logs;
ssh - added passphrase option for host key export;
ssh - added support for user Ed25519 private keys;
ssh - export host Ed25519 public key;
ssh - fixed permissions to run ".auto.rsc" scripts;
ssh - removed RSA flag for user SSH keys;
ssh - show key type and key length for user SSH keys;
sstp - disconnect clients when server is disabled;
switch - added support for multiple ingress and egress port mirroring on 98DXxxxx switches;
switch - added support for RSPAN mirroring on 98DXxxxx switches;
switch - fixed L3HW and QoS monitor during switch reset;
system - added resource values (Product name, File name and File version) for Windows executable files;
traffic-flow - detect IPv4 source address if not set;
userman - added "require-message-auth" option that requires "Message-Authenticator" in received Access-Request messages;
userman - include "Message-Authenticator" in any RADIUS communication messages besides accounting for all services;
vlan - ensure that VLAN MTU remains unchanged when adjustments are made to the parent interface MTU, only modifications to the L2MTU might impact VLAN MTU;
vlan - fixed MTU reset on bridge after reboot;
wifi - do not report disabled state for CAPsMAN managed interface;
wifi - fixed configuration export for "disabled" property;
wifi - improve channel selection after radar detection events;
wifi - rename "available-channels" parameter to "channel-priorities" and include desirability rating for each channel;
wifi - report current CAPsMAN address and identity on CAP;
winbox - added "Download" and "Flush" buttons under "System/Certificates/CRL" menu;
winbox - added "Flat Snoop" button under "WiFi" menu;
winbox - added "Request logout" button under "System/Users/Active Users" menu;
winbox - added "Trusted" checkbox under "System/Certificates/Import" menu;
winbox - added invalid flag under "IP/DHCP Relay" menu;
winbox - added missing SFP monitoring properties under "Interface/SFP" menu;
winbox - allow to specify "M" or "G" postfix for download, upload or total limits under "User Manager/Limitations" menu;
winbox - show "Valid Servers" and "Unknown Servers" column by default under "IP/DHCP Server/Alerts" menu;
winbox - show SIM settings for SXTR device under "Interfaces/LTE/Modem" menu;
wireguard - added peer "tag" field and display it in logs;
wireguard - fixed "auto" argument usage for "private-key" and "preshared-key" settings;
x86 - fixed ixgbe Tx hang by disabling TSO;
x86 - ice driver update to v1.13.7;
x86 - ixgbe driver update to 5.19.9;

New in RouterOS 7.14 Stable (Feb 29, 2024)

rose-storage - moved SMB service to the RouterOS bundle;
smb - removed legacy SMB service (replaced with newer and faster ROSE SMB service, compatible with SMB 2.1, SMB 3.0 and SMB 3.1.1);
6to4 - make "ipsec-secret" sensitive parameter;
api - improved REST API stability when processing invalid requests;
api - properly return SNMP OIDs when requested;
arm - improved system stability when using microSD on RB1100Dx4;
arp - added ARP status;
bgp - allow to leak routes between local VRFs;
bridge - added MLAG support for MSTP bridges;
bridge - avoid per-VLAN host flushing on HW offloaded bridge;
bridge - fixed auto "path-cost" for bonding interfaces (introduced in v7.13);
bridge - fixed MLAG connection after peer-link flap (introduced in v7.13);
bridge - fixed packet forwarding after changing HW offloaded bridge interface settings in certain cases (introduced in v7.13);
bridge - improved bridge VLAN configuration validation;
bridge - improved configuration speed on large VLAN setups;
bridge - improved protocol-mode MSTP functionality;
bridge - improved protocol-mode STP and RSTP functionality;
bridge - make "point-to-point=yes" default value for non-wireless bridge ports;
bridge - removed "mst-config-digest" from MSTI menu;
bridge - try to set wireless bridge ports as edge ports automatically;
bth - added simple "Back To Home Users" manager under IP/Cloud menu;
calea - improved system stability when adding bridge rule without "calea" package installed;
certificate - improved certificate validation performance;
console - added ":tolf" and ":tocrlf" commands for converting line break to/from LF or CRLF;
console - added "show-at-cli-login" option to display a note before telnet login;
console - added missing "where" clause for "/ipv6/firewall/filter" table print command;
console - do not accept negative or too large values for ":delay" command;
console - do not allow to use out-of-range values for time type fields;
console - fix configuration export when user does not have a "sniff" policy;
console - fixed delayed output from ":grep" command in certain cases;
console - fixed incorrect behavior of ":onerror" command in certain cases;
console - hint on reset command help that ".rsc file" is required for "run-after-reset" parameter;
console - improved editor functionality in full screen mode;
console - improved stability when using autocomplete with "export";
console - increased maximum file content length that can be managed through command line to 60 KB;
console - updated copyright notice;
container - improved VETH interface management responsiveness and reliability;
container - restrict "/container/shell" menu for users without "write" permissions;
defconf - added log about configuration reset due to pressed reset button;
defconf - fixed Audience scanning-for-wps-ap timeout;
defconf - fixed configuration script on KNOT devices if "ppp-out" interface is removed;
defconf - fixed firewall rule for IPv6 UDP traceroute;
defconf - fixed wifi configuration if interface MAC address is changed;
defconf - improved wifi interface detection after upgrade;
defconf - increased LTE interface wait time;
defconf - updated health settings on configuration revert;
defconf - use "fq_codel" queue as default interface queue for wired ports on LTE devices;
dhcpv6-client - install dynamic IPv6 blackhole routes in corresponding routing-table;
dhcpv6-client - updated error logging when multiple prefixes received on renew;
disk - added exFAT and NTFS mount/read/write support;
disk - added global disk "settings" menu;
disk - fixed changing settings on some GPT formatted disks;
disk - properly unmount disk when it is disconnected;
dns - do not add new entries to cache if "cache-size" is reached;
dns - fixed domain name lookup resolving for internal services;
ethernet - fixed issue with default interface names for CRS310-8G+2S+ in rare cases;
ethernet - improved cable-test reliability for hAP ax3 PoE out port;
ethernet - resolved minor memory leak while processing packets;
fetch - added "head" option for "http-method";
fetch - added "patch" option for "http-method";
fetch - allow specifying link-local address in FTP mode;
fetch - allow to use certificate and check-certificate parameters only in HTTPS mode;
fetch - do not require "content-length" for HTTP (introduced in v7.13);
fetch - fixed DNS resolving when domain has only AAAA entries (introduced in v7.13);
fetch - fixed fetch execution when unexpected data is received in HTTP payload;
fetch - fixed fetch when using "src-path" with HTTP/HTTPS modes (introduced in v7.13);
fetch - fixed fetch when using "src-path" with SFTP mode (introduced in v7.13);
fetch - fixed incorrect "src-path" error message when "upload=yes";
fetch - fixed IPv4 address logging (introduced in v7.13);
fetch - improved fetch stability in SFTP mode;
fetch - improved file download stability with HTTP/HTTPS modes;
fetch - less verbose logging;
fetch - print all "Set-Cookies" headers in response;
fetch - treat any 2xx HTTP return code as success (introduced in v7.13);
filesystem - improved filesystem integrity for several RB3011 units with automatic firmware upgrade;
firewall - added "creation-time" parameter for IPv6 address list entries;
firewall - fixed underlying CAPsMAN tunnel reusing packet marks of encapsulated packets;
firewall - fixed underlying VXLAN/EoIP tunnel reusing packet marks of encapsulated packets;
firewall - increased default "udp-timeout" value from 10s to 30s;
health - added limited manual control over fans for CCR1016r2, CCR1036r2 devices;
health - changed default "fan-min-speed-percent" from 0% to 12%;
health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
health - show voltage when powering KNOT R through Micro-USB;
health - updated health properties for CCR1016r2, CCR1036r2 devices;
iot - added bluetooth whitelist wildcard asterisk support;
iot - added LoRa CUPs protocol support;
iot - fixed modbus partial frame reception issue;
iot - improved LoRa LNS;
iot - improved modbus Tx/Rx switching behaviour;
iot - improvements to GPIO behavior on boot;
iot - improvements to LoRa CUPS;
iot - removed bluetooth whitelist maximum entry limit of 8;
ipv6 - made "valid" and "lifetime" parameters dynamic for SLAAC IPv6 addresses;
isis - show passive interface active levels;
l3hw - fixed IPv6 host offloading in certain cases;
l3hw - fixed neighbor offloading after link flap;
l3hw - preserve offloading for VLANs when bridge ports are down;
leds - added "dark-mode" functionality for hAP ax3 and Chateau ax series devices;
leds - do not show LTE connection state/mode using RGB power LED from configless LTE modems;
leds - fixed "type=on" LED behaviour after reboot;
leds - fixed default LTE LED configuration for wAPR-2nD;
leds - fixed modem LED indication for SXT LTE 3-7;
leds - fixed wireless type of LED triggers for routers using WiFi package;
lte - added "at-chat" support for Sierra Wireless EM9293 5G modem;
lte - added AT channel support for Quectel EM120K-GL modem;
lte - added redial timer when the MBIM modem fails to register or does not receive APN activation notification;
lte - don't duplicate primary band in 5G SA mode for chateau 5G;
lte - fixed "use-peer-dns" setting for EC200A modem;
lte - fixed an issue for EC200A modem that IPv6 address could be added as IPv4 address;
lte - fixed APN authentication for FG621-EA modem;
lte - fixed MBIM interface enabling for Quectel EC25 modem (introduced in v7.13);
lte - fixed Simcom modem support in 0x9000; 0x9002, 0x9002; 0x901a and 0x901b USB compositions;
lte - fixed Simcom modem support in 0x9001 USB composition;
lte - fixed support for config-less modem detection (introduced in v7.13);
lte - fixed USB mode switch and initialization race condition for configless USB modems;
lte - improved FG621-EA modem firmware upgrade;
lte - improved modem recovery after failed IPv4 configuration;
lte - improved support for "ACER" and "MSFT" branded EM12-G modems;
lte - optimized "at-chat" response reading;
lte - refactored AT command control for AT modems;
modem - fixed SMS removal (introduced in v7.13);
modem - improved stability when performing modem FOTA upgrade;
mpls - fixed VPN fragmentation when forwarding IP traffic;
netinstall-cli - check package and device architecture before formatting;
ovpn - added support for pushing routes;
ovpn - improved "push-routes" option handling when large amount of routes is specified;
ovpn - improved key-renegotiation process;
ovpn - improved OVPN configuration file import process;
ovpn - improved system stability when using HW encryption on ARM64 devices (introduced in v7.13);
ovpn - limit the maximum length for "push-routes" up to 1400 characters;
package - added "size" property;
package - reduced "wireless" package size for ARM, ARM64, MIPSBE, MMIPS devices;
package - reduced package size for SMIPS;
poe-out - driver optimization for AF/AT controlled boards;
poe-out - fixed "power-cycle" for CRS354-48P-4S+2Q+ device (introduced in v7.13);
poe-out - improved 802.3at classification and measurement accuracy;
poe-out - improved cable test for hAP ac3 and hAP ax3 devices;
poe-out - improved PoE out reliability on routers with a single PoE out interface;
port - fixed support for USB/serial adapters (introduced in v7.13);
port - removed bogus serial port on RB750Gr3, RB760iGS and RBM11G devices;
ppp - added support for "WISPr-Session-Terminate-Time" RADIUS attribute;
ppp - log an error when IPv6 DHCP pool is exhausted;
ptp - added "aes67" and "smpte" profiles;
ptp - added configurable "domain" and "priority2" parameters;
ptp - added support for Management message forwarding in BC;
ptp - fixed "default" and "g8275.1" profiles go into "slave" instead of "uncalibrated" state;
ptp - fixed default values for "802.1as" profile;
ptp - fixed flags in Announce message;
ptp - fixed potential error in packet exchange;
ptp - make clock go into grandmaster state if slave port goes down;
qos-hw - fixed "tx-queue7-packet" counter;
route - fixed gateways of locally imported vpnv4 routes;
route - improved route print "count-only" process speed;
route - improved stability on route table lookup;
route-filter - added option to set "isis-ext-metric";
route-filter - fixed AS path matchers when input and output chains are used;
routerboard - added "reset-button" support for RBwAPR-2nD device;
sfp - added support for modules requiring single byte I2C read transactions;
sfp - fixed corrupted Tx traffic at 10Gbps rate on CCR2004-16G-2S+ in rare cases;
sfp - fixed corrupted Tx traffic at 10Gbps rate on RB4011 in rare cases;
sfp - improve high-power SFP module initialization;
sfp - improved combo-sfp handling for CRS328-4C-20S-4S+;
sfp - improved link establishment for RB4011 devices;
smb - added option to specify SMB service mode as "auto";
sms - fixed SMS inbox for FG621-EA modem (introduced in v7.13);
sms - fixed SMS sending from WinBox and WebFig (introduced in v7.13);
sms - improved system stability when working with SMS;
sms - increased SMS read timeout;
snmp - added "bgpLocalAs" and "bgpIdentifier" OID reporting;
snmp - fixed "bgpPeerFsmEstablishedTime" OID reporting;
snmp - hide "MikroTik" in LLDP MIB when branding with hide SNMP option is used;
snmp - updated timeout log;
ssh - improved SSH performance on ARM, MIPS, MMIPS, SMIPS and TILE devices;
ssh - refactored SSH service internal processes;
sstp - added support for "aes256-gcm-sha384" encryption;
sstp - improved system stability for PPC devices;
supout - added PTP section;
switch - fixed Ethernet disable/enable for CRS310-8G+2S+ devices;
switch - fixed reserved multicast receive on Atheros-8327, QCA8337 switches for R/STP bridge;
switch - improved 100G interface stability for 98DX4310 and 98DX8525 switches;
switch - minimise potential packet overflows on CRS354;
system - changed build time format according to ISO standard;
system - expose "lo" and "vrf" interfaces;
system - fixed "cpu-frequency" for CRS3xx ARM devices;
system - improved memory allocation for ARM64 devices;
system - improved RAM allocation for L009UiGS-RM;
system - improved system stability when processing packets in FastPath (introduced in v7.13);
system - properly assign destination port for HTTP/S connections initiated by the router (introduced in v7.13);
system - properly close HTTP/S connections initiated by the router;
system - provide more precise "total-memory" value for ARM devices;
system - provide more precise "total-memory" value under "System/Resources" menu for L009 and hAP ax lite routers;
tftp - improved invalid request processing;
timezone - updated timezone information from "tzdata2023d" release;
tr069 - don't duplicate cellular info in "X_MIKROTIK_5G" nodes when connected in NR SA mode;
tr069 - fixed bandwidth test;
tr069-client - show 5G signal info in X_MIKROTIK_5G nodes only for 5G NSA bands;
traffic-flow - use 64bit counters for v9 and IPFIX flows;
traffic-generator - improved system stability when receiving bogus traffic;
usb - show "Supermicro CDC" adapter as Ethernet interface;
vlan - fixed non-running VLAN interface after failed MTU change;
vrf - prevent VRF interface name collision with interface lists;
vxlan - fixed underlying tunnel reusing routing marks of encapsulated packets;
webfig - fixed routing table filter under "IP/Routes" menu;
webfig - fixed setting the user's password;
webfig - fixed showing WireGuard peers;
webfig - improved stability when adding new entries under "IP/Routes" menu;
wifi - added "station-pseudobridge" interface mode;
wifi - fixed issue with setting country profile (introduced in v7.13.1);
wifi - improved handling of CAP connections in dual CAPsMAN scenario;
wifi - increased value for SAE retransmit period to 3s to improve WPA3 compatibility with IoT client devices;
wifi - use "Latvia" as the default value for "country" property;
wifi - use correct CAP identity for interface name provisioning after it has been changed by remote-cap/set-identity;
wifi-qcom - enable display of regulatory information on L11,L22 devices;
wifi-qcom - fixed new connections, when maximum supported number of MAC addresses behind connected station-bridges is reached;
wifi-qcom - improve system stability for L11, L22 devices;
wifi-qcom - improved memory allocating process;
wifi-qcom - improved regulatory compliance for L11, L22 devices;
wifi-qcom - improved system stability when using FastPath (introduced in v7.13);
winbox - added "accept-protocol-version" parameter to the L2TP server settings;
winbox - added "mode-button" and "switch" menus for L41G-2axD&FG621-EA;
winbox - added "Name" parameter under "Tools/Netwatch" menu;
winbox - added "page-refresh" setting to the Graphing settings;
winbox - added "Port Cost Mode" setting under "Bridge" menu;
winbox - added "VRF" parameter under "Tools/Ping" menu;
winbox - added "x25519" argument for "DH Group" parameter under "IP/IPsec/Profiles" menu;
winbox - added missing "Protocol" arguments under "IPv6/Firewall" menu;
winbox - added missing monitoring properties under "WireGuard/Peers" menu;
winbox - added Preboot Etherboot settings to the System/RouterBOARD/Settings menu;
winbox - do not show USB settings for CRS devices that does not need it;
winbox - fixed "Bridge Cost" range under "Interfaces/VPLS" menu;
winbox - fixed "Password" button under "Quick Set" menu;
winbox - improved connection speed and reliability;
winbox - improved route table automatic refresh process for static routes;
winbox - improved status values under "System/PTP" menu;
winbox - improved system stability with large packets;
winbox - include "te-tunnel" parameter in VPLS interface monitor;
winbox - properly validate "passthrough-subnet-size" in the LTE APN settings;
winbox - remove "Root Bridge ID" property under "Bridge/MSTIs" menu;
winbox - removed "sfp all" option from combo port settings;
winbox - renamed "Wireless Table" menu to "Wifi";
winbox - show "routing-table" column under IP/Route menu by default;
winbox - show all columns under "Routing/PIM SM/Static RP" menu by default;
wireguard - do not allow to use multiple WireGuard interfaces on the same "listen-port";
wireguard - optimised and improved WireGuard service logging;
x86 - fixed VLAN tagged packet transmit for igb (introduced in v7.12);

New in RouterOS 7.14 RC 3 (Feb 27, 2024)

New in RouterOS 7.14 RC 2 (Feb 21, 2024)

New in RouterOS 7.13.5 Stable (Feb 19, 2024)

New in RouterOS 7. 7.14 RC 1 (Feb 12, 2024)

New in RouterOS 7.13.4 Stable (Feb 7, 2024)

New in RouterOS 7.14 Beta 10 (Feb 7, 2024)

New in RouterOS 6.49.13 Stable (Feb 6, 2024)

New in RouterOS 7.14 Beta 9 (Feb 2, 2024)

rose-storage - moved SMB service in the RouterOS bundle;
smb - removed legacy SMB service (replaced with newer and faster ROSE SMB service);
arp - added ARP status;
bridge - avoid per-VLAN host flushing on HW offloaded bridge;
bridge - fixed host flush on BPDU-guard port disable (introduced in v7.14beta3);
bridge - improved protocol-mode MSTP functionality;
bridge - removed "mst-config-digest" from MSTI menu;
bridge - removed MVRP support, the development will continue in v7.15 "beta";
certificate - improved certificate validation performance;
console - added "show-at-cli-login" option to display a note before telnet login;
console - fixed delayed output from ":grep" command in certain cases;
console - fixed incorrect behavior of ":onerror" command in certain cases;
defconf - added log about configuration reset due to pressed reset button;
defconf - fixed Audience scanning-for-wps-ap timeout;
defconf - increased LTE interface wait time;
defconf - updated health settings on configuration revert;
disk - added exFAT and NTFS mount/read/write support;
fetch - allow to use certificate and check-certificate parameters only in HTTPS mode;
fetch - fixed incorrect "src-path" error message when "upload=yes";
fetch - print all "Set-Cookies" headers in response;
health - added limited manual control over fans for CCR1016r2, CCR1036r2 devices;
health - changed default "fan-min-speed-percent" from 0% to 12%;
health - updated health properties for CCR1016r2, CCR1036r2 devices;
leds - added "dark-mode" functionality for hAP ax3 and Chateau ax series devices;
leds - fixed modem LED indication for SXT LTE 3-7;
lte - fixed APN authentication for FG621-EA modem;
lte - fixed Simcom modem support in 0x9000; 0x9002, 0x9002; 0x901a and 0x901b USB compositions;
lte - optimized "at-chat" response reading;
ovpn - improved system stability when using HW encryption on ARM64 devices (introduced in v7.13);
package - added "size" property;
package - reduced "wireless" package size for ARM, ARM64, MIPSBE, MMIPS devices;
poe-out - driver optimization for AF/AT controlled boards;
ptp - fixed "default" and "g8275.1" profiles go into "slave" instead of "uncalibrated" state;
ptp - fixed default values for "802.1as" profile;
ptp - fixed flags in Announce message;
ptp - fixed potential error in packet exchange;
ptp - make clock go into grandmaster state if slave port goes down;
sfp - fixed corrupted Tx traffic at 10Gbps rate on RB4011 in rare cases;
snmp - added "bgpLocalAs" and "bgpIdentifier" OID reporting;
snmp - fixed "bgpPeerFsmEstablishedTime" OID reporting;
sstp - added support for "aes256-gcm-sha384" encryption;
switch - fixed Atheros-8327 switch rules (introduced in v7.14beta3);
switch - fixed reserved multicast receive on Atheros-8327, QCA8337 switches for R/STP bridge;
system - correctly handle HTTP 1xx and 204 response status codes (introduced in v7.14beta6);
system - fixed "cpu-frequency" for CRS3xx ARM devices;
system - properly assign destination port for HTTP/S connections initiated by the router (introduced in v7.13);
webfig - fixed routing table filter under "IP/Routes" menu;
webfig - improved stability when adding new entries under "IP/Routes" menu;
wifi - added "station-pseudobridge" interface mode;
wifi-qcom - enable display of regulatory information on L11,L22 devices;
wifi-qcom - improve system stability for L11, L22 devices;
winbox - fixed status under "Bridge/Ports" menu (introduced in v7.14beta3);
winbox - improved status values under "System/PTP" menu;

New in RouterOS 7.13.3 Stable (Jan 25, 2024)

New in RouterOS 6.49.12 Stable (Jan 23, 2024)

New in RouterOS 7.14 Beta 7 (Jan 16, 2024)

New in RouterOS 7.13.2 Stable (Jan 15, 2024)

New in RouterOS 7.14 Beta 6 (Jan 11, 2024)

arp - added ARP status (CLI only);
calea - improved system stability when adding bridge rule without "calea" package installed;
console - updated copyright notice;
defconf - do not add loopback interface to the bridge ports (introduced in v7.14beta3);
defconf - fixed wifi configuration if interface MAC address is changed;
defconf - increased LTE interface wait time;
dhcpv6-client - install dynamic IPv6 blackhole routes in corresponding routing-table;
dns - fixed domain name lookup resolving for internal services;
fetch - fixed DNS resolving when domain has only AAAA entries (introduced in v7.13);
fetch - fixed timeout when content-length is 0 (introduced in v7.14beta4);
fetch - improved fetch stability in SFTP mode;
fetch - less verbose logging;
iot - improved LoRa LNS;
l3hw - fixed neighbor offloading after link flap;
l3hw - preserve offloading for VLANs when bridge ports are down;
leds - fixed default LTE LED configuration for wAPR-2nD;
lte - added AT channel support for Quectel EM120K-GL modem;
lte - don't duplicate primary band in 5G SA mode for chateau 5G;
lte - fixed "use-peer-dns" setting for EC200A modem;
lte - fixed an issue for EC200A modem that IPv6 address could be added as IPv4 address;
lte - fixed support for config-less modem detection (introduced in v7.13);
lte - improved modem recovery after failed IPv4 configuration;
mpls - fixed VPN fragmentation when forwarding IP traffic;
port - fixed support for USB/serial adapters (introduced in v7.13);
port - removed bogus serial port on RB750Gr3, RB760iGS and RBM11G devices;
ppp - added support for "WISPr-Session-Terminate-Time" RADIUS attribute;
qos-hw - fixed "tx-queue7-packet" counter;
routerboard - added "reset-button" support for RBwAPR-2nD device;
sfp - added support for modules requiring single byte I2C read transactions;
sfp - improved link establishment for RB4011 devices;
smips - improved system stability (introduced in v7.14beta4);
sms - improved system stability when working with SMS;
snmp - hide "MikroTik" in LLDP MIB when branding with hide SNMP option is used;
ssh - improved SSH performance on ARM, MIPS, MMIPS, SMIPS and TILE devices;
system - improved system stability when processing packets in FastPath (introduced in v7.13);
tftp - improved invalid request processing;
timezone - updated timezone information from "tzdata2023d" release;
tr069 - don't duplicate cellular info in "X_MIKROTIK_5G" nodes when connected in NR SA mode;
vlan - fixed non-running VLAN interface after failed MTU change;
vrf - prevent VRF interface name collision with interface lists;
vxlan - fixed underlying tunnel reusing routing marks of encapsulated packets;
wifi - fixed issue with setting country profile (introduced in v7.13.1);
wifi - increased value for SAE retransmit period to 3s to improve WPA3 compatibility with IoT client devices;
wifi - use "Latvia" as default value for "country" property;
winbox - added "Name" parameter under "Tools/Netwatch" menu;
winbox - added "Port Cost Mode" setting under "Bridge" menu;
winbox - added "VRF" parameter under "Tools/Ping" menu;
winbox - added "x25519" argument for "DH Group" parameter under "IP/IPsec/Profiles" menu;
winbox - added missing "Protocol" arguments under "IPv6/Firewall" menu;
winbox - added missing monitoring properties under "WireGuard/Peers" menu;
winbox - fixed "Bridge Cost" range under "Interfaces/VPLS" menu;
winbox - fixed "Password" button under "Quick Set" menu;
winbox - improved system stability with large packets;
winbox - remove "Root Bridge ID" property under "Bridge/MSTIs" menu;

New in RouterOS 7.13.1 Stable (Jan 8, 2024)

New in RouterOS 7.14 Beta 4 (Dec 30, 2023)

New in RouterOS 7.13 Stable (Dec 15, 2023)

Package - convert "wireless" and "wifi" packages automatically, if upgrading from v7.12;
Wifi - split existing "wifiwave2" package into separate packages "wifi-qcom", "wifi-qcom-ac", and include required utilities for WiFi management into bundle;
Wireless - separate "wireless" package from bundle and build as a standalone package;
Bridge - added automatic "path-cost" values depending on interface rate;
Bridge - added bridge interface property "port-cost-mode" with "short" and "long" arguments;
Bridge - fixed bogus VLAN entries from wifi when vlan-filtering is not enabled;
Bridge - improved HW offload enable;
Bridge - improved host flush when removing VLAN on HW offloaded bridge;
Bth - added "VPN Prefer Relay Code" option;
Bth - improved automatic firewall rule generation process;
Certificate - add support for multiple DNS names for Let's Encrypt;
Certificate - added HTTP redirect support for CRL download;
Certificate - added support for certificates with key size 16384;
Certificate - fixed CRL updating;
Certificate - fixed certificate auto renewal via SCEP when certificate contains "subject-alt-name";
Certificate - improved CRL signature verification and download error messages;
Certificate - improved initial certificate creation using SCEP;
Certificate - use error topic for CRL update failures;
Cloud - improved re-connect speed after network related connection errors;
Console - added ":grep" command;
Console - added ":onerror" command;
Console - added ":serialize" and ":deserialize" commands for converting values to/from JSON;
Console - added "interface" name when printing "interface/pppoe-server" entries;
Console - added "read" command under "file" menu;
Console - added "where" functionality for "export" command;
Console - added flags to "print" command with "value-list";
Console - added interface helper for "gateway" property under "ip/route" menu;
Console - added unset option for "ssid-regex" and "allow-signal-out-of-range" properties under "interface/wifi/access-list" menu;
Console - clear console history when resetting configuration;
Console - disallow setting existing "name" under "system/script" and "system/scheduler" menus;
Console - fixed "export" boolean arguments when saving output to file using API;
Console - fixed "interface/ethernet/switch/port-isolation" export;
Console - fixed "on-event" argument highlighting under "system/scheduler" menu;
Console - fixed graphic distortions in WinBox;
Console - fixed issue where API incorrectly asks for missing arguments;
Console - fixed printing to file using API;
Console - ignore negative values for ":delay" command;
Console - improved flag printing in certain menus;
Console - improved stability when running "tool/ping" from API;
Console - removed "route-cache" setting from "ip/settings" menu;
Console - replace reserved characters in file and script names with underscores;
Console - resolve "wifiwave2" directory to "wifi";
Console - show "l2vpn-link" address family under "routing/route" menu;
Console - use more compact login screen for empty branding;
Defconf - expire password when reverting configuration;
Defconf - fixed bogus wifi password on certain Audience devices;
Defconf - fixed configuration for Audience with "wifi-qcom-ac" package;
Defconf - fixed wireless band and channel-width selection (introduced in v7.12);
Defconf - hide default configuration for users without "sensitive" policy;
Defconf - improved wifi interface detection after upgrade;
Defconf - updated configuration with new "wifi" directory;
Defconf - use "WISP Bridge" default configuration mode for RBGrooveGA-52HPacn device;
Defconf - use "fan-min-speed-percent=25" for CRS354-48P-4S+2Q+ device;
Defconf - use device factory preset credentials when using CAPs mode;
Defconf - use one SSID and enable FT when using "wifi" packages;
Disk - fixed hang on reboot when network file systems mounted;
Ethernet - improved packet CPU core classifier for Alpine CPUs for non IPv4/IPv6 traffic;
Ethernet - improved system stability for L009 and hAP ax lite devices;
Fetch - added "http-auth-scheme" parameter, allows to select HTTP basic or digest authentication;
Fetch - added "http-content-encoding" setting;
Fetch - added raw logging;
Fetch - allow to receive HTTP response headers;
Fetch - require "ftp" user policy;
Firewall - added "nat-pmp" support;
Firewall - added new IPv6 filter arguments "icmp-err-src-routing-header" and "icmp-headers-too-long" for "reject-with" setting;
Firewall - do not mark all IPv6 GRE packets as invalid;
Firewall - fixed IPv6 address-list timeout;
Firewall - fixed altered address-list when upgrading from RouterOS v6;
Firewall - fixed connections being tracked when tracking is disabled;
Firewall - removed "prohibited" and "unreachable" IPv4 address-type arguments;
Ftp - improved upload and download speeds;
Health - dynamically add and remove invalid sensors (e.g. sfp-temperature);
Hotspot - fixed incorrect host moving to VLAN 0 when receiving packets through bridge;
Ike2 - fixed ike2 double reply;
Iot - fixed incorrect LoRa ACK packet handling during downlink messaging (introduced in v7.12);
Ipv6 - do not send out IPv6 RA deprecate message for re-used prefix;
Isis - added IS-IS protocol support (CLI only);
L3hw - fixed routing for IPsec encapsulated packets;
Leds - fixed LED indication in multi-APN setup for Chateau;
Leds - improved LED indication during modem registration state for Chateau;
Log - added "fetch" topic;
Lora - added CUPs protocol support;
Lora - fixed issue with lost LoRa configuration when rebooting the device;
Lte - added RNDIS support for neoway N75-EA modem;
Lte - added support for FOTA firmware upgrade from custom URL for R11eL-FG621-EA;
Lte - disabled IMS service for Chateau 5G on A1 HR network;
Lte - fixed rare cases where Chateau 5G in passthrough mode may stop forwarding packets;
Lte - improved SIM slot status change notification handling for MBIM modems;
Lte - replaced "passthrough-subnet-selection" with "passthrough-subnet-size" setting (CLI only);
Lte - show each CA band in a new line;
Mipsbe - improved system stability when removing USB devices;
Mmips - properly mount and unmount USB devices;
Modem - added option to read SMS using MBIM interface;
Mpls - added "te-tunnel" property for VPLS monitor (CLI only);
Mpls - fixed IPv6 RSVP-TE;
Mpls - improved logging;
Netinstall-cli - added more details to help messages;
Ospf - fixed LSA Type3 advertisement for OSPFv2;
Ospf - fixed missing OSPF interface on L2TP interface reconnect;
Ospf - fixed missing opaque bit in opaque LSA;
Ovpn - improved memory allocation during key-renegotiation;
Ovpn - removed "ping-timer-rem" option from client config file;
Package - added warning log about missing "wireless" or "wifi" package;
Pimsm - improved elected BSR change;
Poe-out - improved firmware upgrade stability for AF/AT controlled boards;
Ppc - fixed RouterOS bootup (introduced in v7.12);
Ppp - added remote-ipv6-prefix to IPv6 firewall address-list if "address-list" property is provided;
Ppp - allow at-chat and info commands in "waiting for packets" state for modems with shared data/info channel;
Ppp - improved IPv6 link-local address uniqueness;
Pppoe-server - fixed connection count limit per license level;
Profiler - improved "disk" and "supout.rif" classifiers;
Qos-hw - added initial congestion avoidance support for 98DX224S, 98DX226S, and 98DX3236 switch chips (CLI only);
Qsfp - added support for QSFP-to-SFP adapters;
Qsfp - fixed supported rates for breakout cables (introduced in v7.12);
Quickset - show DDNS name as VPN address for devices with new style serial number;
Route-filter - improved performance;
Sfp - added "1G-baseT" link mode for modules that supports "2.5G-baseT" mode;
Sfp - allow 2.5G rates only in forced link mode;
Sfp - fixed link establishment with S+DA0001 DAC cables;
Sfp - ignore irrelevant extended compliance code for SFP modules;
Sfp - improved SFP interface handling for 98DX224S, 98DX226S, 98DX3236, 98DX8208, and 98DX8216 switch chips;
Sfp - improved link establishment for SFP copper modules;
Sfp - improved link establishment with certain modules for hEX S device;
Sfp - show 10M and 100M supported rates for RJ45 copper modules;
Ssh - added cipher and hash function acceleration for ARM64 and x86 architectures;
Ssh - fix error that caused large chunks of text not being pasted in their entirety into console;
Supout - added VXLAN FDB section;
Supout - added multiple WiFi sections;
Switch - fixed service VLAN tagged IP multicast packets for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
System - added "rtrace" debugging tool (CLI only);
System - improved incoming and outgoing TCP connection performance;
System - improved internal process communication performance;
Traffic-generator - improved system stability when modifying interfaces;
Usb - added support for RTL8152 USB ethernet on ARM, ARM64 and x86;
Vpls - improved performance when decapsulating data;
Vrf - fixed ICMP reply lookup;
Webfig - allow to display comments in multiline or compact modes;
Webfig - make table headers always visible;
Webfig - use local storage for user preferences;
Wifi - added "flat-snoop" tool for surveying WiFi APs and stations (CLI only);
Wifi - added "radio-mac" variable for "name-format" provisioning setting;
Wifi - added "remove" command in "capsman/remote-cap" menu;
Wifi - after radar detections, avoid selection of channels not permitted by the user;
Wifi - changed CAPsMAN generated certificate common name;
Wifi - create first interface without number when using "name-format" provisioning setting;
Wifi - enable protected interworking ANQP responses;
Wifi - fixed EAP authentication failures when the Session-Timout RADIUS attribute is defined;
Wifi - fixed occasional failures to start on 20/40mhz-eC channels for 2.4GHz 802.11ax interfaces;
Wifi - fixed overridden datapath settings on CAP when unsetting from CAPsMAN;
Wifi - improved CAPsMAN stability during provisioning;
Wifi - make slave APs use datapath bridge settings inherited from master by default;
Wifi - removed "openflow-switch" setting;
Wifi-qcom - added fast-path for received packets;
Winbox - added "Hw. Offload" property under "IP/Firewall/Filter" menu;
Winbox - added "Ping" button under "IP/DHCP Server/Leases" menu;
Winbox - added "Tx bps" and "Rx bps" monitor values under "WiFi/Registration" menu;
Winbox - added "none" argument for "Preshared Key" under "WireGuard/Peers" menu;
Winbox - added icon to entries under "WiFi/Access List" menu;
Winbox - added missing "qos-classifier" argument for "Hw. Caps" under "WiFi/Radios" menu;
Winbox - added missing arguments for "MAC Format" under "Wireless/Security Profiles/RADIUS" menu;
Winbox - allow opening entries under "WiFi/Registration" menu;
Winbox - fixed default "Name Format" property under "WiFi/Provisioning" menu;
Winbox - fixed minor typo under "Routing/BFD" menu;
Winbox - improved connection speed;
Winbox - updated "wireless" and "wifi" menus;
Wireless - fixed "wlan1" default name for RBSXTsqG-5acD and RBLDFG-5acD;
Wireless - fixed snooper information gathering from re-assocation requests;
Wireless - keep configuration after manual package removal;

New in RouterOS 7.13 RC 4 (Dec 13, 2023)

New in RouterOS 7.13 RC 3 (Dec 7, 2023)

New in RouterOS 7.13 RC 2 (Dec 1, 2023)

Notice - Starting from RouterOS version 7.13, significant changes have been made to the RouterOS wireless packages. This is done due to a new product developemnt which will require more disk space for hardware drivers so we had to split it in order to maintain old products alongside the new ones. More wireless packages are yet to come.
1. When upgrading by using "check-for-updates", all versions earlier than 7.12 will display 7.12 as the latest available version. Upgrade from v7.12 to v7.13 or later versions must be done through 7.12 in order to convert wireless packages automatically. Fresh installation with Netinstall or manual package installation works in the same manner as always.
2. Drivers for older wireless and 60GHz interfaces, as well as the wireless management system CAPsMAN, are now part of a separate "wireless" package instead of being a part of the bundle package. This package can be uninstalled if not needed.
3. The existing "wifiwave2" package has been divided into distinct packages: "wifi-qcom" and "wifi-qcom-ac", and the necessary utilities for WiFi management are now included in the RouterOS bundle. RouterOS and "wifi-qcom-ac" packages alongside each other now fit into 16MB flash memory.
What's new in 7.13rc2 (2023-Nov-30 17:02):
Bth - improved automatic firewall rule generation process;
Certificate - added HTTP redirect support for CRL download;
Console - fixed user login through RADIUS (introduced in v7.13beta1);
Console - replace reserved characters in file and script names with underscores;
Defconf - use "fan-min-speed-percent=25" for CRS354-48P-4S+2Q+ device;
Ftp - improved upload and download speeds;
Ospf - fixed missing opaque bit in opaque LSA;
Ospf - fixed missing OSPF interface on L2TP interface reconnect;
Qos-hw - added initial congestion avoidance support for 98DX224S, 98DX226S, and 98DX3236 switch chips (CLI only);
Qsfp - added support for QSFP-to-SFP adapters;
Ssh-client - fixed bogus output in interactive mode (introduced in v7.13beta3);
System - improved incoming and outgoing TCP connection performance;
System - improved internal process communication performance;
Wifi - added "radio-mac" variable for "name-format" provisioning setting;
Wifi - create first interface without number when using "name-format" provisioning setting;
Wifi - fixed cap interface hangs with "busy" status (introduced in v7.13beta3);
Wifi - improved CAPsMAN stability during provisioning;
Winbox - improved connection speed;

New in RouterOS 7.13 Beta 3 (Nov 27, 2023)

bridge - added automatic "path-cost" values depending on interface rate;
bridge - fixed HW offload enable with multiple switches (introduced in v7.13beta1);
bridge - improved HW offload enable;
certificate - fixed CRL check (introduced in v7.13beta1);
certificate - fixed host certificate verification if host is IP address (introduced in v7.13beta1);
certificate - fixed manual URL addition for CRL (introduced in v7.13beta2);
certificate - improved CRL signature verification and download error messages;
certificate - use error topic for CRL update failures;
console - added "read" command under "file" menu;
console - added unset option for "ssid-regex" and "allow-signal-out-of-range" properties under "interface/wifi/access-list" menu;
console - fixed misaligned columns (introduced in v7.13beta1);
console - improved stability when removing script;
defconf - fixed bogus wifi password on certain Audience devices;
defconf - use "WISP Bridge" default configuration mode for RBGrooveGA-52HPacn device;
fetch - added "http-auth-scheme" parameter, allows to select HTTP basic or digest authentication;
fetch - added raw logging;
ospf - fixed LSA Type3 advertisement for OSPFv2;
qos-hw - added initial congestion avoidance support for 98DX224S, 98DX226S, and 98DX3236 switch chips (CLI only);
qsfp - fixed supported rates for breakout cables (introduced in v7.12);
sfp - added "1G-baseT" link mode for modules that supports "2.5G-baseT" mode;
sfp - allow 2.5G rates only in forced link mode;
sfp - fixed SFP and combo interface handling for CRS328-4C-20S-4S+ device (introduced in 7.13beta1);
sfp - ignore "rx-loss" in forced link mode;
sfp - ignore irrelevant extended compliance code for SFP modules;
sfp - show 10M and 100M supported rates for RJ45 copper modules;
ssh - added cipher and hash acceleration for ARM64 and x86;
supout - include missing wireless information (introduced in v7.13beta1);
wifi - enable protected interworking ANQP responses;
wifi-qcom - added fast-path for received packets;
winbox - fixed memory allocation (introduced in v7.13beta2);

New in RouterOS 7.12.1 Stable (Nov 21, 2023)

New in RouterOS 7.13 Beta 2 (Nov 15, 2023)

New in RouterOS 7.13 Beta (Nov 13, 2023)

Package - convert "wireless" and "wifi" packages automatically, if upgrading from v7.12;
Wifi - split existing "wifiwave2" package into separate packages "wifi-qcom", "wifi-qcom-ac", and include required utilities for WiFi management into bundle;
Wireless - separate "wireless" package from bundle and build as a standalone package;
Bridge - added automatic "path-cost" values depending on interface rate;
Bridge - added bridge interface property "port-cost-mode" with "short" and "long" arguments;
Bridge - fixed bogus VLAN entries from wifi when vlan-filtering is not enabled;
Bridge - improved host flush when removing VLAN on HW offloaded bridge;
Bth - added "VPN Prefer Relay Code" option;
Certificate - add support for multiple DNS names for Let's Encrypt;
Certificate - fixed certificate auto renewal via SCEP when certificate contains "subject-alt-name";
Certificate - improved initial certificate creation using SCEP;
Cloud - improved re-connect speed after network related connection errors;
Console - added ":grep" command;
Console - added ":onerror" command;
Console - added ":serialize" and ":deserialize" commands for converting values to/from JSON;
Console - added "read" command under "file" menu;
Console - added "where" functionality for "export" command;
Console - added flags to "print" command with "value-list";
Console - added interface helper for "gateway" property under "ip/route" menu;
Console - clear console history when resetting configuration;
Console - disallow setting existing "name" under "system/script" and "system/scheduler" menus;
Console - fixed "export" boolean arguments when saving output to file using API;
Console - fixed "interface/ethernet/switch/port-isolation" export;
Console - fixed "on-event" argument highlighting under "system/scheduler" menu;
Console - fixed graphic distortions in WinBox;
Console - fixed issue where API incorrectly asks for missing arguments;
Console - fixed printing of "on-event" under "system/scheduler" menu;
Console - fixed printing to file using API;
Console - ignore negative values for ":delay" command;
Console - improved flag printing in certain menus;
Console - improved stability when running "tool/ping" from API;
Console - removed "route-cache" setting from "ip/settings" menu;
Console - replace reserved characters in file and script names with underscores;
Console - resolve "wifiwave2" directory to "wifi";
Console - show "l2vpn-link" address family under "routing/route" menu;
Console - use more compact login screen for empty branding;
Defconf - expire password when reverting configuration;
Defconf - hide default configuration for users without "sensitive" policy;
Defconf - updated configuration with new "wifi" directory;
Defconf - use "fan-min-speed-percent=25" for CRS354-48G-4S+2Q+ device;
Defconf - use device factory preset credentials when using CAPs mode;
Defconf - use one SSID and enable FT when using "wifi" packages;
Ethernet - improved packet CPU core classifier for Alpine CPUs for non IPv4/IPv6 traffic;
Fetch - added "http-content-encoding" setting;
Fetch - allow to receive HTTP response headers;
Fetch - require "ftp" user policy;
Firewall - added "nat-pmp" support;
Firewall - added new IPv6 filter arguments "icmp-err-src-routing-header" and "icmp-headers-too-long" for "reject-with" setting;
Firewall - do not mark all IPv6 GRE packets as invalid;
Firewall - fixed altered address-list when upgrading from RouterOS v6;
Firewall - fixed connections being tracked when tracking is disabled;
Firewall - fixed IPv6 address-list timeout;
Firewall - removed "prohibited" and "unreachable" IPv4 address-type arguments;
Health - dynamically add and remove invalid sensors (e.g. sfp-temperature);
Hotspot - fixed incorrect host moving to VLAN 0 when receiving packets through bridge;
Ike2 - fixed ike2 double reply;
Ipv6 - do not send out IPv6 RA deprecate message for re-used prefix;
Isis - added IS-IS protocol support (CLI only);
L3hw - fixed routing for IPsec encapsulated packets;
Leds - fixed LED indication in multi-APN setup for Chateau;
Leds - improved LED indication during modem registration state for Chateau;
Log - added "fetch" topic;
Lora - fixed issue with lost LoRa configuration when rebooting the device;
Lte - added RNDIS support for neoway N75-EA modem;
Lte - added support for FOTA firmware upgrade from custom URL for R11eL-FG621-EA;
Lte - disabled IMS service for Chateau 5G on A1 HR network;
Lte - fixed rare cases where Chateau 5G in passthrough mode may stop forwarding packets;
Lte - improved SIM slot status change notification handling for MBIM modems;
Lte - replaced "passthrough-subnet-selection" with "passthrough-subnet-size" setting (CLI only);
Lte - show each CA band in a new line;
Mipsbe - improved system stability when removing USB devices;
Mmips - properly mount and unmount USB devices;
Modem - added option to read SMS using MBIM interface;
Mpls - added "te-tunnel" property for VPLS monitor (CLI only);
Mpls - fixed IPv6 RSVP-TE;
Mpls - improved logging;
Netinstall-cli - added more details to help messages;
Ovpn - improved memory allocation during key-renegotiation;
Ovpn - removed "ping-timer-rem" option from client config file;
Package - added warning log about missing "wireless" or "wifi" package;
Pimsm - improved elected BSR change;
Poe-out - improved firmware upgrade stability for AF/AT controlled boards;
Ppp - added remote-ipv6-prefix to IPv6 firewall address-list if "address-list" property is provided;
Ppp - allow at-chat and info commands in "waiting for packets" state for modems with shared data/info channel;
Ppp - improved IPv6 link-local address uniqueness;
Pppoe-server - fixed connection count limit per license level;
Profiler - improved "disk" and "supout.rif" classifiers;
Qos-hw - added initial congestion avoidance support for 98DX224S, 98DX226S, and 98DX3236 switch chips (CLI only);
Qsfp - added support for QSFP-to-SFP adapters;
Quickset - show DDNS name as VPN address for devices with new style serial number;
Sfp - improved link establishment with certain modules for hEX S device;
Sfp - improved SFP interface handling for 98DX224S, 98DX226S, 98DX3236, 98DX8208, and 98DX8216 switch chips;
Ssh - fix error that caused large chunks of text not being pasted in their entirety into console;
Supout - added VXLAN FDB section;
Switch - fixed service VLAN tagged IP multicast packets for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
System - added "rtrace" debugging tool (CLI only);
Traffic-generator - improved system stability when modifying interfaces;
Usb - added support for RTL8152 USB ethernet on ARM, ARM64 and x86;
Vpls - improved performance when decapsulating data;
Vrf - fixed ICMP reply lookup;
Webfig - allow to display comments in multiline or compact modes;
Webfig - make table headers always visible;
Webfig - use local storage for user preferences;
Wifi - added "flat-snoop" tool for surveying WiFi APs and stations (CLI only);
Wifi - added "remove" command in "capsman/remote-cap" menu;
Wifi - after radar detections, avoid selection of channels not permitted by the user;
Wifi - changed CAPsMAN generated certificate common name;
Wifi - fixed EAP authentication failures when the Session-Timout RADIUS attribute is defined;
Wifi - fixed occasional failures to start on 20/40mhz-eC channels for 2.4GHz 802.11ax interfaces;
Wifi - fixed overridden datapath settings on CAP when unsetting from CAPsMAN;
Wifi - make slave APs use datapath bridge settings inherited from master by default;
Wifi - removed "openflow-switch" setting;
Winbox - added "Hw. Offload" property under "IP/Firewall/Filter" menu;
Winbox - added "none" argument for "Preshared Key" under "WireGuard/Peers" menu;
Winbox - added "Ping" button under "IP/DHCP Server/Leases" menu;
Winbox - added "Tx bps" and "Rx bps" monitor values under "WiFi/Registration" menu;
Winbox - added icon to entries under "WiFi/Access List" menu;
Winbox - added missing "qos-classifier" argument for "Hw. Caps" under "WiFi/Radios" menu;
Winbox - added missing arguments for "MAC Format" under "Wireless/Security Profiles/RADIUS" menu;
Winbox - allow opening entries under "WiFi/Registration" menu;
Winbox - fixed default "Name Format" property under "WiFi/Provisioning" menu;
Winbox - fixed minor typo under "Routing/BFD" menu;
Winbox - updated "wireless" and "wifi" menus;
Wireless - fixed "wlan1" default name for RBSXTsqG-5acD and RBLDFG-5acD;
Wireless - fixed snooper information gathering from re-assocation requests;

New in RouterOS 7.12 Stable (Nov 10, 2023)

ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
health - removed "temperature" health entry from boards, where it was the same as "sfp-temperature";
sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
api - fixed fetching objects with warning option from REST API;
bfd - fixed sessions when setting VRF;
bfd - improved system stability;
bgp - fixed "atomic-aggregate" always set in output;
bgp - fixed "input.filter-chain" argument selection in VPN configuration;
bgp - fixed local and remote port settings for BGP connections;
bgp - fixed typos and missing spaces in log messages;
bgp - implemented IGP metric sending in BGP messages;
bgp - improved logging;
bgp - increase "hold-time" limit to 65000;
bluetooth - added basic support for connecting to BLE peripheral devices;
bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
bridge - fixed untagged VLAN entry disable;
bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
bridge - improved system stability;
bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
calea - improved system stability when trying to add rules without the CALEA package;
certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
certificate - allow to remove issued certificates when CRL is not used;
certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
certificate - fixed certificate auto renewal via SCEP;
certificate - improved certificate validation logging error messages;
certificate - log CRL HTTP errors under the "error" logging topic;
chr - iavf updated driver to 4.9.1 version;
chr - increased OVA default RAM amount from 160MB to 256MB;
console - added ":jobname" command;
console - added "as-string" and "as-string-value" properties for "get" command;
console - added "terminal/ask" command;
console - added "transform" property for ":convert" command;
console - display "End-User License Agreement" prompt after configuration reset;
console - export required properties with default values;
console - fixed scheduler "on-event" script highlighting when editing;
console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
console - improved multi-argument property parsing into array;
console - improved randomness for ":rndstr" and ":rndnum" commands;
console - improved stability and responsiveness;
console - improved stability when editing long scripts;
console - improved stability when using "special-login";
console - improved system stability through RoMON session;
console - improved system stability when using autocomplete;
console - improved system stability;
console - restrict permissions to "read,write,reboot,ftp,romon,test" for scripts executed by DHCP, Hotspot, PPP and Traffic-Monitor services;
console - show full date and time in scheduler "next-run" property;
dhcp - fixed DHCP server and relay related response delays;
email - rename "address" property to "server";
ethernet - added "supported" and "sfp-supported" values for "monitor" command;
firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
flash - show more accurate "total-hdd-space" resource property;
gps - expose GPS port for Quectel EM12-G (vendor-id="0x2c7c", device-id="0x0512");
ike1 - fixed invalid key length on phase1 negotiation;
ike1 - log an error when non-RSA keys are being used;
ike2 - improved rekey collision handling;
interface - added "macvlan" interface support;
iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
iot - fixed behavior where GPIO output state would change on boot;
ipsec - fixed Diffie-Hellman public value encoding size;
ipsec - fixed IPSec policy when using modp3072;
ipsec - fixed minor typo in logs;
ipsec - reduce disk writes when started without active configuration;
ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
ipv6 - send RA and RA deprecate messages out three times instead of just once;
l3hw - fixed IPv6 route suppression;
l3hw - improved system stability during IPv6 route offloading;
l3hw - prioritize local IP addresses over the respective /32 and /128 routes;
led - fixed "interface-status" configuration for virtual interfaces;
led - fixed 5G modem mobile network category LED colours;
leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
log - improved logging for user actions;
lora - added LNS protocol support;
lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
lte - added SINR reporting for FG621-EA modem;
lte - changed R11e-LTE ARP behavior to NoArp;
lte - fixed 5G data-class reporting for Chateau 5G;
lte - fixed APN authentification in multi APN setup for R11e-LTE6;
lte - fixed FG621-EA possible timeouts during firmware upgrade;
lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
lte - fixed RSSI for FG621-EA modem to show the correct value;
lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
lte - fixed Sierra modem initialization;
lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
lte - fixed sub-interface auto-removal in multiple APN setups;
lte - show correct data class when connected to 5G SA network;
lte - use more compact logging messages;
modbus - added additional security settings for Modbus TCP;
mpls - added option to match and set MPLS EXP with bridge and mangle rules;
mpls - fixed "propagate-ttl=no" setting;
mpls - improved FastPath next-hop selection hash algorithm;
mqtt - added on-message feature for subscribed topics;
mqtt - added parallel-scripts-limit parameter to set maximum allowed number of scripts executed at the same time;
mqtt - added wildcard topic subscription support;
netinstall - added option to discard branding package;
netinstall - display package filename in GUI Description column if package description is not specified;
netinstall-cli - added empty configuration option "-e";
netinstall-cli - added option to discard branding package;
netinstall-cli - allow ".rsc" script filenames;
netinstall-cli - prioritise interface option over address option;
netinstall-cli - updated configuration option description;
netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
ospf - fixed adding ECMP routes;
ospf - fixed BFD on virtual-link with configured VRF;
ospf - fixed OSPFv3 authentication header length calculation;
ospf - fixed OSPFv3 not working with NSSA areas;
ospf - fixed parsing of opaque LSAs used by TE;
ospf - fixed translated NSSA routes not showing in backbone;
ovpn - added "tls-auth" option support for imported .ovpn profiles;
ovpn - improved system stability;
pimsm - fixed BSR update process;
pimsm - fixed UIB update process;
pimsm - improved system stability;
poe-out - driver optimization for AF/AT controlled boards;
poe-out - fixed rare CRS328 poe-out menu and poe-out port config loss after reboot;
poe-out - improved "auto" mode for devices with single PoE-out port;
poe-out - removed "auto" mode support for L009 devices;
port - add support for Huawei MS237h-517;
port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
qsfp - added 50Gbps rate support for QSFP28 interfaces;
qsfp - fixed incorrect QSFP temperature readings in negative temperature;
qsfp - improved auto link detection for AOC cables;
qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
quickset - fixed "LAN" interface list members if configuration does not contain bridge;
rip - added BFD support;
rip - fixed session not working in VRF;
route - added "single-process" configuration setting, enabled by default on devices with 64MB or less RAM memory;
route - added "suppress-hw-offload" setting for IPv6 routes;
route - fixed gateway after link restart;
route - removed deprecated "received-from" property;
route - reverse community "delete" and "filter" command behavior;
routerboard - added "reset-button" support for RB800, RB1100 and RB1100AHx2 devices;
routerboard - fixed "reset-button" support for wAP ac and wAP R ac devices;
sfp - added 5Gbps rate for SFP+ interface on 98DX224S, 98DX226S, and 98DX3236 switch chips;
sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
sfp - fixed occasional bad EEPROM data reading for L009 devices;
sfp - improved interface stability for SFP and QSFP types of interfaces;
sfp - improved system stability with certain modules for 98DX224S, 98DX226S, 98DX3236, 98DX8216 and 98DX8208 switch chips;
snmp - changed "mtxrGaugeValue" type to integer;
ssh - added support for user ed25519 public keys;
ssh - allow to specify key owner on import;
ssh - fixed SSH tunnel performance (introduced in v7.10);
ssh - improved connection stability when pasting large chunks of text into console;
supout - added interface list members section;
supout - added LLDP power to supout.rif;
supout - fixed BFD section;
switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
switch - improved switch chip stability for CCR2004-16g-2s+ devices;
system - fixed process multithreading (introduced in v7.9);
system - improved system stability during booting for L009 devices;
system - improved system stability when MD5 checksums are used;
tftp - fixed empty file name matching;
tile - improved system stability when using queues;
traffic-generator - added "priority" property for "inject" command;
traffic-generator - fixed traffic-generator on CHR and x86;
usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
vrf - limit maximum VRFs to 1024;
vxlan - improved system stability for Tile devices;
webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
webfig - fixed timezone for interface "Last Link Down/Up Time";
webfig - improved Webfig performance and responsiveness;
webfig - try to re-establish connection after disconnect;
wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP;
wifiwave2 - added comment property for registration-table;
wifiwave2 - added station-bridge interface mode;
wifiwave2 - correctly add interface to specified "datapath.interface-list";
wifiwave2 - do not show default "l2mtu" on compact export;
wifiwave2 - enable changing interface MTU and L2MTU;
wifiwave2 - fixed malformed Interworking packet elements;
wifiwave2 - fixed PTK renewal for interfaces in station mode;
wifiwave2 - fixed re-connection failures for 802.11ax interfaces in station mode;
wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
wifiwave2 - fixed warning on CAP devices when radar detected;
wifiwave2 - implemented an option to transmit IP multicast packets as unicasts;
wifiwave2 - improved compliance with regulatory requirements;
wifiwave2 - limit L2MTU to 1560 until a fix is available for a bug causing interfaces to fail transmitting larger frames than that;
wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
wifiwave2 - log more information regarding authentication failures;
wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
wifiwave2 - use CAPsMAN's "datapath.vlan-id" on CAP for bridge port "pvid";
winbox - added "Addresses" property under "Routing/BFD/Configuration" menu;
winbox - added "BUS" property for USB Power Reset button for LtAP-2HnD and CCR1072;
winbox - added "Comment" under "Routing/BFD/Configuration" menu;
winbox - added "g" flag under "IPv6/Routes" menu;
winbox - added "Host Key Type" setting under "IP/SSH" menu;
winbox - added "Key Owner" setting under "System/User/SSH Keys" and "System/User/SSH Private Keys" menus;
winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
winbox - added "Remote Min Tx" parameter under "Routing/BFD/Session" menu;
winbox - added "Startup Delay" setting under "Tools/Netwatch" menu;
winbox - added "USB" button under "System/RouterBOARD" menu for LtAP-2HnD;
winbox - added "Use BFD" setting under "Routing/RIP/Interface-Template" menu;
winbox - added Enable/Disable button under "Routing/RIP/Static Neighbors" menu;
winbox - added missing properties under "WifiWave2" menu;
winbox - added MQTT subscription menu;
winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
winbox - allow to specify server as DNS name under "Tools/Email" menu;
winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
winbox - do not show "F" flag for disabled entries under "IP/Routes" menu;
winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
winbox - fixed "Do" property under "Routing/Filters/Select Rule" menu;
winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
winbox - fixed "Range" property under "Routing/Filters/Num Set" menu;
winbox - fixed "Switch" menu for CCR2004-16G-2S+;
winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
winbox - fixed minor typos;
winbox - improved support for certain properties under "WifiWave2/Interworking Profiles" menu;
winbox - rename "DSCP" setting to "DSCP (+ECN)" under "Tools/Traffic-Generator/Packet-Templates" menu;
winbox - rename "Name" setting to "List" under "IP,IPv6/Firewall/Address-List" menu;
winbox - rename "Password" button to "Change Now" under "System/Password" menu;
winbox - show "unknown" value for "FS" property under "System/Disks" menu if the data is not available;
wireguard - added "auto" and "none" parameter for "private-key" and "presharde-key" parameters;
wireguard - added "wg-export" and "wg-import" functionality (CLI only);
wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
wireguard - request public or private key to be specified in order to create peer;
wireless - added more "radius-mac-format" options (CLI only);
wireless - fixed malformed Interworking packet elements;
www - fixed allowed address setting for REST API users;
www - fixed fragmented POST data for SCEP service;
x86 - added support for Mellanox ConnectX-6 Dx NIC;
x86 - i40e updated driver to 2.23.17 version;
x86 - igb updated driver to 5.14.16 version;
x86 - igbvf updated driver from in-tree Linux kernel;
x86 - igc updated driver to 5.10.194 version;
x86 - ixgbe updated driver to 5.19.6 version;
x86 - Realtek r8169 updated driver;
x86 - updated latest available pci.ids;

New in RouterOS 7.12 RC 7 (Nov 8, 2023)

New in RouterOS 7.12 RC 6 (Nov 7, 2023)

New in RouterOS 7.12 RC 5 (Nov 3, 2023)

New in RouterOS 7.12 RC 4 (Oct 30, 2023)

New in RouterOS 7.12 RC 2 (Oct 17, 2023)

New in RouterOS 7.12 RC 1 (Oct 6, 2023)

ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
bfd - fixed sessions when setting VRF;
bfd - improved system stability;
console - improved system stability;
email - rename "address" property to "server";
flash - show more accurate "total-hdd-space" resource property;
gps - expose GPS port for Quectel EM12-G (vendor-id="0x2c7c", device-id="0x0512");
ike1 - fixed invalid key length on phase1 negotiation;
interface - added "macvlan" interface support;
l3hw - prioritize local IP addresses over the respective /32 and /128 routes;
leds - fixed "wireless-status" and "wireless-signal-strength" for wireless interfaces (introduced in v7.12beta7);
netinstall-cli - updated configuration option description;
pimsm - improved system stability;
poe-out - improved "auto" mode for devices with single PoE-out port;
qsfp - improved auto link detection for AOC cables;
route - added "single-process" configuration setting, enabled by default on devices with 64MB or less RAM memory;
route - added "suppress-hw-offload" setting for IPv6 routes;
sfp - added 5Gbps rate for SFP+ interface on 98DX224S, 98DX226S, and 98DX3236 switch chips;
sfp - fixed failed auto-negotiation for RB5009 devices (introduced in v7.12beta3);
sfp - improved system stability with certain modules for 98DX224S, 98DX226S, 98DX3236, 98DX8216 and 98DX8208 switch chips;
tftp - fixed empty file name matching;
webfig - fixed interface addition (introduced in v7.12beta7);
wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP;
wifiwave2 - added station-bridge interface mode;
wifiwave2 - implemented an option to transmit IP multicast packets as unicasts;
wifiwave2 - use CAPsMAN's "datapath.vlan-id" on CAP for bridge port "pvid";
winbox - added "Addresses" property under "Routing/BFD/Configuration" menu;
winbox - added "BUS" property for USB Power Reset button for LtAP-2HnD and CCR1072;
winbox - added "USB" button under "System/RouterBOARD" menu for LtAP-2HnD;
winbox - added Enable/Disable button under "Routing/RIP/Static Neighbors" menu;
winbox - added missing properties under "WifiWave2" menu;
winbox - do not show "F" flag for disabled entries under "IP/Routes" menu;
winbox - fixed "Do" property under "Routing/Filters/Select Rule" menu;
winbox - fixed "Range" property under "Routing/Filters/Num Set" menu;
winbox - fixed "Switch" menu for CCR2004-16G-2S+;
winbox - improved support for certain properties under "WifiWave2/Interworking Profiles" menu;
winbox - show "unknown" value for "FS" property under "System/Disks" menu if the data is not available;
wireguard - added "auto" and "none" parameter for "private-key" and "presharde-key" parameters;
wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;

New in RouterOS 7.12 Beta 9 (Sep 26, 2023)

ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
health - removed "temperature" health entry from boards, where it was the same as "sfp-temperature";
sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
bfd - improved system stability;
bgp - fixed "input.filter-chain" argument selection in VPN configuration;
bgp - improved logging;
bluetooth - added basic support for connecting to BLE peripheral devices;
console - export required properties with default values;
console - improved system stability;
console - restrict permissions to "read,write,reboot,ftp,romon" for scripts executed by DHCP, Hotspot, PPP and Traffic-Monitor services;
l3hw - fixed IPv6 route suppression;
led - fixed "interface-status" configuration for virtual interfaces;
lora - added LNS protocol support;
lte - changed R11e-LTE ARP behavior to NoArp;
lte - fixed sub-interface auto-removal in multiple APN setups;
lte - show correct data class when connected to 5G SA network;
mqtt - added on-message feature for subscribed topics;
mqtt - added parallel-scripts-limit parameter to set maximum allowed number of scripts executed at the same time;
mqtt - added wildcard topic subscription support;
netinstall - added option to discard branding package;
netinstall - display package filename in GUI Descption column if package description is not specified;
netinstall-cli - added option to discard branding package;
netinstall-cli - allow ".rsc" script filenames;
poe-out - driver optimization for AF/AT controlled boards;
poe-out - fixed rare CRS328 poe-out menu and poe-out port config loss after reboot;
route - added "single-process" configuration setting, enabled by default on devices with 64MB or less RAM memory (CLI only);
route - added "suppress-hw-offload" setting for IPv6 routes;
route - reverse community "delete" and "filter" command behavior;
routerboard - added "reset-button" support for RB800, RB1100 and RB1100AHx2 devices;
sfp - fixed 25Gbps link with FEC91 (introduced in v7.12beta7);
snmp - changed "mtxrGaugeValue" type to integer;
switch - fixed packet forwarding between Ethernet ports for CRS354 switches (introduced in v7.12beta7);
webfig - fixed timezone for interface "Last Link Down/Up Time";
wifiwave2 - correctly add interface to specified "datapath.interface-list";
wifiwave2 - fixed re-connection failures for 802.11ax interfaces in station mode;
wifiwave2 - limit L2MTU to 1560 until a fix is available for a bug causing interfaces to fail transmitting larger frames than that;
wifiwave2 - log more information regarding authentication failures;
winbox - added "Host Key Type" setting under "IP/SSH" menu;
winbox - added "Key Owner" setting under "System/User/SSH Keys" and "System/User/SSH Private Keys" menus;
winbox - added "Remote Min Tx" parameter under "Routing/BFD/Session" menu;
winbox - added "Startup Delay" setting under "Tools/Netwatch" menu;
winbox - added "Use BFD" setting under "Routing/RIP/Interface-Template" menu;
winbox - added MQTT subscription menu;
winbox - allow to specify server as DNS name under "Tools/Email" menu;
winbox - rename "DSCP" setting to "DSCP (+ECN)" under "Tools/Traffic-Generator/Packet-Templates" menu;
winbox - rename "Name" setting to "List" under "IP,IPv6/Firewall/Address-List" menu;
winbox - rename "Password" button to "Change Now" under "System/Password" menu;
wireguard - added "auto" parameter for "private-key" and "presharde-key" parameters;
wireguard - request public or private key to be specified in order to create peer;
x86 - igb updated driver to 5.14.16 version;
x86 - igbvf updated driver from in-tree Linux kernel;
x86 - updated latest available pci.ids;

New in RouterOS 7.12 Beta 7 (Sep 13, 2023)

ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
api - fixed fetching objects with warning option from REST API;
bgp - implemented IGP metric sending in BGP messages;
bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
certificate - allow to remove issued certificates when CRL is not used;
certificate - fixed certificate auto renewal via SCEP;
chr - iavf updated driver to 4.9.1 version;
console - improved randomness for ":rndstr" and ":rndnum" commands;
console - improved stability when using "special-login";
console - improved system stability through RoMON session;
console - improved system stability when using autocomplete;
dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.12beta3);
ike2 - improved rekey collision handling;
ipsec - fixed Diffie-Hellman public value encoding size;
ipsec - fixed minor typo in logs;
ipsec - reduce disk writes when started without active configuration;
ipv6 - send RA and RA deprecate messages out three times instead of just once;
l3hw - improved system stability during IPv6 route offloading;
leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
log - improved logging for user actions;
lte - fixed 5G data-class reporting for Chateau 5G;
lte - fixed APN authentification in multi APN setup for R11e-LTE6;
lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
lte - fixed RSSI for FG621-EA modem to show the correct value;
lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
mpls - improved FastPath next-hop selection hash algorithm;
netinstall-cli - added empty configuration option "-e";
netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
ovpn - improved system stability;
pimsm - improved system stability;
qsfp - added 50Gbps rate support for QSFP28 interfaces;
qsfp - fixed sub-interface EEPROM monitor data output (introduced in v7.12beta3);
qsfp - improved auto link detection for 100G CWDM4 modules and AOC cables (introduced in v7.12beta3);
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) routerboard - added "reset-button" support for RB800 and RB1100 devices;
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP (CLI only);
*) wifiwave2 - added station-bridge interface mode (CLI only);
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts (CLI only);
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireguard - generate Wireguard peer keys and preshared-key automatically, if value is specified but is not base64 string;
*) wireguard - removed "wg-add-client" configuration wizard (introduced in v7.12beta3);
*) wireless - added more "radius-mac-format" options (CLI only);
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;

New in RouterOS 7.11.2 Stable (Sep 1, 2023)

New in RouterOS 7.11.1 Stable (Aug 31, 2023)

New in RouterOS 6.49.10 Stable (Aug 25, 2023)

New in RouterOS 7.12 Beta 3 (Aug 25, 2023)

ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu
sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces
bgp - fixed "atomic-aggregate" always set in output
bgp - fixed local and remote port settings for BGP connections
bgp - increase "hold-time" limit to 65000
bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11)
bridge - fixed untagged VLAN entry disable
bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10)
bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11)
bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices
calea - improved system stability when trying to add rules without the CALEA package
console - added "transform" property for ":convert" command
console - fixed scheduler "on-event" script highlighting when editing
console - improved multi-argument property parsing into array
console - improved stability when editing long scripts
console - show full date and time in scheduler "next-run" property
dhcp - fixed DHCP server and relay related response delays
ethernet - added "supported" and "sfp-supported" values for "monitor" command
interface - added "macvlan" interface support
ipsec - fixed IPSec policy when using modp3072
ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC
ipv6 - send RA and RA deprecate messages out three times instead of just once
log - improved logging for user actions
lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM
lte - added SINR reporting for FG621-EA modem
lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors
lte - fixed startup race condition when SIM card is in non-default slot for LtAP mini
netinstall-cli - prioritise interface option over address option
ospf - fixed adding ECMP routes
ospf - fixed OSPFv3 not working with NSSA areas
ospf - fixed parsing of opaque LSAs used by TE
ospf - fixed translated NSSA routes not showing in backbone
port - add support for Huawei MS237h-517
port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM
quickset - fixed "LAN" interface list members if configuration does not contain bridge
rip - added BFD support
rip - fixed session not working in VRF
route - fixed gateway after link restart
route - removed deprecated "received-from" property
sfp - improved interface stability for SFP and QSFP types of interfaces
switch - improved switch chip stability for CCR2004-16g-2s+ devices
tile - improved system stability when using queues
traffic-generator - added "priority" property for "inject" command
wifiwave2 - added comment property for registration-table
wifiwave2 - enable changing interface MTU and L2MTU
wifiwave2 - fixed malformed Interworking packet elements
winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu
wireguard - added "wg-add-client" configuration wizard (CLI only)
wireguard - added "wg-export" and "wg-import" functionality (CLI only)
wireless - fixed malformed Interworking packet elements
x86 - added support for Mellanox ConnectX-6 Dx NIC

New in RouterOS 7.12 Beta 1 (Aug 17, 2023)

Bgp - fixed typos and missing spaces in log messages;
Bridge - improved system stability;
Bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
Certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
Certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
Certificate - improved certificate validation logging error messages;
Certificate - log CRL HTTP errors under the "error" logging topic;
Chr - increased OVA default RAM amount from 160MB to 256MB;
Console - added ":jobname" command;
Console - added "as-string" and "as-string-value" properties for "get" command;
Console - added "terminal/ask" command;
Console - improved ":totime" and ":tonum" commands and added ":tosec" command for time value manipulation;
Console - improved stability and responsiveness;
Console - improved stability when using "special-login";
Firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
Ike1 - log an error when non-RSA keys are being used;
Iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
Iot - fixed behavior where GPIO output state would change on boot;
Lte - fixed Sierra modem initialization;
Lte - use more compact logging messages;
Modbus - added additional security settings for Modbus TCP;
Mpls - added option to match and set MPLS EXP with bridge and mangle rules;
Mpls - fixed "propagate-ttl=no" setting;
Netinstall - added option to discard branding package;
Ospf - fixed BFD on virtual-link with configured VRF;
Ovpn - added "tls-auth" option support for imported .ovpn profiles;
Sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
Ssh - added support for user ed25519 public keys;
Ssh - allow to specify key owner on import;
Ssh - fixed SSH tunnel performance (introduced in v7.10);
Supout - added LLDP power to supout.rif;
Supout - fixed BFD section;
System - improved system stability when MD5 checksums are used;
Tile - improved system stability when using IPv6 queues;
Wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
Winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;

New in RouterOS 7.11 Stable (Aug 15, 2023)

api - disallow executing commands without required parameters;
bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
bfd - improved system stability;
bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
bridge - added more STP-related logging;
bridge - added warning when VLAN interface list contains ports that are not bridged;
bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
bridge - fixed MSTP BPDU aging;
bridge - fixed MSTP synchronization after link down;
bridge - prevent bridging the VLAN interface created on the same bridge;
certificate - allow to import certificate with DNS name constraint;
certificate - fixed PEM import;
certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
certificate - improved CRL download retry handling;
certificate - removed request for "passphrase" property on import;
certificate - require CRL presence when using "crl-use=yes" setting;
certificate - restored RSA with SHA512 support;
conntrack - fixed "active-ipv4" property;
console - added ":convert" command;
console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
console - fixed incorrect date when printing "value-list" with multiple entries;
console - fixed minor typos;
console - fixed missing "parent" for script jobs (introduced in v7.9);
console - fixed missing return value for ping command in certain cases;
console - fixed printing interval when resizing terminal;
console - improved flag printing in certain menus;
console - improved stability and responsiveness;
console - improved stability when canceling console actions;
console - improved stability when using fullscreen editor;
console - improved timeout for certain commands and menus;
console - improved VPLS "cisco-id" argument validation;
container - added IPv6 support for VETH interface;
container - added option to use overlayfs layers;
container - adjust the ownership of volume mounts that fall outside the container's UID range;
container - fixed duplicate image name;
container - fixed IP address in container host file;
defconf - do not change admin password if resetting with "keep-users=yes";
dhcp-server - fixed setting "bootp-lease-time=lease-time";
discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
dns - improved system stability when processing static DNS entries with specified address-list;
ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
ethernet - improved interface stability for CRS312 device;
fetch - improved timeout detection;
firewall - added warning when PCC divider argument is smaller than remainder;
firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
firewall - improved system stability when using "endpoint-independent-nat";
graphing - added paging support;
health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
health - fixed configuration export for "/system/health/settings" menu;
hotspot - allow number as a first symbol in the Hotspot server DNS name;
ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
ike2 - improved SA rekeying reply process;
ike2 - improved system stability when closing phase1;
ike2 - improved system stability when making configuration changes on active setup;
ike2 - log "reply ignored" as non-debug log message;
ipsec - fixed public key export (introduced in v7.10);
ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
ipsec - improved IKE2 rekey process;
ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
l3hw - fixed /32 and /128 route offloading after nexthop change;
l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
l3hw - improved system responsiveness during partial offloading;
l3hw - improved system stability during IPv6 route offloading;
l3hw - improved system stability;
led - fixed manually configured user LED for RB2011;
leds - blink red system-led when LTE is not connected to the network on D53 devices;
leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
lora - added new EUI field;
lora - added uplink message filtering option using NetID or JoinEUI;
lora - moved LoRa service to IoT package;
lora - properly apply configuration changes when multiple LoRa cards are used;
lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
lte - added "at-chat" support for Dell DW5821e-eSIM modem;
lte - added "at-chat" support for Dell DW5829 modem;
lte - added "at-chat" support for Fibocom L850-GL modem;
lte - added "at-chat" support for SIMCom 8202G modem;
lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
lte - added extended support for Neoway N75 modem;
lte - fixed Dell DW5221E "at-chat" support;
lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
lte - fixed NR SINR reporting for Chateau 5G;
lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
lte - fixed Telit LE910C4 "at-chat" support;
lte - improved initial interface startup time for SXT LTE 3-7;
lte - improved system stability when changing the "radio" state for MBIM modems;
lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
modem - added initial support for BG77 modem DFOTA firmware update;
modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
mpls - improved MPLS TCP performance;
mqtt - added more MQTT publish configuration options;
mqtt - added new MQTT subscribe feature;
netwatch - added "src-address" property;
netwatch - changed "thr-tcp-conn-time" argument to time interval;
ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
ovpn - fixed OVPN server peer-id negotiation;
ovpn - fixed session-timeout when using UDP mode;
ovpn - improved key renegotiation process;
ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
ovpn - properly close OVPN session on the server when client gets disconnected;
package - treat disabled packages as enabled during upgrade;
poe - fixed missing PoE configuration section under specific conditions;
poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
profile - added "container" process classifier;
profile - properly classify "console" related processes;
qos-hw - keep VLAN priority in packets that are sent from CPU;
quickset - correctly apply configuration when using "DHCP Server Range" property;
resource - fixed erroneous CPU usage values;
rose-storage - added "scsi-scan" command (CLI only);
rose-storage - added disk stats for ramdisks;
rose-storage - fixed RAID 0 creation;
rose-storage - limit striped RAID element size to smallest disk size;
route - added comment for BFD configuration (CLI only);
route - convert BFD timers from milliseconds to microseconds after upgrade;
routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
sms - increased wait time for modem startup;
ssh - fixed host public key export (introduced in v7.9);
ssh - fixed private key import (introduced in v7.9);
ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
ssh - fixed user RSA private key import;
switch - fixed "reset-counters" for "switch-cpu";
switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
switch - improved multicast packet forwarding on MT7621;
system - disallow setting a non-existing CPU core number for system IRQ;
system - increased maximum supported CPU core count to 512 on CHR and x86;
system - reduced RAM usage for SMIPS devices;
tftp - improved file name matching;
user - added "sensitive" policy requirement for SSH key and certificate export;
w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
webfig - added option to enable wide view in item list;
webfig - fixed "Connect To" configuration changes for L2TP client;
webfig - fixed gray-out italic font for entries after enable;
webfig - use router time zone for date and time;
wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
wifiwave2 - enabled PMK caching with EAP authentication types;
wifiwave2 - fixed "reg-info" information for several countries;
wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
wifiwave2 - improved stability when changing interface settings;
wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
winbox - added missing status values for Ethernet and Cable Test;
winbox - added warning about non-running probe due to "startup-delay";
winbox - fixed "Storm Rate" property under "Switch/Port" menu;
winbox - fixed BGP affinity display;
winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
winbox - improved supout.rif progress display;
winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
wireguard - fixed peer connection using DNS name on IP change;
wireguard - fixed peer IPv6 "allowed-address" usage;
wireless - ignore EAPOL Logoff frames;
x86 - updated e1000 driver;

New in RouterOS 7.11 RC 4 (Aug 14, 2023)

New in RouterOS 7.11 RC 3 (Aug 10, 2023)

New in RouterOS 7.11 RC 2 (Aug 4, 2023)

New in RouterOS 7.11 RC 1 (Jul 31, 2023)

New in RouterOS 7.11 Beta 7 (Jul 25, 2023)

New in RouterOS 7.11 Beta 6 (Jul 19, 2023)

New in RouterOS 7.11 Beta 5 (Jul 17, 2023)

New in RouterOS 7.10.2 Stable (Jul 12, 2023)

New in RouterOS 7.11 Beta 4 (Jul 6, 2023)

bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
bridge - added warning when VLAN interface list contains ports that are not bridged;
bridge - prevent bridging the VLAN interface created on the same bridge;
console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
console - improved stability and responsiveness;
container - fixed duplicate image name;
dns - improved system stability when processing static DNS entries with specified address-list;
ipsec - improved IKE2 rekey process;
ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
l3hw - fixed /32 and /128 route offloading after nexthop change;
l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
l3hw - improved system responsiveness during partial offloading;
l3hw - improved system stability;
leds - blink red system-led when LTE is not connected to the network on D53 devices;
leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
lte - fixed Dell DW5221E "at-chat" support;
lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
package - treat disabled packages as enabled during upgrade;
profile - added "container" process classifier;
profile - properly classify "console" related processes;
quickset - correctly apply configuration when using "DHCP Server Range" property;
rose-storage - added "scsi-scan" command (CLI only);
route - added comment for BFD configuration (CLI only);
route - convert BFD timers from milliseconds to microseconds after upgrade;
sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
wifiwave2 - fixed "reg-info" information for several countries;
wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
winbox - fixed "Storm Rate" property under "Switch/Port" menu;
winbox - fixed BGP affinity display;
wireless - ignore EAPOL Logoff frames;
x86 - updated e1000 driver;

New in RouterOS 7.10.1 Stable (Jun 27, 2023)

New in RouterOS 7.11 Beta 2 (Jun 22, 2023)

*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;

New in RouterOS 7.10 Stable (Jun 15, 2023)

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
bgp - allow to filter BGP sessions by AFI;
bgp - changed default VPNv4 import distance to iBGP value (200);
bgp - do not check route distinguisher on import;
bgp - fixed "as-override" and rename to "output.as-override";
bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
bgp - show address family in advertisements;
bgp - show approximate received prefix count by the session;
branding - fixed custom logo (introduced in v7.8);
bridge - fixed HW offloaded STP state on port disable;
bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
bridge - fixed incorrect host moving between ports with enabled FastPath;
certificate - fixed displaying of certificate serial number;
certificate - improved error reporting for Let's Encrypt certificate;
certificate - restore available "key-usage" property options;
conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
console - added timeout error for configuration export;
console - changed time format according to ISO standard;
console - disable output when using "as-value" parameter;
console - fixed ":terminal inkey" input when resizing terminal;
console - fixed "print without-paging" output in some cases;
console - hide past commands with sensitive arguments;
console - improved stability when using command completion;
container - fixed "container pull" to support OCI manifest format;
container - fixed crash due to missing system directories;
container - improved default internal environment values;
defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
defconf - fixed default configuration for RBSXTLTE3-7;
dhcp-server - fixed accounting on RADIUS interim update;
dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
doh - less verbose logging;
firewall - added "endpoint-independent-nat" support;
firewall - added "nth" option for IPv6 firewall;
gps - expose GPS port for Quectel RM520N-GL;
ike2 - improved child SA delete request processing;
iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
ipsec - refactor public key authentication;
ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
ipv6 - fixed IPv6 address removal;
l3hw - added "autorestart" option to L3HW settings;
l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
l3hw - added monitoring options for L3HW utilization (CLI only);
l3hw - fixed /32 route deletion;
l3hw - fixed IPv6 ECMP route offloading;
l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
l3hw - fixed route table offloading during large volume of route updates;
l3hw - improved host and nexthop offloading;
l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
l3hw - improved performance of partial offloading;
l3hw - improved route offloading after gateway change;
l3hw - improved system stability for partial routing table offload;
leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
lora - improved gateway card detection and upgrade logic;
lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
lte - added serving cell query for MBIM modems with necessary MBIM extension;
lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
lte - fixed APN authentication for R11e-LTE6 modem;
lte - fixed Google Pixel 7 tethering support;
lte - improved MBIM modem firmware reported error handling when settings RAT modes;
lte - improved modem firmware upgrade stability for MBIM modems;
lte - improved stability for Chateau 5G LTE modem firmware upgrade;
lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
mpls - added FastPath support;
netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
ovpn - added initial support for V2 data transfer protocol;
ovpn - improved system stability;
poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
rose-storage - added support for multiple smb users and smb shares;
route - improved system stability when removing multicast forwarding entries;
routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
scheduler - fixed incorrectly started scheduler during reboot or shutdown;
sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
sfp - report EEPROM data even if "auto-init-failed" has occurred;
smb - improved SMB v1 operation;
sniffer - fixed large .pcap file limit;
snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
ssh - added inline key "passphrase" property;
ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
system - reduced RAM usage for SMIPS devices;
tile - fixed support for microSD card;
tr069 - added 5G SCC "SNR" parameter for modems that report it;
upgrade - do not run manual upgrade if some packages are missing;
ups - fixed updating of "battery-voltage" property;
vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
vrrp - added warning if the VRRP group is misconfigured;
vrrp - added warning if VRRP or its interface does not have an IP address;
vrrp - do not start connection synchronization if the global connection tracking is inactive;
vrrp - fixed issue where disabled VRRP interface is affecting group;
vrrp - fixed VRRP interface state on physical cable disconnection;
vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
vrrp - send VRRP announcements only by "group-authority";
w60g - improved interface stability for PTMP setups;
webfig - added high-resolution favicon;
webfig - allow limitless upper bounds for number range;
webfig - allow to set "0" second time for fields with default values;
webfig - changed time format according to ISO standard;
webfig - display date and time in local time zone;
webfig - fixed missing "WifiWave2" menu;
webfig - fixed missing property names in "WifiWave2" menu;
webfig - redesigned item configuration display;
webfig - redesigned top menu bar;
webfig - removed "Tools/Telnet" menu;
webfig - removed auto-login with default credentials (admin without a password);
wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
wifiwave2 - do not show placeholder transmit power values on interface startup;
wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
wifiwave2 - fixed CAP interface name when using "name-format";
wifiwave2 - fixed connectivity issues wheen access-list is used;
wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
wifiwave2 - fixed interface name change when restoring backup;
wifiwave2 - fixed key handshake timeout with re-associating clients;
wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
wifiwave2 - improved system stability when trying to exceed virtual AP limit;
wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
wifiwave2 - other system stability improvements;
wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
winbox - added "MPLS/Settings" menu;
winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
wireguard - fixed IPv6 traffic processing with multiple peers;
wireguard - retry "endpoint-address" DNS query on failed resolve;
x86 - ice driver update to v1.11.14;
zerotier - make "identity" setting sensitive;

New in RouterOS 7.10 RC 6 (Jun 14, 2023)

New in RouterOS 7.10 RC 5 (Jun 9, 2023)

New in RouterOS 7.10 RC 4 (Jun 7, 2023)

New in RouterOS 7.9.2 Stable (May 31, 2023)

New in RouterOS 7.10 RC 1 (May 26, 2023)

New in RouterOS 7.10 Beta 8 (May 23, 2023)

Changes in this release:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD (CLI only);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - fixed "print without-paging" output in some cases;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sniffer - fixed large .pcap file limit;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;

New in RouterOS 6.49.8 Stable (May 23, 2023)

New in RouterOS 7.9.1 Stable (May 22, 2023)

New in RouterOS 7.9 Stable (May 2, 2023)

bgp - improved BGP VPN selection;
bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
certificate - fixed bogus log messages;
chr - fixed public SSH key pulling when running on AWS;
console - added "/task" submenu (CLI only);
console - added option to create new files using "/file add" command (CLI only);
console - improved stability when doing "/console inspect" in certain menus;
console - improved stability when editing long strings;
console - improved system stability;
console - removed bogus "reset" command from "/system resource usb" menu;
console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
console - replaced "fingerprint" with "skid" in "/certificate print";
console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
container - fixed invoking "container shell" more than once;
container - improved "container pull" to support OCI manifest format;
defconf - added CAPs mode script for wifiwave2 devices;
detnet - fixed interface state detection after reboot;
dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
dhcpv4-server - release lease if "check-status" reveals no conflict;
disk - improved system stability when removing USB while formatting;
ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
filesystem - fixed partition "copy-to" function;
firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
health - fixed bogus value reporting for CRS510 device;
ike2 - fixed minor logging typo;
ipsec - added error log message when peer ID does not match certificate;
ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
ipsec - refactor X.509 implementation;
ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
leds - disable LEDs after "/system shutdown";
lte - capped maximum lifetime of SLAAC address to 1 hour;
lte - fixed CA band clearing on RAT mode change;
lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
lte - fixed LTE interface not showing up when resetting RouterOS configuration;
lte - fixed passthrough mode when used together with another APN for Chateau 5G;
lte - fixed R11-LTE-US in LTE passthrough mode;
lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
lte - fixed second modem halt on dual R11e-LTE6 setup;
lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
mpls- fixed LDP "preferred-afi" parameter;
netinstall-cli - improved device reinstall on failed attempt;
netwatch - added "startup-delay" setting (CLI only);
netwatch - improved ICMP status evaluation when no reply was present;
netwatch - limit "start-delay" range;
ospf - fixed processing of fragmented LSAs;
ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
ovpn - improved system stability for Tile devices;
quickset - fixed displaying of "SINR" when value is 0;
rose-storage - added option to nvme-discover with hostname (CLI only);
rose-storage - fixed crash on nvme-tcp disable;
rose-storage - fixed rsync transfer permissions;
rose-storage - various stability fixes;
route - fixed "dynamic-id" for VRF tables;
route - improved system stability when making routing decision;
route - show SLAAC routes under the "/routing route" menu;
route-filter - improved stability when matching blackhole routes;
routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
snmp - fixed SNMPv3 "Reportable" flag behavior;
snmp - improved outputting of routes;
socks - added VRF support;
ssh - added Ed25519 host key support;
ssh - added support for Ed25519 key export and import in PKCS8 format;
ssh - do not allow SHA1 usage with strong crypto enabled;
ssh - improved service responsiveness when changing SSH service settings;
ssh - improved SSH key import process;
storage - mount RAM drive for devices with 32MB flash;
supout - added DHCP server network section;
switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
timezone - updated timezone information from "tzdata2023c" release;
vrrp - added "self" value for "group-master" setting;
vxlan - added forwarding table;
vxlan - fixed packet drops when host moves between remote VTEPs;
webfig - added inline comments;
webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
webfig - various stability fixes;
wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
wifiwave2 - added ability to configure antenna gain;
wifiwave2 - added ability to configure beacon interval and DTIM period;
wifiwave2 - added information on additional interface capabilities to radio parameters;
wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
wifiwave2 - improved general interface stability;
wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
wifiwave2 - improved WPS connection speed;
wifiwave2 - increased maximum value for "channel.frequency" to 7300;
wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
winbox - added "Username" and "Password" properties under "Container/Config" menu;
winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
winbox - changed route flag name from "invalid" to "inactive";
winbox - fixed "TLS" property under "Tools/Email" menu;
winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
winbox - fixed changing slot name under "System/Disk" menu;
winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
winbox - fixed minor typo in "WifiWave2/Radios" menu;
winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
winbox - improved Ethernet advertise, speed and duplex settings;
winbox - only show permitted countries for wifiwave2 interfaces;
winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
www - allow unsecure HTTP access to REST API;
x86 - fixed changing software-id (introduced in v7.7);
zerotier - upgraded to version 1.10.3;

New in RouterOS 7.9 RC 5 (Apr 28, 2023)

New in RouterOS 7.9 RC 4 (Apr 25, 2023)

New in RouterOS 7.9 RC 3 (Apr 13, 2023)

New in RouterOS 7.9 RC 2 (Apr 6, 2023)

New in RouterOS 7.9 RC 1 (Mar 31, 2023)

New in RouterOS 7.9 Beta 4 (Mar 24, 2023)

*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;

New in RouterOS 7.8 Stable (Feb 27, 2023)

storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
bgp - fixed setting of "default-prepend" parameter;
bridge - fixed adding disabled MSTI;
bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
bridge - fixed possible DHCP packet corruption when using DHCP snooping;
bridge - fixed PVID warning typo;
bridge - improved HW offloading logic;
certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
certificate - fixed PBES2 certificate import;
certificate - improved certificate management, signing and storing processes;
certificate - improved multiple certificate import process;
conntrack - improved system stability when changing connection tracking state;
conntrack - improved system stability when PPTP helper is used;
console - added "as-string" parameter to the ":execute" command;
container - added authentication option for registry (CLI only);
container - fixed ".type" file ownership;
container - fixed file ownership after system upgrade for containers running on internal disk;
container - fixed multiple container automatic startup on boot;
dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
disk - limit maximum TMPFS size;
dns - added configurable DoH concurrent query limitation parameters;
dns - do not cache results from ":resolve" command with specific server;
dns - fixed CNAME reading from the cache;
dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
firewall - fixed bridge priority target;
firewall - fixed DSCP priority target for IPv6 Mangle;
firewall - fixed netmap range maximum address calculation for IPv6 NAT;
graphing - fixed hiding of target queues when "allow-target" is disabled;
graphing - fixed sorting of interface and queue graphs;
graphing - properly handle disabled and static-binding interface graphs;
graphing - removed "move" command for graphing rules;
health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
hotspot - fixed setting of "address" parameter for IP binding;
hotspot - restore cookie timeout on reboot;
ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
ipsec - added support for "Framed-Route" RADIUS attribute support;
ipsec - do not match incoming IKE requests by unresolved DNS name peers;
ipsec - fixed peer matcher for incoming connection with unresolved DNS;
ipv6 - added "pref64" option configuration for RA;
ipv6 - improved handling of "advertise" IPv6 address status changes;
ipv6 - limited "hop-limit" parameter value range to 255;
ipv6 - made distributed DNS lifetime RFC8106 compliant;
l3hw - added destination MAC address check for offloaded FastTrack connections;
led - fixed signal reading for KNOT device;
leds - always require to set interface name when setting "modem-signal" indication;
lte - added AT support for Telit LE910C4 in MBIM mode;
lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
lte - fixed dialing for Fibocom L850-GL module;
lte - fixed displaying of "subscriber-number";
lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
lte - parse USSD even if encoding is unsupported;
mpls - fixed handling of more than 9 VRF's;
mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
mpls - improved stability when neighboring router reboots;
ospf - fixed "ospf-type" parameter for OSPFv3 routes;
ospf - fixed simple auth for OSPFv3;
ovpn - added AES-GCM and multicore encryption support;
ovpn - improved server stability;
ovpn - improved TLS-related error logging;
pimsm - improved system stability;
poe - added LLDP power management support for 802.3at PSE;
poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
port - fixed modem channel number on KNOT;
pppoe - fixed PPPoE client scan showing only one server;
resource - show filesystem related statistics on CCR2004;
route - fixed IPv6 default route presence when received from RA;
route - fixed printing of routing table's "count-only" parameter;
route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
sfp - fixed false link detection with S+RJ10 on RB5009;
sfp - fixed reading of SFP EEPROM on single SFP port devices;
sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
sms - improved reporting of SMS sending errors;
sms - log USSD response when USSD is sent over MBIM;
sniffer - added additional filtering parameters;
snmp - do not show identity in LLDP when branding is used with hide SNMP data;
snmp - fixed handling of disabled routes;
snmp - fixed reporting of total number of routes counter;
ssh - hard-coded "localhost" address for forwarding requests;
ssh - improved system stability when processing none-crypto SSH connection;
sstp - fixed TLS session establishment when "connect-to" is DNS name;
switch - fixed SFP rate select for CRS354 devices;
switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
switch - improved system stability for 98DXxxxx switch chips;
swos - removed "/system swos" menu for CRS5xx series switches;
torch - allow "without-paging" parameter for Torch;
traffic-generator - increased maximum allowed stream count;
upgrade - show error message when license prohibits upgrade;
usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected;
vxlan - added "dont-fragment" setting that allows managing fragmentation;
vxlan - added "max-fdb-size" parameter;
vxlan - added FastPath support;
webfig - allow setting numeric values in time interval fields;
webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
webfig - fixed editing of multi-field parameters with "not" checkbox;
webfig - fixed handling of empty skin files;
webfig - improved navigation responsiveness;
webfig - improved skin file parsing;
webfig - improved terminal operation;
webfig - properly escape all reserved URI characters;
webfig - updated WebFig and graph web pages to HTML5;
wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
wifiwave2 - implement 802.11w management protection SA Query procedures;
wifiwave2 - improve protections from denial-of-service attacks on WPA3;
winbox - added "Connect" button under "WifiWave2/Scan" menu;
winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
winbox - added "Provision" button under "WifiWave2" menu;
winbox - added "Start On Boot" checkbox under "Container" menu;
winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
winbox - added missing properties when setting "Use DoH Server";
winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
winbox - fixed displaying of flags under "System/Console" menu;
winbox - fixed displaying of multiple character flags;
winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
winbox - hide "TTL" value for static DNS entries with FWD type;
winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
winbox - show "Gateway" column by default under "IPv6/Routes" menu;
x86 - added support for TP-Link TG-3468;
x86 - fixed SR-IOV support for Intel X710 series NIC;
x86 - improved Intel 500 series 10G SFP module support;
x86 - improved stability for Intel X550 series NIC with SR-IOV;
zeroter - fixed routes after VRF change;

New in RouterOS 7.8 RC 3 (Feb 22, 2023)

New in RouterOS 7.8 RC 2 (Feb 16, 2023)

New in RouterOS 7.8 RC 1 (Feb 10, 2023)

New in RouterOS 7.8 Beta 3 (Feb 3, 2023)

Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
Storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
Bridge - fixed adding disabled MSTI;
Bridge - improved HW offloading logic;
Certificate - fixed PBES2 certificate import;
Certificate - improved multiple certificate import process;
Console - improved ":execute" command to output a string when a file is not specified;
Dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
Dns - fixed CNAME reading from the cache;
Dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
Health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
Ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
Ipsec - fixed peer matcher for incoming connection with unresolved DNS;
Ipv6 - improved handling of "advertise" IPv6 address status changes;
Led - fixed signal reading for KNOT device;
Lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
Pimsm - improved system stability;
Poe - added LLDP power management support for 802.3at PSE;
Pppoe - fixed PPPoE client scan showing only one server;
Route - added hoplimit and metric parameters to SLAAC routes;
Routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
Routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
Sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
Switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
Usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
Vxlan - added FastPath support;
Webfig - improved terminal operation;
Wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
Wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
Winbox - added "Connect" button under "WifiWave2/Scan" menu;
Winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
Winbox - added "Provision" button under "WifiWave2" menu;
Winbox - added "Start On Boot" checkbox under "Container" menu;
Winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
Winbox - added missing cipher properties for OVPN server and client;
Winbox - added missing filtering properties under "Tools/Packet Sniffer" menu;
Winbox - added missing properties when setting "Use DoH Server";
Winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
Winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
Winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
Winbox - hide "TTL" value for static DNS entries with FWD type;
Winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
Winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
Zeroter - fixed routes after VRF change;

New in RouterOS 7.8 Beta 2 (Jan 20, 2023)

Storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
Bgp - fixed setting of "default-prepend" parameter;
Bridge - fixed PVID warning typo;
Bridge - improved HW offloading logic;
Certificate - improved certificate management, signing and storing processes;
Conntrack - improved system stability when changing connection tracking state;
Container - added authentication option for registry (CLI only);
Container - fixed ".type" file ownership;
Container - fixed file ownership after system upgrade for containers running on internal disk;
Container - fixed multiple container automatic startup on boot;
Disk - limit maximum TMPFS size;
Dns - added configurable DoH concurrent query limitation parameters (CLI only);
Dns - do not cache results from ":resolve" command with specific server;
Dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
Firewall - fixed bridge priority target;
Firewall - fixed DSCP priority target for IPv6 Mangle;
Firewall - fixed netmap range maximum address calculation for IPv6 NAT;
Graphing - fixed hiding of target queues when "allow-target" is disabled;
Graphing - fixed sorting of interface and queue graphs;
Graphing - properly handle disabled and static-binding interface graphs;
Graphing - removed "move" command for graphing rules;
Hotspot - fixed setting of "address" parameter for IP binding;
Hotspot - restore cookie timeout on reboot;
Ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
Ipsec - added support for "Framed-Route" RADIUS attribute support;
Ipsec - do not match incoming IKE requests by unresolved DNS name peers;
Ipv6 - added "pref64" option configuration for RA;
Ipv6 - limited "hop-limit" parameter value range to 255;
Ipv6 - made distributed DNS lifetime RFC8106 compliant;
L3hw - added destination MAC address check for offloaded FastTrack connections;
Lte - added AT support for Telit LE910C4 in MBIM mode;
Lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
Lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
Lte - fixed dialing for Fibocom L850-GL module;
Lte - fixed displaying of "subscriber-number";
Lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
Lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
Lte - parse USSD even if encoding is unsupported;
Mpls - fixed handling of more than 9 VRF's;
Mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
Mpls - improved stability when neighboring router reboots;
Ospf - fixed "ospf-type" parameter for OSPFv3 routes;
Ospf - fixed simple auth for OSPFv3;
Ovpn - added AES-GCM and multicore encryption support (CLI only);
Poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
Port - fixed modem channel number on KNOT;
Resource - show filesystem related statistics on CCR2004;
Route - fixed IPv6 default route presence when received from RA;
Route - fixed printing of routing table's "count-only" parameter;
Sfp - fixed false link detection with S+RJ10 on RB5009;
Sfp - fixed reading of SFP EEPROM on single SFP port devices;
Sms - improved reporting of SMS sending errors;
Sms - log USSD response when USSD is sent over MBIM;
Sniffer - added additional filtering parameters (CLI only);
Snmp - do not show identity in LLDP when branding is used with hide SNMP data;
Snmp - fixed handling of disabled routes;
Snmp - fixed reporting of total number of routes counter;
Ssh - hard-coded "localhost" address for forwarding requests;
Sstp - fixed TLS session establishment when "connect-to" is DNS name;
Switch - fixed SFP rate select for CRS354 devices;
Switch - improved system stability for 98DXxxxx switch chips;
Torch - allow "without-paging" parameter for Torch;
Traffic-generator - increased maximum allowed stream count;
Upgrade - show error message when license prohibits upgrade;
Vxlan - added "dont-fragment" setting that allows managing fragmentation;
Webfig - allow setting numeric values in time interval fields;
Webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
Webfig - fixed editing of multi-field parameters with "not" checkbox;
Webfig - fixed handling of empty skin files;
Webfig - improved navigation responsiveness;
Webfig - improved skin file parsing;
Webfig - properly escape all reserved URI characters;
Webfig - updated WebFig and graph web pages to HTML5;
Wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
Wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
Wifiwave2 - implement 802.11w management protection SA Query procedures;
Wifiwave2 - improve protections from denial-of-service attacks on WPA3;
Winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
Winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
Winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
Winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
Winbox - fixed displaying of flags under "System/Console" menu;
Winbox - fixed displaying of multiple character flags;
Winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
Winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
Winbox - show "Gateway" column by default under "IPv6/Routes" menu;
X86 - added support for TP-Link TG-3468;
X86 - fixed SR-IOV support for Intel X710 series NIC;
X86 - improved Intel 500 series 10G SFP module support;
X86 - improved stability for Intel X550 series NIC with SR-IOV;

New in RouterOS 7.7 Stable (Jan 12, 2023)

bgp - added comment functionality for BGP VPN (CLI only);
bgp - do not reflect route back to sender;
bgp - fixed BGP advertisement PCAP saver;
bgp - fixed connection establishment using link-local addresses;
bgp - improved BGP advertisement printing;
bgp - improved BGP session load distribution across multiple CPU cores;
bgp - properly set "bgp-ext-communities" from "communities" list;
bluetooth - added unique advertise message filtering;
bonding - properly detect VPLS interface state changes;
branding - fixed identity setting from branding package;
bridge - added support for static MDB entries;
bridge - disallow port-controller while the bridge has MSTP enabled;
bridge - fixed "edge=yes" setting for MSTP;
bridge - fixed MSTP compatibility with STP;
bridge - fixed R/M/STP bridge identifier on protocol-mode change;
bridge - fixed RSTP BCP with bridged PPP interfaces;
bridge - fixed STP blocking state on port-controller;
bridge - fixed host moving with fast-path;
bridge - fixed incorrect root port blocking for MSTP;
bridge - fixed master port conversion;
bridge - fixed mst-override port priority for MSTP;
bridge - fixed port priority for STP and RSTP;
bridge - improved port-controller system stability;
bridge - improved system stability when using MSTP and many VLAN mappings;
bridge - removed "age" monitoring property from the host table;
certificate - improved Let's Encrypt logging and error recovery;
certificate - improved certificate management, signing and storing processes;
conntrack - improved system stability when PPTP helper is used;
conntrack - improved system stability when processing SCTP connections on TILE;
console - updated copyright notice;
container - fixed access to "/dev/stderr" from containers;
container - fixed handling of groups and usernames from Dockerfile;
container - fixed tar extracting;
container - made "ram" and "tmp" directories use tmpfs;
crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
dhcpv6-client - handle receiving of invalid T1 and T2 times;
discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
discovery - added "mode" parameter for discovery configuration;
discovery - fixed neighbor discovery on Mesh interfaces;
discovery - report IPv6 LL address if global address does not exist;
disk - added support for manual RAM file system (TMPFS) creation (CLI only);
disk - improved external storage file system mounting, formatting and naming;
dns - do not query upstream DNS servers for matched regex records;
dns - fixed changing of "forward-to" parameter for FWD entries;
dns - fixed handling of CNAME entry pointing to another FWD entry;
dns - fixed handling of FWD entries where "forward-to" is a hostname;
dns - fixed incorrect TTL=0 reporting for cached entries;
dns - improved resolved static entry addition to address list;
dns - improved service stability when CNAME points to a FWD entry;
dns - query upstream DNS servers for other record types even if static entry exists;
dns - require "write" policy for DNS cache flushing;
dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
filesystem - fixed repartition on devices with containers;
firewall - added "set-priority" option for IPv6 mangle firewall;
firewall - made "dynamic" parameter settable for IPv4 address lists;
hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation;
hotspot - fixed maximum allowed connections limitation;
hotspot - fixed minor memory leak after each successful login from WEB;
hotspot - improved limitation of maximum allowed connections;
hotspot - improved system stability when clients migrate between bridge ports or VLANs;
ike1 - disallow "remote-id" setting for identity;
ike1 - fixed XAuth responder trying to recreate phase 1;
ike1 - improved expired IPsec-SA processing;
ike2 - added support for ChaChaPoly1305 encryption;
ike2 - added support for ChaChaPoly1305 encryption;
ike2 - added support for DH Group 31 (EC25519) (CLI only);
ike2 - fixed rekey notify creation;
ike2 - improved certificate payload parsing;
interface - do not allow adding invalid "veth" interfaces;
interface - improved system stability when handling large packets on CCR2216;
interface - show RTL8153 CDC Modem Device as ethernet;
ipsec - added "current-address" parameter for peers with DNS address;
ipsec - added hardware acceleration support for IPQ-6010;
ipsec - added support for AVX optimized SHA acceleration;
ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
ipsec - improved IKE payload processing;
ipsec - improved configuration of IPsec proposal auth-algorithms;
ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
l2tp - added VRF support for L2TP Ether interfaces;
l3hw - fixed host offloading in a case of MAC address change;
l3hw - fixed offloaded NAT for CRS309 switch;
l3hw - improved system stability when disabling or enabling L3HW offloading;
leds - fixed default LED configuration on netFiber 9;
leds - fixed turning off LEDs after system shutdown;
lte - added AT channel support for Telit FN990;
lte - added CA information in 5G mode;
lte - fixed error handling on opening AT control channel;
lte - fixed new MTU value validation;
lte - improved stability when LTE passthrough is enabled on Chateau 5G;
lte - properly show leading zeros in MCC and MNC strings;
lte - show band number in "ca-band" in NSA mode on Chateau 5G;
lte - use RSRP value reported by MBIM signal for MBIM type modems;
macsec - fixed packet duplication on Ethernet interface;
macsec - fixed packet transmission using traffic-generator;
macsec - fixed packet validation;
modem - added USB tethering support for Google Pixel 7 devices;
mpls - added VPLS LDP information in remote/local-mappings;
mpls - fixed assigning of explicit null label for IPv6;
netinstall - added "-i " parameter for Netinstall (CLI Linux);
netinstall - fixed Netinstall procedure on RouterBOOT versions from 3.27 to 6.41;
netinstall - improved automatic netbooting interface selection;
netwatch - added support for "https-get" type (CLI only);
netwatch - fixed reporting of VRF name in logging messages;
netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
ntp - log error message when server is unreachable;
ospf - fixed MD5 checksum calculation;
ospf - fixed simple authentication and checksums for NBMA and PTMP links;
ospf - fixed simple authentication checksum calculation;
ospf - fixed virtual-link address selection for PTP links;
ovpn - added "CBC" postfix to AES cipher names;
ovpn - added "route-nopull" option for client side;
ovpn - added hardware acceleration support for IPQ-6010;
ovpn - added support for IPv6 tunneling;
ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
ping - fixed ARP ping;
port - added serial port support for Telit FN990 modem;
port - do not show unusable USB port on hAP ax^2;
port - fixed R11e-LTE6 port mapping;
ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
ppp - do not inherit routing mark for encapsulated packets;
ppp - fixed displaying of "info" command for PPP client;
ppp - improved authentication method negotiation;
pppoe - improved service stability when establishing PPPoE sessions;
quickset - fixed addition of bridge filter rules in bridged mode;
quickset - fixed interface list member table on configuration changes;
quickset - update DNS server IP address when changing router's IP address;
rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
sfp - added 2.5G SFP module support for RB5009;
sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
snmp - added support for "lldpRemLocalPortNum" OID's;
snmp - improved stability when receiving bogus packets;
ssh - added support for Ed25519 key exchange;
ssh - do not allow SHA1 usage with strong crypto enabled;
ssh - fixed handling of non standard size RSA keys;
supout - added MSTI and mst-override monitor for bridge MSTP;
supout - added missing IPv6 firewall sections;
switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
switch - increased the maximum value of "rate" for ACL rules;
swos - fixed "allow-from-ports" setting;
swos - fixed SwOS configuration changes from RouterOS;
swos - improved default SwOS backup file name;
system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
system - improved handling of user policies;
timezone - updated timezone information from "tzdata2022g" release;
tr069-client - updated data model to version 2.15;
traffic-flow - fixed sending of sampling interval;
tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
vpls - expose VPLS related debug logs to "vpls" logging topic;
vrrp - always use slave interface MTU;
vrrp - improved interface stability on configuration changes;
vxlan - added "local-address" parameter support;
vxlan - added VRF support;
w60g - improved system stability for Cube Pro devices;
webfig - ensure login page is displayed after each log out;
webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
webfig - fixed displaying of VRF routes;
webfig - fixed input validation for "VPLS ID" parameter;
webfig - fixed setting of "DHCP Option Set" parameter;
webfig - improved WEB caching capabilities;
webfig - properly detect current location for navigation buttons;
webfig - properly show limited number of available options;
wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
wifiwave2 - added information of per-station throughput in the registration table;
wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
wifiwave2 - added more informative log messages on configuration profile changes;
wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
wifiwave2 - fixed "radio-mac" provisioning matcher;
wifiwave2 - fixed 4-way handshake with TKIP;
wifiwave2 - improved compliance with regulatory domain information;
wifiwave2 - improved general system stability;
wifiwave2 - improved system stability when multiple virtual AP are configured;
wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
winbox - do not show LACP related status parameters for other bonding types;
winbox - fixed default MTU value for CAP interfaces;
winbox - fixed minor typo in "Zerotier" menu;
winbox - improved handling of large WinBox protocol messages;
winbox - increased maximum number of Winbox read-only sessions 5->25;
winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
winbox - removed bogus VRF tab from "Interface" menu;
winbox - show "Switch" menu on Chateau 5G ax;
winbox - show "Switch" menu on NetFiber 9;
winbox - show "System/Health/Settings" only on boards that have configurable values;
winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
winbox - show "USB Power Reset" menu on Chateau 5G ax;
winbox - show dynamic comment in WifiWave2 registration table;
wireless - fixed "nstreme" related parameter control in skins;
wireless - fixed setting of realms interworking parameter if realms-raw is unset;
x86 - added support for SUN 10G NICs;
x86 - improved igc driver support;

New in RouterOS 7.7 RC 5 (Jan 11, 2023)

New in RouterOS 7.7 RC 1 (Dec 12, 2022)

certificate - improved Let's Encrypt logging and error recovery;
disk - added support for manual RAM file system (TMPFS) creation (CLI only);
dns - fixed regex matching (introduced in v7.7beta9);
dns - fixed resolving of FWD entries (introduced in v7.7beta8);
dns - require "write" policy for DNS cache flushing;
dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
ike1 - disallow "remote-id" setting for identity;
interface - show RTL8153 CDC Modem Device as ethernet;
ipsec - added "current-address" parameter for peers with DNS address;
leds - fixed default LED configuration on netFiber 9;
leds - fixed turning off LEDs after system shutdown;
lte - properly show leading zeros in MCC and MNC strings;
modem - added USB tethering support for Google Pixel 7 devices;
mpls - fixed assigning of explicit null label for IPv6;
ovpn - added support for IPv6 tunneling;
switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
swos - fixed SwOS configuration changes from RouterOS;
wifiwave2 - added information of per-station throughput in the registration table;
wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
winbox - do not show LACP related status parameters for other bonding types;
winbox - fixed default MTU value for CAP interfaces;
winbox - increased maximum number of Winbox read-only sessions 5->25;
winbox - removed bogus VRF tab from "Interface" menu;
winbox - show "Switch" menu on NetFiber 9;
winbox - show dynamic comment in WifiWave2 registration table;
wireless - fixed "nstreme" related parameter control in skins;

New in RouterOS 7.7 Beta 9 (Dec 1, 2022)

New in RouterOS 7.7 Beta 6 (Nov 7, 2022)

New in RouterOS 7.7 Beta 4 (Oct 28, 2022)

New in RouterOS 7.7 Beta 3 (Oct 26, 2022)

Bgp - improved BGP advertisement printing;
Bonding - properly detect VPLS interface state changes;
Bridge - added support for static MDB entries;
Bridge - disallow port-controller while the bridge has MSTP enabled;
Bridge - fixed "edge=yes" setting for MSTP;
Bridge - fixed incorrect root port blocking for MSTP;
Bridge - fixed mst-override port priority for MSTP;
Bridge - fixed MSTP compatibility with STP;
Bridge - fixed port priority for STP and RSTP;
Bridge - fixed RSTP BCP with bridged PPP interfaces;
Bridge - fixed STP blocking state on port-controller;
Bridge - improved port-controller system stability;
Bridge - improved system stability when using MSTP and many VLAN mappings;
Certificate - improved certificate management, signing and storing processes;
Container - fixed handling of groups and usernames from Dockerfile;
Dhcpv6-client - handle receiving of invalid T1 and T2 times;
Discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
Discovery - added "mode" parameter for discovery configuration;
Discovery - fixed neighbor discovery on Mesh interfaces;
Discovery - report IPv6 LL address if global address does not exist;
Filesystem - fixed repartition on devices with containers;
Hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
Ike1 - improved expired IPsec-SA processing;
Interface - improved system stability when handling large packets on CCR2216;
Ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
Ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
Ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
L2tp - added VRF support for L2TP Ether interfaces;
Lte - added CA information in 5G mode;
Lte - fixed new MTU value validation;
Lte - use RSRP value reported by MBIM signal for MBIM type modems;
Lte - validate bearer count when activating MBIM modem;
Macsec - fixed packet duplication on Ethernet interface;
Macsec - fixed packet transmission using traffic-generator;
Macsec - fixed packet validation;
Netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
Ntp - log error message when server is unreachable;
Ospf - fixed simple authentication and checksums for NBMA and PTMP links;
Ospf - fixed virtual-link address selection for PTP links;
Ping - fixed ARP ping;
Port - added serial port support for Telit FB990 modem;
Port - do not show unusable USB port on hAP ax^2;
Ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
Quickset - fixed addition of bridge filter rules in bridged mode;
Quickset - fixed interface list member table on configuration changes;
Quickset - update DNS server IP address when changing router's IP address;
Rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
Sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
Snmp - added support for "lldpRemLocalPortNum" OID's;
Supout - added missing IPv6 firewall sections;
Supout - added MSTI and mst-override monitor for bridge MSTP;
Switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
Switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
Switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
System - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
System - improved handling of user policies;
Tr069-client - updated data model to version 2.15;
Traffic-flow - fixed sending of sampling interval;
Tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
Vxlan - added "local-address" parameter support;
Vxlan - added VRF support;
Webfig - fixed displaying of VRF routes;
Webfig - fixed input validation for "VPLS ID" parameter;
Webfig - fixed setting of "DHCP Option Set" parameter;
Wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
Wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
Wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
Wifiwave2 - added more informative log messages on configuration profile changes;
Wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
Wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
Wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
Wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
Winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
Winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
Winbox - fixed minor typo in "Zerotier" menu;
Winbox - improved handling of large WinBox protocol messages;
Winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
Winbox - show "Switch" menu on Chateau 5G ax;
Winbox - show "System/Health/Settings" only on boards that have configurable values;
Winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Winbox - show "USB Power Reset" menu on Chateau 5G ax;
Wireless - fixed setting of realms interworking parameter if realms-raw is unset;

New in RouterOS 7.6 Stable (Oct 18, 2022)

Bgp - added support for BGP advertisement displaying (CLI only);
Bgp - fixed reporting of session uptime;
Bgp - improved session establishment speed after bootup;
Bonding - fixed ARP monitor packets with bond's MAC address;
Bonding - improved interface stability on slave configuration changes;
Bonding - reduce "actual-mtu" according to interface "l2mtu";
Branding - execute "autorun.scr" file when installing branding package;
Capsman - fixed RADIUS accounting when EAP is used;
Certificate - fixed SHA1 certificate name lookup;
Certificate - improved certificate management, signing and storing processes;
Certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
Container - added "start-on-boot" parameter for automatic container startup;
Container - allow changing container related parameters while it is running;
Container - fixed usage of non-authenticated registries;
Dhcpv4-server - fixed matcher functionality;
Dhcpv4-server - fixed RADIUS accounting for local leases;
Dhcpv4-server - improved service stability when removing dynamic leases;
Dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
Dns - added "match-subdomain" option for static entries (CLI only);
Dot1x - fixed incorrect error when using "mac-auth";
Ethernet - added "5Gbps" option for speed setting;
Firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
Firewall - disable IRC NAT helper on upgrade;
Firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
Firewall - fixed IRC NAT helper (CVE-2022-2663);
Firewall - fixed usage of "netmap" action for IPv6 source NAT;
Health - fixed fan speed and temperature reporting on CCR1072;
Health - improved voltage reading on RBmAP-2nD;
Hotspot - fixed service initialization when HTML directory configured on an external disk;
Hotspot - fixed SSL usage on all HotSpot pages;
Hotspot - improved stability when receiving bogus packets;
Hotspot - limit maximum allowed connections based on free RAM resources;
Hotspot - removed "routerboard.com" URL from default HotSpot advertise;
Interface - added warning when interface has configured "mtu" higher than "l2mtu";
Ipsec - added "invalid-packets" counter for Installed SA's menu;
Ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
L3hw - added "l3hw-settings" sub menu under the switch menu;
L3hw - added support for IPv6 route offloading (disabled by default);
L3hw - fixed "H" flag presence for accelerated connection tracking entries;
L3hw - fixed possible packet loss when using HW offloaded NAT;
L3hw - improved connected host offloading on startup;
L3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
L3hw - improved system stability;
L3hw - made route offloading selection work only on unicast;
Lte - added interface name in MTU debug logging message;
Lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
Lte - added support for Neoway N75-EA;
Lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
Lte - disabled RPLMN on Chateau 5G;
Lte - fixed at-chat on Telit FN980m;
Lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
Lte - fixed MBIM modem initialization;
Lte - fixed re-attaching on PS detach for MBIM modems;
Lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
Macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
Macsec - added logging support with "debug" and "dot1x" topics;
Macsec - added support for MTU and L2MTU;
Macsec - fixed interface after Ethernet link down;
Macsec - fixed interface statistics and missing properties;
Macsec - fixed interface status;
Macsec - fixed multiple interface creation on different Ethernet ports
Macsec - improved interface stability;
Macsec - improved system stability for TILE and RB5009 devices;
Macsec - removed interface from SMIPS devices;
Mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
Netwatch - fixed string variable values in script;
Ntp - improved initial synchronization speed after bootup;
Ospf - added SHA hashing for authentication;
Ospf - fixed area "no-summary" setting;
Ospf - fixed checksum calculation;
Ospf - fixed displaying of VRF interface in related logs;
Ospf - fixed transmit of LSA/ACK's on p2p interfaces;
Ospf - improved logging when invalid configuration is detected;
Ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
Ovpn - added IPv6 support;
Ovpn - added VRF support for client;
Ppp - fixed memory leak;
Ppp - improved service stability when multiple users disconnect simultaneously;
Pppoe - fixed MRU negotiation even when it is set to 1500;
Qsfp - added interface temperature warnings and shutdown;
Queue - improved stability for CAKE type queues;
Radius - require "policy" policy for "login" service configuration;
Rip - fixed passwordless MD5 authentication;
Route-filter - fixed filtering for multiple community routes;
Route-filter - fixed memory allocation when moving entries;
Route - fixed disappearance of inactive static routes after upgrade;
Route - fixed memory leak;
Routerboard - return router's short name in "model" parameter;
Routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
Serial - added support for newer PL2303 serial controllers;
Sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
Sms - added "status-report-request" parameter for "send" command;
Sms - fixed handling of SMS send attempts on unsupported modems;
Snmp - improved retrieval of routing related OID's;
Snmp - improved stability when receiving bogus packets;
Ssh - increased key generation timeout;
Sstp - added VRF support for client;
Supout - added tr069-client section;
Supout - removed duplicate "bridge-controller" section;
Switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
System - renamed error messages when trying to edit or remove dynamic entries;
Tile - improved system stability when processing packets;
Tr069-client - do not allow ":" symbols in username;
Tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
User-manager - accept any username for outer authentication;
User-manager - added "comment" parameter for batch user creation;
User-manager - added support for multiple accounting sessions;
User-manager - added variables to print profile name and end time in voucher templates;
User-manager - allow specifying router's address as subnet;
User-manager - fixed "migrate-legacy-db" command;
User-manager - fixed session expiry when it is stopped by Disconnect-Request;
User-manager - forced username verification against client's certificate for EAP-TLS;
User-manager - use "Class" attribute to associate user's accounting session;
User - removed unused "dude" policy;
Vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
Vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
W60g - improved system stability (introduced in v7.5);
Webfig - fixed creation of new IPv6 routes;
Webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
Webfig - fixed hex input for "Host Uniq" field;
Webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
Wifiwave2 - fixed enabling of unconfigured interfaces;
Wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
Wifiwave2 - fixed RADIUS accounting after fast-transition;
Wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
Winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
Winbox - added "address-list" parameter under "IP/DNS/Static" menu;
Winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
Winbox - added icon for TR069-client menu;
Winbox - added MACsec support;
Winbox - added quick filtering option for route list;
Winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
Winbox - added "Reset Traffic Counters" button for all interfaces;
Winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
Winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
Winbox - allow to rename mounted disks;
Winbox - changed order of tabs under "User Manager" menu;
Winbox - changed "uptime" parameter format when using the wifiwave2 package;
Winbox - do not show unavailable features on SMIPS devices;
Winbox - fixed interface traffic graph drawing on RB5009;
Winbox - fixed maximum allowed value for VRRP's "priority" parameter;
Winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
Winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
Winbox - fixed "System/SwOS" window refreshing after changes are detected;
Winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
Winbox - made "backup.swb" the default value for SwOS backup;
Winbox - made sessions removable in "User Manager" menu;
Winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
Winbox - show "Switch" menu on Chateau LTE18 ax;
Winbox - show "System/Health" only on boards that have health monitoring;
Winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Wireguard - strip whitespaces from keys;
Wireless - disallowed using "default" as scan list or channel names;
Wireless - fixed incorrectly applied ingress priority to non-wireless packets;
Wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
Www - improved stability when receiving bogus packets;
X86 - improved ixgbe driver support;

New in RouterOS 7.6 RC 3 (Oct 14, 2022)

New in RouterOS 6.49.7 Stable (Oct 13, 2022)

New in RouterOS 7.6 RC 2 (Oct 12, 2022)

New in RouterOS 7.6 RC 1 (Oct 5, 2022)

New in RouterOS 7.6 Beta 10 (Sep 30, 2022)

bgp - improved session establishment speed after bootup;
bonding - fixed ARP monitor packets with bond's MAC address;
bonding - improved interface stability on slave configuration changes;
bonding - reduce "actual-mtu" according to interface "l2mtu";
capsman - fixed RADIUS accounting when EAP is used;
certificate - improved certificate management, signing and storing processes;
dhcpv4-server - fixed RADIUS accounting for local leases;
dns - added "match-subdomain" option for static entries (CLI only);
interface - added warning when interface has configured "mtu" higher than "l2mtu";
ipsec - added "invalid-packets" counter for Installed SA's menu;
ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
lte - fixed re-attaching on PS detach for MBIM modems;
macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
macsec - added logging support with "debug" and "dot1x" topics;
macsec - added support for MTU and L2MTU;
macsec - improved interface stability;
macsec - improved system stability for TILE and RB5009 devices;
mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
ospf - fixed transmit of LSA/ACK's on p2p interfaces;
ovpn - added IPv6 support;
ovpn - added VRF support for client;
ppp - improved service stability when multiple users disconnect simultaneously;
qsfp - added interface temperature warnings and shutdown;
rip - fixed passwordless MD5 authentication;
route-filter - fixed filtering for multiple community routes;
route-filter - fixed memory allocation when moving entries;
routerboard - return router's short name in "model" parameter;
serial - added support for newer PL2303 serial controllers;
sstp - added VRF support for client;
supout - added tr069-client section;
supout - removed duplicate "bridge-controller" section;
user-manager - use "Class" attribute to associate user's accounting session;
vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
winbox - added icon for TR069-client menu;
winbox - added "L3 HW Settings" under "Switch" menu;
winbox - added quick filtering option for route list;
winbox - added "Reset Traffic Counters" button for all interfaces;
winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
winbox - changed "uptime" parameter format when using the wifiwave2 package;
winbox - do not show unavailable features on SMIPS devices;
winbox - fixed maximum allowed value for VRRP's "priority" parameter;
winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
winbox - show "System/Health" only on boards that have health monitoring;
wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;

New in RouterOS 7.6 Beta 8 (Sep 23, 2022)

New in RouterOS 7.6 Beta 7 (Sep 19, 2022)

Bgp - fixed reporting of session uptime;
Branding - execute "autorun.scr" file when installing branding package;
Certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
Container - allow changing container related parameters while it is running;
Health - improved voltage reading on RBmAP-2nD;
Hotspot - fixed SSL usage on all HotSpot pages;
L3hw - improved connected host offloading on startup;
L3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
L3hw - made route offloading selection work only on unicast;
Lte - added interface name in MTU debug logging message;
Ospf - fixed checksum calculation;
Ospf - improved logging when invalid configuration is detected;
Route - fixed disappearance of inactive static routes after upgrade;
Routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
Sms - fixed handling of SMS send attempts on unsupported modems;
User-manager - accept any username for outer authentication;
User-manager - added "comment" parameter for batch user creation;
User-manager - added support for multiple accounting sessions;
User-manager - added variables to print profile name and end time in voucher templates;
User-manager - forced username verification against client's certificate for EAP-TLS;
Webfig - fixed creation of new IPv6 routes;
Winbox - changed order of tabs under "User Manager" menu;
Wireless - fixed incorrectly applied ingress priority to non-wireless packets;
Other changes since v7.5:
Container - added "start-on-boot" parameter for automatic container startup;
Container - fixed usage of non-authenticated registries;
Dhcpv4-server - improved service stability when removing dynamic leases;
Dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
Dot1x - fixed incorrect error when using "mac-auth";
Firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
Firewall - disable IRC NAT helper on upgrade;
Firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
Firewall - fixed IRC NAT helper (CVE-2022-2663);
Health - fixed fan speed and temperature reporting on CCR1072;
Hotspot - fixed service initialization when HTML directory configured on an external disk;
Hotspot - improved stability when receiving bogus packets;
Hotspot - limit maximum allowed connections based on free RAM resources;
Hotspot - removed "routerboard.com" URL from default HotSpot advertise;
L3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
L3hw - added support for IPv6 route offloading (disabled by default);
L3hw - fixed "H" flag presence for accelerated connection tracking entries;
L3hw - fixed possible packet loss when using HW offloaded NAT;
L3hw - improved system stability;
Lte - added interface name for MTU debug logging message;
Lte - added support for Neoway N75-EA;
Lte - disabled RPLMN on Chateau 5G;
Lte - fixed at-chat on Telit FN980m;
Netwatch - fixed string variable values in script;
Ntp - improved initial synchronization speed after bootup;
Ospf - added SHA hashing for authentication;
Ospf - fixed area "no-summary" setting;
Ospf - fixed displaying of VRF interface in related logs;
Ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
Ovpn - added IPv6 support for ethernet mode;
Ppp - fixed memory leak;
Pppoe - fixed MRU negotiation even when it is set to 1500;
Radius - require "policy" policy for "login" service configuration;
Route - fixed memory leak;
Sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
Sms - added "status-report-request" parameter for "send" command;
Ssh - increased key generation timeout;
System - renamed error messages when trying to edit or remove dynamic entries;
Tr069-client - do not allow ":" symbols in username;
User-manager - allow specifying router's address as subnet;
User-manager - fixed "migrate-legacy-db" command;
User-manager - fixed session expiry when it is stopped by Disconnect-Request;
User - removed unused "dude" policy;
Vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
W60g - improved system stability (introduced in v7.5);
Webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
Wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
Winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
Winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
Winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
Winbox - allow to rename mounted disks;
Winbox - fixed interface traffic graph drawing on RB5009;
Winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
Winbox - fixed "System/SwOS" window refreshing after changes are detected;
Winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
Winbox - made "backup.swb" the default value for SwOS backup;
Winbox - made sessions removable in "User Manager" menu;
Winbox - show "Switch" menu on Chateau LTE18 ax;
Winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Wireguard - strip whitespaces from keys;
Www - improved stability when receiving bogus packets;
X86 - improved ixgbe driver support;

New in RouterOS 7.6 Beta 6 (Sep 7, 2022)

New in RouterOS 7.6 Beta 4 (Sep 3, 2022)

container - fixed usage of non-authenticated registries;
dhcpv4-server - improved service stability when removing dynamic leases;
dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
firewall - disable IRC NAT helper on upgrade;
firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
firewall - fixed IRC NAT helper (CVE-2022-2663);
health - fixed fan speed and temperature reporting on CCR1072;
hotspot - fixed service initialization when HTML directory configured on an external disk;
hotspot - improved stability when receiving bogus packets;
hotspot - limit maximum allowed connections based on free RAM resources;
hotspot - removed "routerboard.com" URL from default HotSpot advertise;
l3hw - added support for IPv6 route offloading (disabled by default);
l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
l3hw - fixed "H" flag presence for accelerated connection tracking entries;
l3hw - improved system stability;
lte - added interface name for MTU debug logging message;
lte - added support for Neoway N75-EA;
lte - disabled RPLMN on Chateau 5G;
netwatch - fixed string variable values in script;
ospf - added SHA hashing for authentication;
ospf - fixed area "no-summary" setting;
ospf - fixed displaying of VRF interface in related logs;
ovpn - added IPv6 support for ethernet mode;
pppoe - fixed MRU negotiation even when it is set to 1500;
radius - require "policy" policy for "login" service configuration;
route - fixed memory leak;
sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
sms - added "status-report-request" parameter for "send" command;
tr069-client - do not allow ":" symbols in username;
user - removed unused "dude" policy;
vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
winbox - fixed interface traffic graph drawing on RB5009;
winbox - made "backup.swb" the default value for SwOS backup;
www - improved stability when receiving bogus packets;
x86 - improved ixgbe driver support;

New in RouterOS 7.5 (Aug 31, 2022)

bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
bgp - improved stability when "default-originate" is configured;
bridge - fixed "new-priority" value validation for NAT rules;
capsman - added randomized range option for "reselect-interval" parameter (CLI only);
certificate - fixed handling of empty AKID by SCEP client;
console - fixed automatic command completion with keypress;
container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
dhcpv4-server - fixed removal of dynamic leases when server is removed;
dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
dhcpv6-client - use /128 prefix for IA_NA addresses;
dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
dhcpv6-server - improved stability when acquiring binding;
dns - added "address-list" parameter for static DNS entries (CLI only);
dns - added "match-subdomain" option for static entries (CLI only);
firewall - added support for RTSP helper;
health - fixed "temperature" and "power-consumption" readings on RB1100x4;
health - improved voltage reading on CRS112-8P-4S;
health - renamed "cpu-temperature" to "switch-temperature" on CRS312-4C+8XG, CRS326-24S+2Q+, CRS354-48P-4S+2Q+, CRS354-48G-4S+2Q+, CRS504-4XQ-IN, CRS518-16XS-2XQ;
hostpot - fixed Walled Garden functionality for HTTPS sites;
hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
hotspot - improved stability when receiving bogus packets;
hotspot - limit maximum allowed connections based on free RAM resources;
hotspot - removed "https-redirect" option;
ike2 - allow sending certificate chain as initiator;
interface - fixed default interface naming on RB1100x2;
l3hw - fixed HW offloaded NAT;
leds - fixed default LED configuration for RBwsAP-5Hac2nD;
leds - fixed wireless LED functionality on LHGG;
lora - do not ignore negative sign for spoofed GPS coordinates;
lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
lte - changed cell ID info display to short format for 3G connections;
lte - disallow empty APN name only for default entry;
lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
lte - fixed LTE interface presence for Telit LN940;
lte - fixed UDP performance on MMIPS devices;
lte - improved antenna scan for Chateau devices with switchable antennas;
lte - improved configuration export when multiple LTE interfaces are present;
lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
netinstall - fixed Netinstall procedure for ARM devices;
netwatch - automatically start migrated probes from previous RouterOS versions;
netwatch - changed ICMP default packet loss fail threshold to 85%;
ntp - fixed NTP server when "use-local-clock" is used;
ospf - fixed handling of external forwarding address;
ospf - improved stability when interface is being disabled during database exchange;
ovpn - fixed encryption key renewal process which caused periodic session disconnects;
ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
ovpn - moved disconnected user logging message from "debug" to "info" topic;
ping - improved service stability;
port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
ppp - improved service stability under high load;
ppp - use /32 as default netmask if not specified for "routes" parameter;
ptp - improved system stability on CRS devices;
quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
rb5009 - fixed ether1 status reporting after system reboot;
route-filter - fixed "delete bgp-communities" command;
routerboard - added "reset-button" script feature for TILE devices;
sfp - fixed "eeprom" reading on single SFP port ARM devices;
sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
snmp - fixed usage of VRF after system startup;
socks - fixed "dst-port" usage when checking access list;
ssh - added AES support for PEM decryption;
ssh - fixed importing of public keys;
ssh - fixed minor typo issue when importing public key;
sstp - fixed client stuck in "nonce matching" state;
switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
switch - removed limit for number of hardware-offloaded bonding interfaces;
swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
traceroute - added "do-not-fragment" parameter support (CLI only);
traceroute - increased packet size limit to 65535;
vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
webfig - allow to specify NTP server as domain name;
webfig - fixed displaying of grahs in status pages;
webfig - fixed floating point field's negative value in -0.*** format;
wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
wifiwave2 - added support for 802.11k;
wifiwave2 - disable wireless interface after wireless configuration reset;
wifiwave2 - fixed displaying of AKM in scan results;
wifiwave2 - fixed duplicated AKM in RSN message;
wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
wifiwave2 - fixed reassociation response sending for fast transition over DS;
wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
wifiwave2 - fixed usage of Canada country setting on US locked devices;
wifiwave2 - improved default channel width selection for interfaces in station mode;
winbox - do not show previously attached LTE interfaces while establishing LTE connection;
winbox - enabled all filters by default under "Tools/Torch" menu;
winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
winbox - show warning messages for BGP connection entries;
wireless - fixed interface initialization on x86 devices;
x86 - allow downgrading to RouterOS v6 only if it was previously installed;
x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;

New in RouterOS 7.5 RC 2 (Aug 29, 2022)

New in RouterOS 7.5 RC 1 (Aug 23, 2022)

bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
bgp - improved stability when "default-originate" is configured;
bridge - fixed "new-priority" value validation for NAT rules;
capsman - added randomized range option for "reselect-interval" parameter (CLI only);
certificate - fixed handling of empty AKID by SCEP client;
console - fixed automatic command completion with keypress;
container - added tun/tap support for containers;
container - fixed free disk space checking;
container - fixed handling of mounted directories;
container - fixed imported tar image path logging message;
defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
dhcpv4-server - fixed removal of dynamic leases when server is removed;
dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
dhcpv6-client - use /128 prefix for IA_NA addresses;
dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
dhcpv6-server - improved stability when acquiring binding;
dns - added "address-list" parameter for static DNS entries (CLI only);
dns - added "match-subdomain" option for static entries (CLI only);
firewall - added support for RTSP helper;
health - fixed "temperature" and "power-consumption" readings on RB1100x4;
health - improved voltage reading on CRS112-8P-4S;
health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
hostpot - fixed Walled Garden functionality for HTTPS sites;
hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
hotspot - improved stability when receiving bogus packets;
hotspot - limit maximum allowed connections based on free RAM resources;
hotspot - removed "https-redirect" option;
ike2 - allow sending certificate chain as initiator;
interface - fixed default interface naming on RB1100x2;
l3hw - fixed HW offloaded NAT;
leds - fixed default LED configuration for RBwsAP-5Hac2nD;
leds - fixed wireless LED functionality on LHGG;
lora - do not ignore negative sign for spoofed GPS coordinates;
lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
lte - changed cell ID info display to short format for 3G connections;
lte - disallow empty APN name only for default entry;
lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
lte - fixed LTE interface presence for Telit LN940;
lte - fixed UDP performance on MMIPS devices;
lte - improved antenna scan for Chateau devices with switchable antennas;
lte - improved configuration export when multiple LTE interfaces are present;
lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
netinstall - fixed Netinstall procedure for ARM devices;
netwatch - automatically start migrated probes from previous RouterOS versions;
netwatch - changed ICMP default packet loss fail threshold to 85%;
ntp - fixed NTP server when "use-local-clock" is used;
ospf - fixed handling of external forwarding address;
ospf - improved stability when interface is being disabled during database exchange;
ovpn - fixed encryption key renewal process which caused periodic session disconnects;
ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
ovpn - moved disconnected user logging message from "debug" to "info" topic;
ping - improved service stability;
port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
ppp - improved service stability under high load;
ppp - use /32 as default netmask if not specified for "routes" parameter;
ptp - improved system stability on CRS devices;
quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
rb5009 - fixed ether1 status reporting after system reboot;
route-filter - fixed "delete bgp-communities" command;
routerboard - added "reset-button" script feature for TILE devices;
sfp - fixed "eeprom" reading on single SFP port ARM devices;
sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
snmp - fixed usage of VRF after system startup;
socks - fixed "dst-port" usage when checking access list;
ssh - added AES support for PEM decryption;
ssh - fixed importing of public keys;
ssh - fixed minor typo issue when importing public key;
sstp - fixed client stuck in "nonce matching" state;
switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
switch - removed limit for number of hardware-offloaded bonding interfaces;
swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
traceroute - added "do-not-fragment" parameter support (CLI only);
traceroute - increased packet size limit to 65535;
vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
webfig - allow to specify NTP server as domain name;
webfig - fixed displaying of grahs in status pages;
webfig - fixed floating point field's negative value in -0.*** format;
wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
wifiwave2 - added support for 802.11k;
wifiwave2 - disable wireless interface after wireless configuration reset;
wifiwave2 - fixed displaying of AKM in scan results;
wifiwave2 - fixed duplicated AKM in RSN message;
wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
wifiwave2 - fixed reassociation response sending for fast transition over DS;
wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
wifiwave2 - fixed usage of Canada country setting on US locked devices;
wifiwave2 - improved default channel width selection for interfaces in station mode;
winbox - do not show previously attached LTE interfaces while establishing LTE connection;
winbox - enabled all filters by default under "Tools/Torch" menu;
winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
winbox - show warning messages for BGP connection entries;
wireless - fixed interface initialization on x86 devices;
x86 - allow downgrading to RouterOS v6 only if it was previously installed;
x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;

New in RouterOS 7.5 Beta 11 (Aug 17, 2022)

New in RouterOS 7.5 Beta 8 (Aug 10, 2022)

Bridge - fixed "new-priority" value validation for NAT rules;
Certificate - fixed handling of empty AKID by SCEP client;
Container - fixed free disk space checking;
Dhcpv4-server - fixed removal of dynamic leases when server is removed;
Health - fixed "temperature" and "power-consumption" readings on RB1100x4;
Health - improved voltage reading on CRS112-8P-4S;
Hostpot - fixed Walled Garden functionality for HTTPS sites;
Hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
Hotspot - limit maximum allowed connections based on free RAM resources;
Hotspot - removed "https-redirect" option;
Ike2 - allow sending certificate chain as initiator;
Leds - fixed wireless LED functionality on LHGG;
Lte - disallow empty APN name only for default entry;
Lte - fixed UDP performance on MMIPS devices;
Ping - improved service stability;
Rb5009 - fixed ether1 status reporting after system reboot;
Routerboard - added "reset-button" script feature for TILE devices;
Sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
Ssh - added AES support for PEM decryption;
Switch - removed limit for number of hardware-offloaded bonding interfaces;
Swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
Vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
Vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
Vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
Vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
Vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
Wifiwave2 - disable wireless interface after wireless configuration reset;
Wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
Wifiwave2 - fixed usage of Canada country setting on US locked devices;
Wifiwave2 - improved default channel width selection for interfaces in station mode;
Wireless - fixed interface initialization on x86 devices;
X86 - allow downgrading to RouterOS v6 only if it was previously installed;

New in RouterOS 7.4.1 (Aug 8, 2022)

New in RouterOS 7.5 Beta 5 (Aug 1, 2022)

New in RouterOS 7.5 Beta 4 (Jul 27, 2022)

bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
capsman - added randomized range option for "reselect-interval" parameter (CLI only);
container - added tun/tap support for containers;
container - fixed handling of mounted directories;
container - fixed imported tar image path logging message;
defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
dhcpv6-server - improved stability when acquiring binding;
dns - added "match-subdomain" option for static entries (CLI only);
firewall - added support for RTSP helper;
lora - do not ignore negative sign for spoofed GPS coordinates;
lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
lte - changed cell ID info display to short format for 3G connections;
lte - fixed LTE interface presence for Telit LN940;
lte - improved antenna scan for Chateau devices with switchable antennas;
lte - improved configuration export when multiple LTE interfaces are present;
lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
netinstall - fixed Netinstall procedure for ARM devices;
netwatch - automatically start migrated probes from previous RouterOS versions;
netwatch - changed ICMP default packet loss fail threshold to 85%;
ospf - improved stability when interface is being disabled during database exchange;
ovpn - fixed encryption key renewal process which caused periodic session disconnects;
ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
ovpn - moved disconnected user logging message from *) "debug" to "info" topic;
port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
ptp - improved system stability on CRS devices;
quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
route-filter - fixed "delete bgp-communities" command;
sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
snmp - fixed usage of VRF after system startup;
socks - fixed "dst-port" usage when checking access list;
ssh - fixed importing of public keys;
ssh - fixed minor typo issue when importing public key;
sstp - fixed client stuck in "nonce matching" state;
switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
traceroute - added "do-not-fragment" parameter support (CLI only);
traceroute - increased packet size limit to 65535;
webfig - fixed displaying of grahs in status pages;
webfig - fixed floating point field's negative value in -0.*** format;
wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
wifiwave2 - added support for 802.11k;
wifiwave2 - fixed displaying of AKM in scan results;
wifiwave2 - fixed duplicated AKM in RSN message;
wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
wifiwave2 - fixed reassociation response sending for fast transition over DS;
wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
winbox - do not show previously attached LTE interfaces while establishing LTE connection;
winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
winbox - show warning messages for BGP connection entries;
x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;

New in RouterOS 7.4 (Jul 20, 2022)

api - fixed comma encoding within URL when using the ".proplist" argument;
bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
capsman - require a unique name for configuration and configuration pre-sets;
certificate - fixed new CRL updating;
chr - fixed booting with added additional SCSI disk;
cloud - print critical log message when system clock gets synchronized;
console - added ":retry" command;
console - fixed situation when print output was not consistent;
defconf - fixed default configuration loading on devices with WifiWave2 package;
dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
dhcp-server - change "vendor-class-id" matcher to generic option matcher;
dhcpv4-server - disallowed overriding message type option;
dhcpv4-server - log message when user option updates existing option;
dhcpv4-server - placed option 53 as the first one in the packet;
dns - convert the domain name to lowercase before matching regex;
dot1x - fixed "undo" command for server instances;
e-mail - added VRF support;
filesystem - fixed repartition on RB5009 series devices;
firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
firewall - added support for IPv6/Firewall/NAT action=src-nat rules;
firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
firewall - fixed IPv6/Firewall/RAW functionality;
firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
firewall - properly handle interface matcher when VRF interface is specified;
health - fixed requesting data from sensor when issuing "get" command;
health - fixed voltage reporting on some RBmAP-2nD devices;
hotspot - fixed ARP resolution for clients when address pool is specified on the server;
hotspot - fixed Walled Garden entries with action=deny;
ipv6 - fixed system stability when adding/removing IPv6 address;
l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
ldp - correctly handle AFI selection for usage on dual-stack peers;
leds - fixed GPS LED configuration on LtAP LTE kit;
leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
lte - added AT chat support for Dell dw5821e modem;
lte - fixed LTE interface running state after modem reconnection;
lte - fixed Telit AT interface numbering;
lte - improved LTE interface detection for LtAP-2HnD devices;
lte - keep MBIM working even if AT channel fails to respond in the initialization stage;
lte - request connect with the same IP type as in LTE attach status for MBIM;
lte - show current value for "antenna" parameter when auto antenna selection fails;
lte - validate LTE attached IP type in MBIM mode;
mmips - improved USB device detection after system bootup;
mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
mpls - improved stability with enabled loop-detect;
mqtt - fixed log flooding with disconnect messages;
mqtt - fixed socket error handling;
netwatch - added support for more advanced probing;
ntp - added VRF support for client and server;
ntp - fixed manycast server support;
ntp - improved "debug" log level logging;
ovpn - added "AUTH_FAILED" control message sending;
ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
ovpn - use selected cipher by default when the server does not provide "cipher" option;
pimsm - improved system stability when changing configuration;
poe - hide "poe-voltage" parameter on devices that do not support it;
ppp - do not fail connection when trying to add existing IP address to address list;
ppp - log warning message when remote IP address can not be added;
ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
radius - added VRF support for RADIUS client;
route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu);
route - expose all valid routes to route select filter from BGP;
route - expose all valid routes to route select filter from OSPF and RIP;
route - fixed false route type detection as blackhole;
route - fixed log messages when changing routing configuration;
route - made export run faster on tables with a large number of dynamic routes;
route - provide more detailed information about prefixes when using "discourse" tool;
route-filter - fixed route select filter rules;
routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
routing-filter - fixed regexp community matcher;
routing-filter - made "do-jump" work in select rules;
rpki - fix potential memory leak;
ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
ssh - fixed host key generation (introduced in v7.3);
ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
system - added "shutdown" parameter for reset-configuration (CLI only);
system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
upgrade - ignore same version packages during upgrade procedure;
upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
vpls - improved system stability with enabled connection tracking;
vxlan - allow to specify MAC address manually;
w60g - fixed interface "reset-configuration" on Cube 60 devices;
w60g - improved interface initialization after being inactive for a while;
w60g - improved system stability when using mismatched L2MTU between station and AP;
webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
webfig - updated link to the WinBox executable;
webfig - updated link to the documentation;
wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
wifiwave2 - improved WPA3 support stability;
winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
winbox - added "name" parameter under "Routing/BGP/Session" menu;
winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
winbox - added support for "veth" interface types;
winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
winbox - fixed IP/Route and IPv6/Route OSPF type value;
winbox - fixed filename dropdown value filtering;
winbox - fixed minor typo under "Interface" stats;
winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
winbox - removed unused "Apply Changes" button from BGP sessions menu;
wireguard - fixed system stability when adding/removing WireGuard interface;
wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
x86 - fixed Broadcom NIC support;
x86 - fixed keep old configuration functionality during x86 setup installation;
x86 - improved log warning message on failed downgrade attempt;
x86 - removed "hdd-model" information from installation screen;

New in RouterOS 7.4 RC 2 (Jul 8, 2022)

New in RouterOS 7.4 RC 1 (Jul 5, 2022)

New in RouterOS 7.4 Beta 5 (Jun 27, 2022)

New in RouterOS 7.4 Beta 4 (Jun 16, 2022)

New in RouterOS 7.3.1 (Jun 10, 2022)

New in RouterOS 7.4 Beta 2 (Jun 7, 2022)

Api - fixed comma encoding within URL when using the ".proplist" argument;
Bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
Capsman - require a unique name for configuration and configuration pre-sets;
Cloud - print critical log message when system clock gets synchronised;
Console - added ":retry" command;
Console - fixed situation when print output was not consistent;
Dns - convert the domain name to lowercase before matching regex;
E-mail - added VRF support (CLI only);
Filesystem - fixed repartition on RB5009 series devices;
Firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
Firewall - added support for IPv6/Firewall/NAT action=src-nat rules (CLI only);
Firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
Firewall - fixed IPv6/Firewall/RAW functionality;
Firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
Firewall - properly handle interface matcher when VRF interface is specified;
Hotspot - fixed ARP resolution for clients when address pool is specified on the server;
Hotspot - fixed Walled Garden entries with action=deny;
Ipv6 - fixed system stability when adding/removing IPv6 address;
Ldp - correctly handle AFI selection for usage on dual-stack peers;
Lte - request connect with the same IP type as in LTE attach status for MBIM;
Lte - fixed Telit AT interface numbering;
Lte - improved LTE interface detection for LtAP-2HnD devices;
Lte - keep MBIM working even if AT channel fails to respond in the initialisation stage;
Mmips - improved USB device detection after system bootup;
Mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
Ovpn - use selected cipher by default when the server does not provide "cipher" option;
Pimsm - improved system stability when changing configuration;
Ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
Quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
Route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu, CLI only)
Route - fixed false route type detection as blackhole;
Route - provide more detailed information about prefixes when using "discourse" tool;
Routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
Routing-filter - fixed regexp community matcher;
Ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
Ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
Switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
Vxlan - allow to specify MAC address manually;
Webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
Webfig - updated link to the WinBox executable;
Webfig - updated link to the documentation;
Wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
Winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
Winbox - fixed IP/Route and IPv6/Route OSPF type value;
Winbox - removed unused "Apply Changes" button from BGP sessions menu;
Wireguard - fixed system stability when adding/removing WireGuard interface;
Wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
X86 - fixed keep old configuration functionality during x86 setup installation;
X86 - improved log warning message on failed downgrade attempt;
X86 - removed "hdd-model" information from installation screen;

New in RouterOS 7.3 (Jun 7, 2022)

bgp - added "name" parameter for connections;
bgp - added initial support for prefix limit;
bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
bgp - fixed "l2vpn" distribution;
bgp - improved stability when editing BGP template;
bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
bgp - remove unused commands and parameters;
bluetooth - improved long-term service stability;
bonding - added "lacp-user-key" setting;
bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
bridge - added more details for loop detection warning;
bridge - do not set VLAN on inactive port with a "set" command;
bridge - fixed TCP, UDP port parsing for loop detect warning;
bridge - fixed packet marking for IP/IPv6 firewall;
bridge - ignore VLAN tagged BPDU;
capsman - fixed bridge disabling when using L2 connection;
capsman - fixed loss of manager configuration when "package-path" is set to external disk;
capsman - improved traffic processing over CAP communication tunnels:
ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
ccr - improved interface link stability on CCR2004-16G-2S+PC;
ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
cd-install - allow selecting on which drive to install RouterOS;
chr - fixed Cloud DDNS update after license renewal;
conntrack - limited full Connection Tracking warning to 1 message per minute;
console - fixed "terminal inkey" command;
crs1xx/2xx - improved system stability during switch reset;
defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
dhcpv4-server - added "age" parameter for dynamic leases;
dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
dhcpv4-server - fixed minor logging typo;
dot1x - fixed RADIUS State attribute when client is reauthenticated;
dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
dot1x - improved server stability when using re-authentication;
export - fixed value ID exporting that does not refer to any name;
fetch - fixed SFTP upload;
fetch - improved full disk detection;
filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
filesystem - improved long-term filesystem stability and data integrity;
gps - added GPS package support for Chateau devices;
gps - fixed minor value unit typo;
ipsec - fixed IPsec IRQ initialization on startup on TILE;
ipsec - fixed printing of active peer statistics;
ipv6 - added "ra-preference" parameter support for RA;
ipv6 - fixed dynamic non link-local addresses displaying;
ipv6 - removed bogus commands from IPv6 neighbors menu;
l2tp - added VRF support for L2TP client;
l3hw - greatly improved route offloading speed;
l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
l3hw - offload only main routing table;
l3hw - optimized offloading when dealing with large volume of directly connected hosts;
l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
leds - fixed ethernet LED behavior on wAP R ac;
leds - fixed wireless related LED behavior with WW2 package;
lhgg - improved system stability (introduced in v7.2);
lora - do not allow setting non-existing forwarding server;
lora - fixed bogus TOO_EARLY errors;
lora - removed TX lookup table;
lte - added SMS sending support for MBIM protocol;
lte - added support for generic PXA1802 based modems;
lte - allow only MCC/NMC format in "operator" parameter;
lte - clear SIM values when modem in "stopped" state;
lte - disabled extended signal info query for Telit LN940 module;
lte - disabled wait for LTE auto attach;
lte - expose diagnostics channel for all modems;
lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
lte - fixed Sierra MC7455 modem initialization;
lte - hide slave interfaces from export;
lte - improved LTE interface initialization process on LtAP-2HnD;
lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
lte - improved stability when upgrading LTE firmware on Chateau 5G;
mlag - fixed MAC address moving between bridge ports;
mpls - do MPLS forwarding for nexthops without mappings;
mpls - fixed MPLS MTU and path MTU selection;
mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
mpls - improved LDP AF selection process and behavior;
mpls - made LDP bindings work on PPP interfaces;
ntp - do not allow setting port number in "server" parameter;
ntp - fixed "use-local-clock" behavior when enabling server;
ospf - fixed GRE interface compatibility with OSPF;
ospf - ignore instance route when originate-default=if-installed is enabled;
ospf - improved stability when enabling or removing interface-template entries;
ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
ovpn - fixed hardware offloading support on CHR;
ovpn - fixed memory leak on TILE architecture;
ovpn - fixed packet processing on MT7621A;
ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
ovpn - improved Windows client disconnect procedure in UDP mode;
ovpn - improved server stability under continous overload;
ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
ovpn - improved service stability when processing frequent disconnects in UDP mode;
ovpn - improved stability when forwarding traffic on TILE;
ovpn - moved authentication failure messages to "info" logging level;
ovpn - reply with the same IP address that the connection was established to;
ping - fixed socket allocation after VRF change;
port - do not loose "parity" setting;
ppp - added support for VRF;
ppp - added warning when using prefix length other than /64 for router advertisement;
ppp - fixed "remote-ipv6-prefix" parameter unsetting;
ppp - fixed active sessions sometimes getting stuck;
ppp - fixed issue with multiple active sessions when "only-one" is enabled;
profile - added "wireguard" process classificator;
profile - added "zerotier" process classificator;
qsfp - reset module only when all ports are disabled;
queue - allow to set higher limits than 4G;
queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
queue - improved stability in large list of queue scenarios;
rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
resource - fixed CPU type display under system resources for ARM and ARM64;
romon - fixed VLAN tagged packet processing;
route - fixed "nexthop" table printing;
route - fixed "table" menu emptying after RouterOS upgrade;
route - fixed IPv6 /127 route nexthop resolution;
route - fixed static routes in VRF becoming invalid after reboot;
route-filter - fixed community matchers;
routerboard - fixed USB bus numbering on LtAP and M33G;
routerboot - added extra shortcut information on how to boot into etherboot;
routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
rsvp-te - improved stability when "Resv" received for non-existing session;
sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
sfp - hide empty monitor values in console;
sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
smb - fixed SMB2 file list reporting;
snmp - added VRF support (CLI only);
snmp - added VRF support;
snmp - fixed reported disk size when multiple external disks are attached;
snmp - hide Vendor ID in DHCP MIB when branding is present;
snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
ssh - added AES-GCM cipher support;
ssh - fail non-interactive client after first invalid password;
ssh - fixed corrupt host key automatic regeneration;
ssh - fixed private key usage after downgrade;
ssh - removed DSA public key authentication support;
supout - added IGMP-Proxy section;
supout - added NTP servers section;
supout - added PIMSM section;
supout - added RIP section;
supout - added WireGuard section;
supout - added simplified IPv4 and IPv6 routing table prints;
switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
system - fixed IP service initialization in VRF after system startup;
system - fixed Kernel timer consistency;
system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
torch - properly capture all related IPv6 traffic;
tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
upnp - improved stability when processing incomplete HTTP header;
user-manager - added "Acct-Interim-Interval" to predefined attribute list;
user-manager - improved stability when received EAP attribute with non-existing state attribute;
vpls - fixed "pw-l2mtu" parameter usage;
vpls - fixed TE transport path usage after startup;
vrrp - fixed learning of bridged local MAC addreses;
w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
webfig - properly show all routing table content;
wifiwave2 - fixed VLAN tag handling;
wifiwave2 - general stability and throughput improvements;
winbox - added "Comment" parameter for BGP templates and connections;
winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
winbox - added "ra-preference" parameter under "IPv6/ND" menu;
winbox - added SKID and AKID parameters under "Certificate" menu;
winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
winbox - added missing "Scan List" parameter for W60G interfaces;
winbox - added missing BGP session commands;
winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
winbox - added warning message for LTE upgrade process;
winbox - do not auto start Wireless Sniffer when opened;
winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
winbox - fixed "IP/Cloud" window refreshing after changes are detected;
winbox - fixed "Type" values under "IP/Route" menu;
winbox - fixed graph drawing in QuickSet;
winbox - fixed hex type values under "User Manager" menu;
winbox - fixed minor typo in reboot confirmation prompt;
winbox - fixed typo in ZeroTier instance title;
winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
winbox - made "MPLS Interface" table sortable under "MPLS" menu;
winbox - made 56 the default ping size;
winbox - made wireless access list entries sortable when using the wifiwave2 package;
winbox - minimal required version is v3.33;
winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
winbox - properly clean up SFP module information after it is unplugged;
winbox - properly clean up disk after a failed file upload;
winbox - properly load band values under "LTE" menu;
winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
winbox - show PVID column by default under "Bridge" menu;
winbox - show correct file system type under "System/Disks" menu;
winbox - take into account timezone for timed values under "User Manager" menu;
wireless - fixed "wmm-support=required" checking;
wireless - fixed EAP-TLS authentication;
wireless - fixed GUD version in 3gpp information;
x86 - added support for Solarflare SFC1920 NIC;
x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
x86 - improved support for Intel E810 NIC;
zerotier - added support for Controller configuration;

New in RouterOS 7.3 RC 2 (Jun 3, 2022)

New in RouterOS 7.3 RC 1 (Jun 1, 2022)

Bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
Bgp - remove unused commands and parameters;
Bluetooth - improved long-term service stability;
Bridge - fixed TCP, UDP port parsing for loop detect warning;
Capsman - fixed bridge disabling when using L2 connection;
Ccr - improved interface link stability on CCR2004-16G-2S+PC;
Chr - fixed Cloud DDNS update after license renewal;
Console - fixed "terminal inkey" command;
Crs1xx/2xx - improved system stability during switch reset;
Defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
Ipv6 - fixed dynamic non link-local addresses displaying;
L2tp - added VRF support for L2TP client;
L3hw - greatly improved route offloading speed;
L3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
L3hw - offload only main routing table;
L3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
Lhgg - improved system stability (introduced in v7.2);
Lte - improved LTE interface initialization process on LtAP-2HnD;
Mpls - made LDP bindings work on PPP interfaces;
Ospf - ignore instance route when originate-default=if-installed is enabled;
Ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
Profile - added "wireguard" process classificator;
Profile - added "zerotier" process classificator;
Qsfp - reset module only when all ports are disabled;
Queue - allow to set higher limits than 4G;
Queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
Resource - fixed CPU type display under system resources for ARM and ARM64;
Routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
Smb - fixed SMB2 file list reporting;
Snmp - added VRF support;
Ssh - fixed private key usage after downgrade;
Winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
Winbox - fixed "Type" values under "IP/Route" menu;
Winbox - fixed minor typo in reboot confirmation prompt;
Winbox - made wireless access list entries sortable when using the wifiwave2 package;
Ww2 - general stability and throughput improvements;
X86 - added support for Solarflare SFC1920 NIC;
X86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);

New in RouterOS 7.3 Beta 40 (May 14, 2022)

queue - do not allow using CAKE type in simple and tree setups (already configured queues will be disabled);
bgp - added "name" parameter for connections;
bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
bgp - fixed "l2vpn" distribution;
bridge - added more details for loop detection warning;
bridge - do not set VLAN on inactive port with a "set" command;
bridge - ignore VLAN tagged BPDU;
capsman - improved traffic processing over CAP communication tunnels:
chr - fixed Cloud DDNS update after license renewal;
dot1x - fixed RADIUS State attribute when client is reauthenticated;
dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
dot1x - improved server system stability during authentication;
ipsec - fixed printing of active peer statistics;
l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
l3hw - optimized offloading when dealing with large volume of directly connected hosts;
lte - added SMS sending support for MBIM protocol;
lte - allow only MCC/NMC format in "operator" parameter;
lte - clear SIM values when modem in "stopped" state;
mpls - improved LDP AF selection process and behavior;
ntp - do not allow setting port number in "server" parameter;
ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
ovpn - improved server stability under continous overload;
ovpn - reply with the same IP address that the connection was established to;
ppp - added support for VRF;
romon - fixed VLAN tagged packet processing;
route - fixed IPv6 /127 route nexthop resolution;
routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
sfp - fixed link flap for QSFP+ and QSFP28 ports connected with a breakout cable, in cases where the base interface changes "running" state (introduced in v7.3beta33);
sfp - hide empty monitor values in console;
snmp - added VRF support (CLI only);
snmp - fixed reported disk size when multiple external disks are attached;
snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
ssh - added AES-GCM cipher support;
ssh - removed DSA public key authentication support;
supout - added simplified IPv4 and IPv6 routing table prints;
switch - fixed "switch-cpu" port stats for 98DXxxxx and 98PX1012 switches (introduced in v7.3beta37);
switch - fixed missing stats in traffic-monitor for 98DXxxxx and 98PX1012 switches;
system - fixed Kernel timer consistency;
tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
vpls - fixed TE transport path usage after startup;
vrrp - fixed learning of bridged local MAC addreses;
winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
winbox - added missing "Scan List" parameter for W60G interfaces;
winbox - added missing BGP session commands;
winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
winbox - fixed "IP/Cloud" window refreshing after changes are detected;
winbox - properly load band values under "LTE" menu;
winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;

New in RouterOS 7.2.2 Stable (May 2, 2022)

bgp - added initial support for prefix limit;
bgp - improved stability when editing BGP template;
bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
cd-install - allow selecting on which drive to install RouterOS;
conntrack - limited full Connection Tracking warning to 1 message per minute;
crs3xx - fixed storm rate on 1Gbps interfaces for CRS354 devices;
defconf - suggest user to set up new password;
dhcpv4-server - fixed minor logging typo;
fetch - improved full disk detection;
filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
filesystem - improved long-term filesystem stability and data integrity;
gps - fixed minor value unit typo;
ipv6 - removed bogus commands from IPv6 neighbors menu;
l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
leds - fixed ethernet LED behavior on wAP R ac;
leds - fixed wireless related LED behavior with WW2 package;
lte - added SMS sending support for MBIM protocol;
lte - added support for generic PXA1802 based modems;
lte - disabled wait for LTE auto attach;
lte - hide slave interfaces from export;
lte - improved stability when upgrading LTE firmware on Chateau 5G;
mlag - fixed MAC address moving between bridge ports;
mpls - do MPLS forwarding for nexthops without mappings;
mpls - fixed MPLS MTU and path MTU selection;
mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
ospf - fixed GRE interface compatibility with OSPF;
ospf - improved stability when enabling or removing interface-template entries;
ovpn - fixed memory leak on TILE architecture;
ovpn - fixed packet processing on MT7621A;
ovpn - improved Windows client disconnect procedure in UDP mode;
ovpn - improved service stability when processing frequent disconnects in UDP mode;
ovpn - improved stability when forwarding traffic on TILE;
ping - fixed socket allocation after VRF change;
ppp - fixed "remote-ipv6-prefix" parameter unsetting;
ppp - fixed active sessions sometimes getting stuck;
ppp - fixed issue with multiple active sessions when "only-one" is enabled;
queues - improved stability in large list of queue scenarios;
rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
route - fixed "table" menu emptying after RouterOS upgrade;
route - fixed static routes in VRF becoming invalid after reboot;
route-filter - fixed community matchers;
rsvp-te - improved stability when "Resv" received for non-existing session;
supout - added RIP section;
system - fixed IP service initialization in VRF after system startup;
system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
torch - properly capture all related IPv6 traffic;
upnp - improved stability when processing incomplete HTTP header;
vpls - fixed "pw-l2mtu" parameter usage;
vrf - fixed VRF leaking;
winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
winbox - properly clean up SFP module information after it is unplugged;
winbox - properly clean up disk after a failed file upload;
winbox - show PVID column by default under "Bridge" menu;
wireless - fixed EAP-TLS authentication;
wireless - fixed GUD version in 3gpp information;
ww2 - fixed VLAN tag handling;
x86 - improved support for i40e driver;
x86 - improved support for Intel E810 NIC;

New in RouterOS 7.2.1 Testing (Apr 11, 2022)

New in RouterOS 7.2 Stable (Apr 5, 2022)

api - accept "Content-Type" with specified charset;
arm - fixed "auto" CPU frequency setting;
arm - fixed "shutdown" command on hAP ac^2;
arm64 - improved Watchdog initiated reboot reason reporting;
arm64 - improved low disk space handling condition on upgrade;
backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
backup - fixed automatic backup generation when resetting configuration;
backup - fixed cloud backup's creation timezone;
bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
bgp - do not export default BGP values;
bgp - fixed VPNv4 route sending to remote peer;
bgp - fixed link-local iBGP address selection;
bgp - fixed network advertisement from address-lists after reboot;
bgp - fixed routing table and BGP configuration order in export;
bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
bluetooth - allow to export device, advertiser and scanner configuration;
bluetooth - disable scanning by default;
bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
bridge - fixed destination NAT when using "use-ip-firewall" setting;
bridge - fixed filter and NAT "set-priority" action;
bridge - fixed filter and NAT "set-priority" on ARM64 devices;
bridge - fixed filter rules when using interface lists;
bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
capsman - improved stability when running background scan on CAP;
capsman - improved system stability when processing CAP packet by Mangle;
ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
ccr2004 - improved system stability on CCR2004-12S+2XS;
certificate - allow to choose digest algorithm for CSR signing;
certificate - made "fingerprint" parameter read-only;
chr - improved system stability when writing into memory;
chr - temporarily suspended downgrade to RouterOS v6;
clock - properly notify all instances about time changes;
conntrack - properly detect helper status;
console - fixed "print" command with additional "where" condition;
console - improved console responsiveness when processing received characters;
console - made "password" parameter mandatory when creating a new user;
console - properly erase CLI history after configuration reset;
console - updated copyright notice;
crs1xx/2xx - fixed static switch host addresses after link down;
crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
crs3xx - fixed CPU load balancing for ARM dual core devices;
crs3xx - fixed QSFP+ interface LEDs;
crs3xx - fixed watchdog timer functionality;
crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
crs3xx - improved maximum allowed ACL rule calculation;
crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
dhcp-server - fixed DHCP Option decimal value parsing;
dhcp-server - fixed statistics sending in "Accounting Stop" packets;
dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
dhcpv4-server - allow adding comments;
dhcpv4-server - remove dynamic leases when server configuration is removed;
dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
dhcpv6 - added VRF support;
dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
dude - fixed The Dude client compatibility with RouterOS v7;
dude - fixed The Dude compatibility with ARM64;
ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
firewall - improved available port lookup for source NAT when free port range is exhausted;
graphing - properly generate interface graph for traffic higher than 2.1Gbps;
hotspot - fixed login page over HTTPS;
hotspot - fixed memory leak on every web page loading;
hotspot - fixed web page loading using HTTPS;
ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
interface - fixed minor memory leak when interface or connected route is changed;
ipsec - added hardware acceleration support for CCR2116;
ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
ipv6 - do not add duplicate dynamic prefix when static already exists;
ipv6 - fixed "retransmissit-interval" unit value;
ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
l2tp - fixed CHAP challenge packet processing over IPsec;
l2tp - improved service stability when disabling L2TP server with connected clients;
l2tp - improved system stability when processing L2TP control messages;
l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
l3hw - fixed HW offloaded NAT;
l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
l3hw - fixed bonding source MAC address;
l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
l3hw - improved system stability when using 7 or more VLAN interfaces;
led - fixed LED behavior on Audience;
led - reduced LTE signal LED range to -70;
leds - fixed user LED on RB750Gr3;
log - added warning message when connection tracking table is full;
log - include message also in e-mail body;
lora - fixed "antenna-gain" parameter unit;
lte - add IPv6 address on interface as well;
lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
lte - added class based support for configless RNDIS LTE modems;
lte - added support for Uplink CA reporting;
lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
lte - do not loose "band" configuration after reboot on Chateau 5G;
lte - do not show external antenna selector on devices that does not support it;
lte - enabled multi-APN and name re-use support for Chateau;
lte - expose diagnostics channel for all modems;
lte - fixed "monitor" command to not report old info;
lte - fixed AT command response handling on R11e-LTE;
lte - fixed IPv6 address addition after startup on R11e-LTE6;
lte - fixed MBIM modem reset on AT timeout;
lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
lte - fixed support for Sierra MC7710;
lte - fixed support for Telit 960;
lte - improved stability on "+EGMR" response in MBIM mode;
lte - improved stability when modem disappears during firmware upgrade;
lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
lte - made "no" the default value for "use-network-apn" parameter;
lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
ntp - allow adding duplicate server address if dynamic entry exists;
ntp - fixed multicast mode support;
ntp - improved IPv6 address support;
ntp - improved service stability when none of the NTP servers are reachable for a while;
ntp - improved source address usage for reply packets;
ntp - print log change time with time-zone applied;
ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
ospf - fixed MD5 authentication;
ospf - fixed NBMA hello's not being sent if priority is set to 0;
ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
ospf - fixed default type-3 LSA's not being injected to stub area;
ospf - fixed distance if "originate-default" is set to "always";
ospf - fixed external LSA not updating after prefix netmask change;
ospf - fixed incorrect LSA types when changing area types;
ospf - fixed neighbor election failure;
ospf - fixed neighbor stuck in ExStart;
ospf - fixed simple authentication;
ospf - general stability improvements;
ospf - improved DB retransmit logging;
ospf - improved logging;
ospf - improved overall stability;
ospf - improved stability for very large LSDB;
ospf - improved stability on OSPFv3 instance disabling;
ospf - improved stability when DR goes down;
ospf - improves stability when handling looped back OSPF packets;
ospf - properly set VRF for gateway;
ospf - send notifies for neighbors;
ovpn - added SHA2 authentication algorithm support;
ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
ovpn - added option to send disconnect message in UDP mode;
ovpn - fixed large option message parsing;
ovpn - improved UDP session handling;
ovpn - improved memory allocation on Tile in "ethernet" mode;
ovpn - improved system stability in high load scenarios;
pimsm - fixed menu prints;
pimsm - general stability improvements;
poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
poe - update PoE firmware only on devices that support it;
ppp - added "comment" option for PPPoE servers;
ppp - fixed AT+CPIN chat when SIM PIN is specified;
ppp - improved stability when handling large amount of connections simultaneously;
ppp - show local and remote IPv6 addresses (CLI only);
pppoe - added option to configure "host-uniq" parameter;
pppoe - added option to ignore PADI messages with empty service name;
pppoe - use default MTU of 1492;
pptp - added insecure connection warning;
pptp - show insecure connection warning on dynamic interfaces;
qsfp - correctly display auto-negotiation status;
queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
queue - improved system stability when processing traffic;
queue - improved system stability when using more than 255 unique packet marks;
rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
rip - added logging;
rip - fixed route metrics;
rip - fixed route redistribution;
rip - use nexthop with interface;
route - allow OSPF and RIP redistributed routes to be matched by routing filters;
route - fixed "min-prefix" configuration when set to 0;
route - fixed "suppress-hw-offload" update;
route - fixed "table" menu emptying after RouterOS upgrade;
route - fixed BGP atomic aggregate value;
route - fixed ECMP load balancing in FastPath;
route - fixed ECMP route removal;
route - fixed route addition to VRF from BGP;
route - fixed router's LSA for PTP networks;
route - fixed routing configuration export on SMIPS devices;
route - general stability improvements;
route - improved routing table print speed;
route - show OSPF and RIP specific attributes in "/routing route" table;
route-filter - fixed "return" action;
route-filter - fixed complex matchers with "|| or and &&";
route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
route-filter - fixed range conversion after update from RouterOS v6;
route-filters - allow to filter and modify default route if "originate-default" is set to "always";
route-filters - fixed possible address list race condition and memory leak;
route-filters - renamed "*-set" to "*-list";
routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
routerboard - fixed WPS button functionality on Audience;
routing - added PCAP viewer tool for BGP advertisements debugging purposes;
routing-filter - fixed "bgp-*-communities-empty" matcher;
rpki - made RPKI verify non-strict, introduces new state "unverified";
rpki - show expire timer;
sfp - improved SFP module detection on CRS106 and CRS112;
smb - fixed SMB2.0 disk size reporting;
smips - improved RAM allocation;
sms - increased "at-chat" timeout when sending SMS;
snmp - added SFP vendor name to optical table;
snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
snmp - allow two level nesting for vlan, bonding speed query;
socks - fixed SOCKS5 support;
ssh - fixed forwarding with IPv6 link-local addresses;
ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
supout - added "port-controller" bridge section;
switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
switch - fixed port-isolation misconfiguration detection when using multiple switches;
switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
switch - properly limit maximum number of switch rules to 256 on RB5009;
system - fixed license loss on some RB1100Dx4 and RB4011 devices;
tr069-client - accept 200-299 codes for HTTP diagnostics;
tr069-client - added support for 5G band configuration;
tr069-client - added support for wireless "skip-DFS" configuration;
tr069-client - added support for wireless client uptime reporting;
tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
traffic-flow - do not handle NAT events when "nat-events" is disabled;
traffic-generator - fixed transmit speed for multiple asymmetric streams;
upgrade - improved 404 error handling when checking for new versions;
upgrade - improved downgrade prompt message;
ups - fixed UPS support;
usb - fixed display of incorrect port count for USB serial ports;
user - removed obsolete "tikapp" policy;
user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
vlan - fixed improper VLAN priority addition for routed packets;
vxlan - allow unsetting "group" and "interface" properties;
vxlan - fixed running state after reboot when using "interface" and "group" settings;
webfig - do not show side menu if WebFig is disabled by skin;
webfig - fixed default configuration popup presence;
webfig - fixed user policy lookup for skin designer;
wifiwave2 - added "client-isolation" feature;
wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
winbox - added "Ignore Missing" selector to "System/Packages" menu;
winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
winbox - added "Routing Table" parameter for IPv6 routes;
winbox - added "TLS Version" parameter for "Interface/OVPN";
winbox - added "VPN" tab to "Routing/BGP" menu;
winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
winbox - added "VRF" parameter to "IP/Services" menu;
winbox - added "comment" parameter to "User Manager/Users" menu;
winbox - added "host-uniq" parameter to PPPoE client interface;
winbox - added MLAG support;
winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
winbox - added ZeroTier support;
winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
winbox - added interface list support for "IP/Traffic Flow" menu;
winbox - added local/remote CPU load parameters for "Bandwidth Test";
winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
winbox - added support for "Tool/Speedtest" menu;
winbox - added support for W60G align tool;
winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
winbox - allow setting "Interface" parameter for 100G LED types;
winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
winbox - do not require "name" and "file name" parameters for certificate import/export;
winbox - do not show "Antenna Scan" button on devices that do not support it;
winbox - do not show connection tracking table if it has more than 10000 entries;
winbox - fixed "00:00:00" time printing;
winbox - fixed "Switch" menu on Chateau devices;
winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
winbox - fixed "expires-after" certificate parameter value;
winbox - fixed CHR License renewing process;
winbox - fixed address list type parameters in "Routing" menu;
winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
winbox - fixed error message when adding NTH rule with "0" value;
winbox - fixed minor typo under "LTE" interface menu;
winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
winbox - made "Routing Filters/Rules" table sortable;
winbox - made OSPF interface type names consistent between CLI and GUI;
winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
winbox - properly save "IPv6/Settings" menu in session file;
winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
winbox - properly update ethernet auto negotiation status on CHR;
winbox - properly update server list under "System/NTP Client/Servers" menu;
winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
winbox - report local terminal session as "local" instead of "telnet";
winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
winbox - require non empty "Packet Mark" value under "Queues" menu;
winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
winbox - show "Routes" column by default under "PPP/Secrets" menu;
winbox - show "System/Health/Settings" only on boards that have configurable values;
winbox - show "System/SwOS" menu only on boards that have dual boot;
winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
winbox - updated default "Routing/BGP/Peer Cache" table appearance;
winbox - use "total" as default value for "Tools/Profile";
wireguard - allow same peer's public key for different interfaces;
wireguard - fixed IPv6 LL address generation;
wireguard - fixed IPv6 traffic processing with multiple peers;
wireguard - made "preshared-key" and "private-key" values sensitive;
wireless - added "3gpp-info" parameter to interworking configuration;
wireless - added EAP-AKA to interworking's realm configuration;
wireless - added information about client signal strength to log messages about disconnections;
wireless - correctly preserve WMM priority when receiving packets;
wireless - fixed frequency range information for IPQ4019 interfaces;
wireless - fixed interface initialization on Metal 2SHPn;
wireless - improved nv2 link stability;
wireless - improved wireless connection stability during background scans;
www - fixed "tls-version" for SSL;
x86 - added support for Intel E810 NIC;
x86 - allow to select disk for install image;
x86 - fixed NVME partition path;
x86 - fixed VLAN tagged packet transmit;
x86 - made "no" the default value for "disable-running-check" ethernet parameter;
x86 - properly distinguish multiple NICs that share the same PCI bus number;
zerotier - fixed IPv6 support;
zerotier - made MAC and MTU values read-only;
zerotier - properly handle IP address change;

New in RouterOS 7.2 RC 7 (Mar 31, 2022)

New in RouterOS 7.2 RC 6 (Mar 30, 2022)

New in RouterOS 7.2 RC 5 (Mar 23, 2022)

) api - accept "Content-Type" with specified charset;
Arm - fixed "auto" CPU frequency setting;
Arm64 - improved Watchdog initiated reboot reason reporting;
Backup - fixed cloud backup's creation timezone;
Bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
Bgp - fixed link-local iBGP address selection;
Bgp - fixed network advertisement from address-lists after reboot;
Bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
Ccr2004 - improved system stability on CCR2004-12S+2XS;
Crs1xx/2xx - fixed static switch host addresses after link down;
Crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
Dhcpv6 - added VRF support;
Dude - fixed The Dude client compatibility with RouterOS v7;
Firewall - improved available port lookup for source NAT when free port range is exhausted;
Ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
Ipv6 - do not add duplicate dynamic prefix when static already exists;
Ipv6 - fixed "retransmissit-interval" unit value;
Ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
L2tp - fixed CHAP challenge packet processing over IPsec;
L3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
Led - fixed LED behavior on Audience;
Led - reduced LTE signal LED range to -70;
Log - added warning message when connection tracking table is full;
Lte - add IPv6 address on interface as well;
Lte - added support for Uplink CA reporting;
Lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
Lte - do not loose "band" configuration after reboot on Chateau 5G;
Lte - fixed AT command response handling on R11e-LTE;
Lte - fixed MBIM modem reset on AT timeout;
Lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
Ntp - improved service stability when none of the NTP servers are reachable for a while;
Ospf - general stability improvements;
Ospf - improved DB retransmit logging;
Ospf - send notifies for neighbors;
Ovpn - improved memory allocation on Tile in "ethernet" mode;
Ovpn - improved system stability in high load scenarios;
Pimsm - fixed menu prints;
Pimsm - general stability improvements;
Queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
Rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
Rip - added logging;
Rip - fixed route metrics;
Rip - fixed route redistribution;
Rip - use nexthop with interface;
Route - fixed "table" menu emptying after RouterOS upgrade;
Route - fixed BGP atomic aggregate value;
Route - fixed ECMP route removal;
Route - general stability improvements;
Routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
Routerboard - fixed WPS button functionality on Audience;
Routing - added PCAP viewer tool for BGP advertisements debugging purposes;
Routing-filter - fixed "bgp-*-communities-empty" matcher;
Sfp - improved SFP module detection on CRS106 and CRS112;
Smips - improved RAM allocation;
Switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
Switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
Tr069-client - added support for 5G band configuration;
Tr069-client - added support for wireless "skip-DFS" configuration;
Winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
Winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
Winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
Winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
Winbox - fixed "00:00:00" time printing;
Winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
Winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
Winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
Winbox - properly update server list under "System/NTP Client/Servers" menu;
Winbox - show "System/Health/Settings" only on boards that have configurable values;
Www - fixed "tls-version" for SSL;
X86 - allow to select disk for install image;
X86 - fixed NVME partition path;
Zerotier - fixed IPv6 support;

New in RouterOS 7.1.5 Stable (Mar 22, 2022)

New in RouterOS 7.1.4 Stable (Mar 22, 2022)

bgp - fixed VPNv4 route sending to remote peer;
bridge - fixed destination NAT when using "use-ip-firewall" setting;
bridge - fixed filter rules when using interface lists;
bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
capsman - improved stability when running background scan on CAP;
crs3xx - improved maximum allowed ACL rule calculation;
crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
l2tp - improved system stability when processing L2TP control messages;
lte - made "no" the default value for "use-network-apn" parameter;
lte - made "RG502QEAAAR11A06M4G" the last OTA firmware version update for Chateau 5G in RouterOS 7.1.x release tree;
ntp - improved source address usage for reply packets;
ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
ospf - fixed incorrect LSA types when changing area types;
ppp - added "comment" option for PPPoE servers;
queue - improved system stability when using more than 255 unique packet marks;
route - fixed ECMP load balancing in FastPath;
route - fixed route addition to VRF from BGP;
route - fixed routing configuration export on SMIPS devices;
route-filters - renamed "*-set" to "*-list";
sfp - improved SFP module detection on CRS106 and CRS112;
switch - fixed port-isolation misconfiguration detection when using multiple switches;
traffic-flow - do not handle NAT events when "nat-events" is disabled;
ups - fixed UPS support;
winbox - added "VPN" tab to "Routing/BGP" menu;
winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
winbox - do not show "Antenna Scan" button on devices that do not support it;
wireguard - allow same peer's public key for different interfaces;
wireless - added "3gpp-info" parameter to interworking configuration;
wireless - added EAP-AKA to interworking's realm configuration;
wireless - fixed interface initialization on Metal 2SHPn;

New in RouterOS 6.49.5 Stable (Mar 16, 2022)

New in RouterOS 6.49.4 Stable (Mar 2, 2022)

New in RouterOS 7.1.3 Stable (Feb 21, 2022)

New in RouterOS 6.49.3 Stable (Feb 15, 2022)

New in RouterOS 7.1.2 Stable (Feb 10, 2022)

Bgp - fixed routing table and BGP configuration order in export;
Bluetooth - disable scanning by default;
Chr - improved system stability when writing into memory;
Chr - temporarily suspended downgrade to RouterOS v6;
Console - updated copyright notice;
Dhcpv4-server - remove dynamic leases when server configuration is removed;
Hotspot - fixed web page loading using HTTPS;
Interface - fixed minor memory leak when interface or connected route is changed;
Lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
Lte - added class based support for configless RNDIS LTE modems;
Lte - expose diagnostics channel for all modems;
Lte - fixed IPv6 address addition after startup on R11e-LTE6;
Lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
Lte - fixed support for Sierra MC7710;
Lte - improved stability on "+EGMR" response in MBIM mode;
Lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
Ntp - allow adding duplicate server address if dynamic entry exists;
Ntp - fixed "use-local-clock" when enabling server;
Ntp - fixed multicast mode support;
Ntp - improved IPv6 address support;
Ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
Ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
Ospf - fixed external LSA not updating after prefix netmask change;
Ppp - fixed AT+CPIN chat when SIM PIN is specified;
Qsfp - correctly display auto-negotiation status;
Queue - improved system stability when processing traffic;
Route - fixed "suppress-hw-offload" update;
Route - fixed router's LSA for PTP networks;
Route - show OSPF and RIP specific attributes in "/routing route" table;
Route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
Route-filter - fixed range conversion after update from RouterOS v6;
Rpki - made RPKI verify non-strict, introduces new state "unverified";
Rpki - show expire timer;
Socks - fixed SOCKS5 support;
System - fixed license loss on some RB1100Dx4 and RB4011 devices;
Tr069-client - added support for wireless client uptime reporting;
Usb - fixed display of incorrect port count for USB serial ports;
Vlan - fixed improper VLAN priority addition for routed packets;
Webfig - do not show side menu if WebFig is disabled by skin;
Winbox - added "VRF" parameter to "IP/Services" menu;
Winbox - added MLAG support;
Winbox - added ZeroTier support;
Winbox - allow setting "Interface" parameter for 100G LED types;
Winbox - do not show "Antenna Scan" button on devices that do not support it;
Winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
Winbox - fixed address list type parameters in "Routing" menu;
Winbox - made OSPF interface type names consistent between CLI and GUI;
X86 - added support for Intel E810 NIC;
X86 - made "no" the default value for "disable-running-check" ethernet parameter;
X86 - properly distinguish multiple NICs that share the same PCI bus number;

New in RouterOS 7.2 RC 3 (Jan 29, 2022)

New in RouterOS 7.2 RC 2 (Jan 28, 2022)

arm - fixed "shutdown" command on hAP ac^2;
bgp - fixed routing table and BGP configuration order in export;
bluetooth - disable scanning by default;
bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
capsman - improved stability when running background scan on CAP;
clock - properly notify all instances about time changes;
conntrack - properly detect helper status;
console - improved console responsiveness when processing received characters;
console - updated copyright notice;
crs3xx - fixed QSFP+ interface LEDs;
crs3xx - fixed optical SFP+ linking (introduced in v7.2rc1);
crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
crs3xx - improved SFP+/QSFP+ link stability for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v7.2rc1);
defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
dhcpv4-server - remove dynamic leases when server configuration is removed;
dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
firewall - improved system stability when using address lists (introduced in v7.2rc1);
hotspot - fixed memory leak on every web page loading;
hotspot - fixed web page loading using HTTPS;
ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
interface - fixed minor memory leak when interface or connected route is changed;
l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
l3hw - fixed HW offloaded NAT;
leds - fixed user LED on RB750Gr3;
log - include message also in e-mail body;
lora - fixed "antenna-gain" parameter unit;
lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
lte - added class based support for configless RNDIS LTE modems;
lte - do not show external antenna selector on devices that does not support it;
lte - fixed IPv6 address addition after startup on R11e-LTE6;
lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
lte - fixed support for Sierra MC7710;
lte - fixed support for Telit 960;
lte - improved stability on "+EGMR" response in MBIM mode;
lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
ospf - fixed MD5 authentication;
ospf - fixed NBMA hello's not being sent if priority is set to 0;
ospf - fixed default type-3 LSA's not being injected to stub area;
ospf - fixed incorrect LSA types when changing area types;
ospf - fixed neighbor election failure;
ospf - improved logging;
ospf - improved stability on OSPFv3 instance disabling;
ovpn - improved UDP session handling;
ppp - fixed AT+CPIN chat when SIM PIN is specified;
pptp - show insecure connection warning on dynamic interfaces;
qsfp - correctly display auto-negotiation status;
queue - improved system stability when processing traffic;
route - fixed "suppress-hw-offload" update;
route - fixed router's LSA for PTP networks;
route - fixed routing configuration export on SMIPS devices;
route - improved routing table print speed;
route - show OSPF and RIP specific attributes in "/routing route" table;
route-filter - fixed "return" action;
route-filter - fixed complex matchers with "|| or and &&";
route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
route-filter - fixed range conversion after update from RouterOS v6;
rpki - made RPKI verify non-strict, introduces new state "unverified";
rpki - show expire timer;
smb - fixed SMB2.0 disk size reporting;
snmp - added SFP vendor name to optical table;
snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
snmp - allow two level nesting for vlan, bonding speed query;
system - fixed license loss on some RB1100Dx4 and RB4011 devices;
traffic-flow - do not handle NAT events when "nat-events" is disabled;
traffic-generator - fixed transmit speed for multiple asymmetric streams;
usb - fixed display of incorrect port count for USB serial ports;
vlan - fixed improper VLAN priority addition for routed packets;
vxlan - allow unsetting "group" and "interface" properties;
webfig - do not show side menu if WebFig is disabled by skin;
winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
winbox - added "Ignore Missing" selector to "System/Packages" menu;
winbox - added "Routing Table" parameter for IPv6 routes;
winbox - added "VPN" tab to "Routing/BGP" menu;
winbox - added "VRF" parameter to "IP/Services" menu;
winbox - added "comment" parameter to "User Manager/Users" menu;
winbox - added MLAG support;
winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
winbox - added ZeroTier support;
winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
winbox - allow setting "Interface" parameter for 100G LED types;
winbox - do not show "Antenna Scan" button on devices that do not support it;
winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
winbox - fixed CHR License renewing process;
winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
winbox - made OSPF interface type names consistent between CLI and GUI;
winbox - properly save "IPv6/Settings" menu in session file;
winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
winbox - show "System/SwOS" menu only on boards that have dual boot;
winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
wireless - improved wireless connection stability during background scans;
wireless - fixed interface initialization on Metal 2SHPn;
x86 - added support for Intel E810 NIC;
x86 - made "no" the default value for "disable-running-check" ethernet parameter;
x86 - properly distinguish multiple NICs that share the same PCI bus number;
zerotier - made MAC and MTU values read-only;

New in RouterOS 7.1.1 Stable (Dec 21, 2021)

New in RouterOS 7.1 Stable (Dec 9, 2021)

New in RouterOS 6.48.6 LTS (Dec 7, 2021)

New in RouterOS 6.49.2 Stable (Dec 6, 2021)

New in RouterOS 7.1 RC 7 (Nov 26, 2021)

New in RouterOS 6.49.1 Stable (Nov 17, 2021)

New in RouterOS 7.1 RC 6 (Nov 8, 2021)

New in RouterOS 7.1 RC 5 (Oct 26, 2021)

What's new in 7.1rc5 (2021-Oct-25 20:15):
!container - package is getting updated and will be made available in future, if interested in container feature please use 7.1rc4;
Arm64 - fixed "total-sector-writes" resetting on each startup;
Bgp - fixed IBGP nexthop selection;
Bgp - fixed binding to IPv6 "link-local" address;
Bgp - fixed missing default "local-pref" on selection;
Bgp - fixed stability when appending extended communities;
Bgp - improved stability and other minor fixes;
Bonding - added warning when using 802.3ad mode without MII link monitoring;
Bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
Bridge - fixed incorrect "hw=no" setting after reboot in rare cases;
Bridge - improved MLAG stability;
Capsman - do not include "access-list" passphrases in the output of export command by default;
Certificate - added ability to choose the digest algorithm when generating a certificate;
Chr - fixed FastPath support for VMXNET3 drivers;
Dhcpv4 - fixed backslash prefix for packet logging;
Dhcpv6-client - show correct DUID in print;
Dhcpv6-server - fixed "address-pool" default value;
Dhcpv6-server - fixed DUID generation with timestamp;
Dns - fixed memory leak caused by large DNS replies;
Gps - fixed built-in GPS functionality for LtAP;
Health - fixed health value reporting on RB5009;
Ipsec - enabled hardware acceleration support for ARM and ARM64 devices;
Ipsec - fixed hardware acceleration support for CHR;
L3hw - fixed MTU on receive;
L3hw - fixed source MAC address usage for routed packets;
Leds - adjust "system-led" color based on cellular connection technology on Chateau devices;
Leds - fixed LED configuration on RB4011;
Ltap - improved PCIe card support;
Lte - added "at-chat" support in MBIM mode for Simcom modems in USB composition mode 9003;
Lte - improved APN re-connection on non LTE networks;
Lte - improved modem signal monitoring on Chateau 5G;
Lte - moved notifications about incorrect responses from modem to 'lte' topic;
Lte - properly show antenna selection on Chateau devices;
Lte - request modem to restart registration process if timeout detected;
Ospf - accept LA prefixes from intra-area router's LSA to the routing table;
Mpls - added ICMP handler (send ICMP ttl exceed on MPLS ttl expiry);
Ospf - allow to set IPv6 networks for "interface-template";
Ospf - disable areas with no interface configuration;
Ospf - do not allow to set "ptp-unnumbered" on IPv6 interfaces;
Ospf - do not set empty filter chains when upgrading from v6;
Ospf - improved stability and other minor fixes;
Ospf - show interface's hello, re-transmit and dead intervals;
Package - uninstall "container" package when downgrading to v6;
Pppoe - fixed DHCPv6 PD;
Quickset - added 5G signal quality information;
Quickset - made "Password..." button work in Basic AP mode;
Route - improved stability and other minor fixes;
Route-filters - fixed "<=" and ">=";
Route-filters - fixed "ext-community" problems;
Route-filters - fixed "num range" matchers;
Route-filters - fixed "route origin" matcher;
Route-filters - improved completion;
Route-filters - improved stability and other minor fixes;
Rpki - added "rpki-query" command;
Rpki - other minor fixes;
Snmp - fixed IPsec-SA stats counter reporting;
Snmp - fixed bulk get/walk with large neighbor version strings;
Ssl - added support for additional GCM_SHA384 ciphers;
Ssl - fixed x509 chain validation;
Switch - fixed bogus statistics after RTL8367 switch reset;
System - improved DHCP and HotSpot service stability when shutting down;
System - improved system stability when downgrading to v6 with external disks attached;
Tr069-client - improved compatibility for 5G;
Traffic-flow - added systematic count-based packet sampling support;
User-manager - fixed "rate-limit-priority" parameter;
User-manager - fixed PEAP server authentication for Windows clients;
Vrf - allow to assign interfaces directly along with interface lists;
Vxlan - added default L2MTU value for improved connectivity in bridged setups;
Vxlan - improved speed on MIPSBE devices;
Wifiwave2 - fixed configuration profile renaming;
Wifiwave2 - moved RADIUS accounting parameters to a separate configuration profile;
Winbox - added "netmap" action to IPv6 NAT rules;
Winbox - added IPv6 support for "Network" parameter under "Routing/OSFP/Interface Templates" menu;
Winbox - added missing IPv6 mangle actions - "mark-routing", "sniff-tzsp", "sniff-pc", "snpt" and "dnpt";
Winbox - added option to upgrade LTE firmware;
Winbox - changed extension channel symbol to lower case for WifiWave2;
Winbox - do not allow to set "memory-lines" parameter out of bounds under "System/Logging/Action" menu;
Winbox - fixed "routing-mark" and "routing-table" selection in IPv4 and IPv6 firewall and route rules;
Winbox - fixed private SSH key import;
Winbox - made "0" the default value for GPS "init-channel" parameter;
Winbox - made SSID field collapsible for WifiWave2;
Winbox - moved "RPKI" tab from "Routing/BGP" to "Routing/RPKI" menu;
Winbox - moved "Tables" tab from "IP/Route" to "Routing" menu;
Winbox - moved all interface stats columns to the right;
Winbox - properly load all backups stored in Cloud;
Winbox - properly show "value" parameter for FWD type entries;
Winbox - renamed "Backlight" to "OK" under "LCD/Backlight" menu;
Winbox - renamed "Dst. Address" to "Route Dst." under "IP/Firewall/Mangle" menu;
Winbox - replaced "routing-table" with VRF in traceroute;
Winbox - show "External Antenna" parameter on all Chateau devices;
Winbox - updated WifiWave2 interface fields and tabs;
Wireguard - do not consider WireGuard interface as ethernet;
Wireguard - improved system stability when sending WireGuard packets over EoIP;
Wireless - adjusted antenna gain on Chateau devices;
Wireless - improved system stability when changing L2MTU for wireless interfaces;
Wireless - improved system stability when limiting link throughput via "ap-tx-limit" and "client-tx-limit" parameters;
Wireless - improved system stability when using nv2 protocol on ipq4019 interfaces;

New in RouterOS 6.48.5 LTS (Oct 8, 2021)

New in RouterOS 6.49.0 Stable (Oct 7, 2021)

Fixed LCD logo loading from branding package when installed via Netinstall;
Properly clean up old branding files before installing a new one;
Added IGMP and MLD querier monitoring;
Added IGMP snooping log when multicast table gets full;
External flag in the host table for wireless clients;
Improved controller bridge stability when adding RouterOS v7 port extender;
Improved port extender stability when creating bond interfaces on excluded ports;
Improved stability when quickly adding and removing bridge interface;
Improved stability when removing dynamic CRL entries;
Fixed OS provisioning on Azure;
Improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
Increased total connection tracking table size based on installed RAM size;
Require "write+ftp" permissions for executing script to file;
Require "write+ftp" permissions for printing to file;
Correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
Fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
Fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
Fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
Fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
Fixed interface flow control;
Improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
Improved packet transmit on SFP+ interfaces;
Improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
Apply default configuration from branding package when performing reset with button;
Removed overlapping IPv6 firewall rules;
Use router as DNS server for DHCP hosts;
Server - fixed DHCP Option decimal value parsing;
Reset dynamic "bcast" flag when receiving offer from DHCP relay;
Reset lease's dynamic "bcast" flag on packets from relay;
Check if pool name has changed from RADIUS on renew;
Improved dynamic server entry update;
Do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
Fixed memory leak caused by large DNS replies;
Fixed "ingress-priority" matcher;
Fixed GRE protocol packets considered invalid when PPTP helper is disabled;
Improved interface monitoring;
Added "phy-temperature" sensor monitoring for CRS312 device;
Improved temperature readings on hEX S;
Improved temperature reporting;
Added support for ASN.1 DN "my-id" value setting for initiators;
Check if TS is still valid after obtaining SPI;
Fixed initiator packet retransmit with DDOS cookie;
Fixed memory leak when processing DHCP packets;
Improved SA update by SPI;
Improved system stability on CHR;
Improved system stability on MMIPS devices;
Improved IPv6 firewall rule generation;
Added LTE LED support for LHGGR;
Fixed LTE LED default mapping for wAP R ac LTE kit;
Added additional predefined network servers;
Added channel plan "il-917" for Israel;
Fixed "PULL_DATA" token generation;
Improved support for "/system gpio" menu ("/system routerboard upgrade" required);
Removed 12..16 pins from "/system gpio" menu;
Improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
Allow to disable FastPath (CLI only);
Added server name indication;
Fixed lock file persistence after reinstall;
Improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
Require Netinstall version to be the same or newer as "factory-software";
Use correct IPv6 multicast group for SNTP client;
Always allow to uninstall package even if there is no free disk space left;
Update PoE firmware only on devices that supports it;
Improved stability when receiving bogus response on modem channel;
Improved system stability when setting unsupported link rates;
Use 5GHz interface's country for "Home AP Dual" configuration;
Fixed "reformat-hold-button-max" validation for values below 10s;
Added "sfp-rate-select" setting;
Fixed GPON module linking (introduced in v6.47);
Improved 25Gbps optical module stability and linking;
Improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
Improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 evices;
Changed FEC auto mode to disabled;
Added "engine-id" OID support;
Fixed "ipNetToMediaType" OID for incomplete entries;
Fixed "undo" functionality;
Added controller bridge section;
Print detailed list of active user sessions;
Fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge ettings);
Improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
Fixed "static-ip-address" parameter;
Added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
Added support for Ethernet link speed reporting;
Added support for interface comment reporting and editing;
Added support for supout file upload;
Fixed traceroute diagnostics time values;
Improved XML with new-lines for readable output;
Improved stability for download/upload diagnostics;
Fixed free space checking on flash type memories when installing new packages;
Added battery info for APC Back-UPS BX750MI;
Added "expired" user status with suggestion to change password (WinBox v3.29 required);
Fixed active user session purging on disconnect;
Show "expired password" prompt for users with blank password;
General stability and performance improvements;
Imit power output when using region EU to match EN302567 on nRAY;
Use EU region by default;
Support for logo image from branding package;
Do not show value units twice;
Fixed "Wireless/CAP" menu opening;
Fixed interface sorting by name;
Show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
Added "dhcp" option to "multicast-helper" setting;
Added "fec-mode" parameter under "Interface/Ethernet" menu;
Added "interface-speed-100G" LED type to "System/LEDs" menu;
Added "name" and "file-name" parameter when importing and exporting certificates;
Added "sfp-shutdown-temperature" setting to SFP interfaces;
Added SSH settings under "IP/SSH" menu;
Added TFTP settings under "IP/TFTP/Settings" menu;
Allow setting MCS (24-31) to 4x4 Wireless interfaces;
Do not allow to add/remove W60G interfaces;
Do not allow to set empty "init-string" field under "System/GPS" menu;
Do not show "GPS antenna" selection for devices without selection support;
Fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
Fixed DNS "cache-size" parameter setting;
Fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
Fixed order of weekdays under "IP/Firewall" menu;
Fixed support for "Delegated-IPv6-Prefix" for PPP services;
Match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
Minimal required version is v3.30;
Properly show "CRL Signature" field under "System/Certificate" menu;
Separated CCQ Tx and Rx values in their own unique columns;
Show "System/Health/Settings" only on boards that have configurable values;
Show "current-channel" column by default for CAP interfaces;
Show IPv6 address in separate field under "IP/Cloud" menu;
Added U-NII-2 support for US and Canada country profiles for hAP ac lite;
Added override for multicast-to-unicast translation of DHCP traffic;
Do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
Do not send packet back to station-bridge it was received from;
Fixed minor typo in debug logging messages;
Improve WMM priority assignment for packets with internal priority greater than 7;
Improve regulatory compliance with DFS requirements;
Improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
Improved system stability when sending packets through interface after L2MTU is increased;
Log client signal strength on disconnect;
Renamed "secondary-channel" to "secondary-frequency";
Updated "israel" regulatory domain information;
Updated "united kingdom" regulatory domain information;

New in RouterOS 7.1 RC 4 (Sep 20, 2021)

New in RouterOS 7.1 RC 3 (Sep 8, 2021)

New in RouterOS 7.1 RC 2 (Sep 1, 2021)

New in RouterOS 6.48.4 Stable (Aug 23, 2021)

Branding - fixed missing branding skins if "skins" folder does not exist;
Bridge - added MAC and IP source addresses information for DHCP snooping log;
Bridge - fixed "vlan-encap" setting for filter and NAT rules;
Bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
Capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
Crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
Crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
Defconf - fixed default configuration loading on LHG R;
Defconf - fixed minor typo in configuration description;
Dhcpv6-server - fixed false missing IPv6 Pool warning for dynamic bindings;
Dns - fixed CNAME query when target record is not in cache;
Dns - fixed cache memory leak when resolving CNAME domains;
Health - fixed voltage monitor on BaseBox5 devices;
Health - improved temperature reporting;
Ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
Leds - fixed "/system leds" menu on RBLHG-2nD;
Lora - added additional predefined network servers;
Lte - added support for Sharp 809SH;
Routerboard - fixed "reset-button" on hAP ac;
System - improved stability when receiving bogus packets;
Telnet - fixed "routing-table" parameter usage;
W60g - improved stability in low temperature environments;
Webfig - do not show "units" twice in multi list entries;
Winbox - added "Cloud Backup" options under "Files" menu;
Winbox - added "interworking-profile" parameter under "Wireless" menu;
Winbox - added support for PTP;
Winbox - do not show "Functionality" field for LTE interface if it is not provided;
Winbox - fixed "Switch" menu on RBwAPG;
Winbox - fixed "vid" parameter under "Bridge/Hosts" menu;
Winbox - show "System/Health" only on boards that have health monitoring;
Wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
Wireless - added U-NII-2 support for US and Canada country profiles for hap ac, hAP ac^3 LTE6, Audience and Audience LTE6;
Wireless - updated "israel" regulatory domain information;

New in RouterOS 6.49 Beta 54 (Jul 5, 2021)

Bridge - fixed external flag in the host table for wireless clients;
Capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
Crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
Crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
Defconf - apply default configuration from branding package when performing reset with button;
Defconf - fixed default configuration loading on LHG R;
Health - fixed voltage monitor on BaseBox5 devices;ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
Ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
Ike2 - check if TS is still valid after obtaining SPI;
Ipsec - improved SA update by SPI;
Leds - fixed "/system leds" menu on RBLHG-2nD;
Lora - added channel plan "il-917" for Israel;
Lte - added support for Sharp 809SH;
M33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
Sfp - improved 25Gbps optical module stability and linking;
Snmp - added "engine-id" OID support;
Snmp - fixed "ipNetToMediaType" OID for incomplete entries;
Ssh - fixed "undo" functionality;
System - improved stability when receiving bogus packets;
Telnet - fixed "routing-table" parameter usage;
Tr069-client - added support for Ethernet link speed reporting;
Tr069-client - added support for interface comment reporting and editing;
Tr069-client - added support for supout file upload;
Tr069-client - improved stability for download/upload diagnostics;
Ups - added battery info for APC Back-UPS BX750MI;
W60g - general stability and performance improvements;
Webfig - added support for logo image from branding package;
winbox - added "Cloud Backup" options under "Files" menu;
Winbox - added "interworking-profile" parameter under "Wireless" menu;
Winbox - added "name" and "file-name" parameter when importing and exporting certificates;
Winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
Winbox - added SSH settings under "IP/SSH" menu;
Winbox - added TFTP settings under "IP/TFTP/Settings" menu;
Winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
Winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
Winbox - do not show "Functionality" field for LTE interface if it is not provided;
Winbox - do not show "GPS antenna" selection for devices without selection support;
Winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
Winbox - fixed "Switch" menu on RBwAPG;
Winbox - fixed DNS "cache-size" parameter setting;
Winbox - fixed order of weekdays under "IP/Firewall" menu;
Winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
Winbox - properly show "CRL Signature" field under "System/Certificate" menu;
Winbox - show "System/Health" only on boards that have health monitoring;
Winbox - show IPv6 address in separate field under "IP/Cloud" menu;
Wireless - added override for multicast-to-unicast translation of DHCP traffic;
Wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;

New in RouterOS 6.47.10 LTS (Jun 2, 2021)

wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
bonding - improved system stability when disabling/enabling bonding ports;
branding - added option to upload custom files (newly generated branding package required);
capsman - use proper units for "ap-tx-limit" and "client-tx-limit" parameters;
console - do not clear environment values if any global variable is set;
console - require "write+ftp" permissions for exporting configuration to file;
console - updated copyright notice;
crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
defconf - fixed default configuration loading on LHG R;
defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
dhcp - fixed link state checking for DHCP client;
dude - fixed configuration menu presence on ARM64 devices;
ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
ipsec - fixed SA address parameter exporting;
lte - fixed "earfcn" to band translation for "cell-monitor";
ovpn - fixed route cache entry leak when establishing a new session;
poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
ppp - do not fail "at-chat" command when issued on disabled PPP interface;
ptp - improved management service stability when receiving bogus packets;
quickset - prefer 5GHz interface for WiFi scan in CPE mode;
rb4011 - fixed SFP+ port MTU setting after link state change;
rb4011 - improved SFP+ port stability after boot-up;
route - improved stability when connected route is modified;
sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
supout - fixed "topic" column presence in "Log" section;
switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
telnet - do not send options if connecting to non standard port;
telnet - fixed server when run on non standard port;
tile - fixed bridge performance degradation (introduced in v6.47);
tr069-client - improved management service stability when receiving bogus packets;
upgrade - improved "long-term" upgrade procedure on SMIPS devices;
webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
webfig - do not corrupt settings when starting "Wireless Sniffer";
webfig - do not move top right menu in opposite direction when scrolling horizontally;
webfig - show "network-mode" for LTE modems that support it;
winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
winbox - fixed health reporting on RB960, hEX and hEX S devices;
winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
winbox - increased "target" field limit to 128 under "Queues" menu;
winbox - show "LCD" only on boards that have LCD;
winbox - show "System/Health" only on boards that have health monitoring;
winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
wireless - fixed issue with multicast traffic delivery to client devices using power-save;
wireless - improved iOS compatibility with HotSpot 2.0 networks;
www - added "X-Frame-Options" header information to disallow website embedding in other pages;

New in RouterOS 6.48.3 Stable (May 26, 2021)

MAJOR CHANGES:
Wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
Other changes:
Branding - added option to upload custom files (newly generated branding package required);
Console - do not clear environment values if any global variable is set;
Crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
Crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
Crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
Crs3xx - improved LACP linking between CRS3xx series switches;
Crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
Defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
Dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
Dot1x - fixed MAC authentication fallback (introduced in v6.48);
Ipsec - fixed SA address parameter exporting;
Lte - fixed "earfcn" to band translation for "cell-monitor";
Package - added new "iot" package with Bluetooth (KNOT only) and MQTT publisher support;
Rb4011 - fixed SFP+ port MTU setting after link state change;
Rb4011 - improved SFP+ port stability after boot-up;
Route - improved stability when connected route is modified;
Sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
Ssh - return proper error code from executed command;
System - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
Tile - fixed bridge performance degradation (introduced in v6.47);
Webfig - fixed "PortMapping" button (introduced in v6.48.2);
Winbox - fixed health reporting on RB960, hEX and hEX S devices;
Winbox - show "System/Health" only on boards that have health monitoring;
Wireless - fixed issue with multicast traffic delivery to client devices using power-save;
Wireless - improved iOS compatibility with HotSpot 2.0 networks;
Www - added "X-Frame-Options" header information to disallow website embedding in other pages;

New in RouterOS 7.1 Beta 6 Development (May 19, 2021)

New in RouterOS 6.49 Beta 46 (May 19, 2021)

Wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
Crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
Dns - fixed CNAME query when target record is not in cache;
Winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
Other changes since v6.48.2:
Bridge - added IGMP and MLD querier monitoring (CLI only);
Bridge - added IGMP snooping log when multicast table gets full;
Bridge - added MAC and IP source addresses information for DHCP snooping log;
Bridge - fixed "vlan-encap" setting for filter and NAT rules;
Bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
Bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
Chr - fixed OS provisioning on Azure;
Chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
Conntrack - increased total connection tracking table size based on installed RAM size;
Console - require "write+ftp" permissions for executing script to file;
Console - require "write+ftp" permissions for printing to file;
Crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
Crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
Crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
Crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
Crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
Crs3xx - fixed interface flow control;
Crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
Crs3xx - improved LACP linking between CRS3xx series switches;
Crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
Crs3xx - improved packet transmit on SFP+ interfaces;
Crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
Crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
Defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
Defconf - fixed minor typo in configuration description;
Defconf - removed overlapping IPv6 firewall rules;
Defconf - use router as DNS server for DHCP hosts;
Dhcpv6-server - check if pool name has changed from RADIUS on renew;
Dhcpv6-server - improved dynamic server entry update;
Dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
Dot1x - fixed MAC authentication fallback (introduced in v6.48);
Firewall - fixed "ingress-priority" matcher;
Firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
Health - added "phy-temperature" sensor monitoring for CRS312 device;
Ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
Ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
Ike2 - fixed initiator packet retransmit with DDOS cookie;
Ipsec - fixed SA address parameter exporting;
Ipsec - improved system stability on CHR;
Ipsec - improved system stability on MMIPS devices;
Lte - fixed "earfcn" to band translation for "cell-monitor";
M33g - removed 12..16 pins from "/system gpio" menu;
Mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
Netinstall - fixed lock file persistence after reinstall;
Netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
Ntp - use correct IPv6 multicast group for SNTP client;
Package - always allow to uninstall package even if there is no free disk space left;
Poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
Ppp - improved stability when receiving bogus response on modem channel;
Rb4011 - fixed SFP+ port MTU setting after link state change;
Rb4011 - improved SFP+ port stability after boot-up;
Rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
Route - improved stability when connected route is modified;
Sfp - added "sfp-rate-select" setting (CLI only);
Sfp - fixed GPON module linking (introduced in v6.47);
Sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
Sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
Ssh - return proper error code from executed command;
Supout - print detailed list of active user sessions;
Switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
Switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
Swos - fixed "static-ip-address" parameter;
System - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
Tile - fixed bridge performance degradation (introduced in v6.47);
Tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
Upgrade - fixed free space checking on flash type memories when installing new packages;
W60g - improved stability in low temperature environments;
Webfig - do not show value units twice;
Webfig - fixed "PortMapping" button (introduced in v6.48.2);
Webfig - fixed "Wireless/CAP" menu opening;
Webfig - fixed interface sorting by name;
Webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
Winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
Winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
Winbox - show "System/Health" only on boards that have health monitoring;
Wireless - do not send packet back to station-bridge it was received from;
Wireless - fixed issue with multicast traffic delivery to client devices using power-save;
Wireless - fixed minor typo in debug logging messages;
Wireless - improve WMM priority assignment for packets with internal priority greater than 7;
Wireless - improve regulatory compliance with DFS requirements;
Wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
Wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
Wireless - renamed "secondary-channel" to "secondary-frequency";
Wireless - updated "united kingdom" regulatory domain information;
Www - added "X-Frame-Options" header information to disallow website embedding in other pages;

New in RouterOS 6.49 Beta 44 (May 12, 2021)

New in RouterOS 6.49 Beta 38 (Apr 23, 2021)

Other changes since v6.48.2:
Bridge - added IGMP and MLD querier monitoring (CLI only);
Bridge - added IGMP snooping log when multicast table gets full;
Bridge - added MAC and IP source addresses information for DHCP snooping log;
Bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
Bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
Chr - fixed OS provisioning on Azure;
Chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
Conntrack - increased total connection tracking table size based on installed RAM size;
Console - require "write+ftp" permissions for executing script to file;
Console - require "write+ftp" permissions for printing to file;
Crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
Crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
Crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
Crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
Crs3xx - fixed interface flow control;
Crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
Crs3xx - improved LACP linking between CRS3xx series switches;
Crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
Crs3xx - improved packet transmit on SFP+ interfaces;
Crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
Crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
Defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
Defconf - fixed minor typo in configuration description;
Defconf - removed overlapping IPv6 firewall rules;
Defconf - use router as DNS server for DHCP hosts;
Dhcpv6-server - check if pool name has changed from RADIUS on renew;
Dhcpv6-server - improved dynamic server entry update;
Dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
Dot1x - fixed MAC authentication fallback (introduced in v6.48);
Firewall - fixed "ingress-priority" matcher;
Firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
Ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
Ike2 - fixed initiator packet retransmit with DDOS cookie;
Ipsec - fixed SA address parameter exporting;
Ipsec - improved system stability on CHR;
Ipsec - improved system stability on MMIPS devices;
M33g - removed 12..16 pins from "/system gpio" menu;
Mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
Netinstall - fixed lock file persistence after reinstall;
Netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
Ntp - use correct IPv6 multicast group for SNTP client;
Package - always allow to uninstall package even if there is no free disk space left;
Poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
Ppp - improved stability when receiving bogus response on modem channel;
Rb4011 - fixed SFP+ port MTU setting after link state change;
Rb4011 - improved SFP+ port stability after boot-up;
Rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
Route - improved stability when connected route is modified;
Sfp - added "sfp-rate-select" setting (CLI only);
Sfp - fixed GPON module linking (introduced in v6.47);
Sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
Sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
Ssh - return proper error code from executed command;
Supout - print detailed list of active user sessions;
Switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
Swos - fixed "static-ip-address" parameter;
Tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
Upgrade - fixed free space checking on flash type memories when installing new packages;
W60g - improved stability in low temperature environments;
Webfig - do not show value units twice;
Webfig - fixed "PortMapping" button (introduced in v6.48.2);
Webfig - fixed "Wireless/CAP" menu opening;
Webfig - fixed interface sorting by name;
Webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
Winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
Winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
Wireless - do not send packet back to station-bridge it was received from;
Wireless - fixed issue with multicast traffic delivery to client devices using power-save;
Wireless - fixed minor typo in debug logging messages;
Wireless - improve WMM priority assignment for packets with internal priority greater than 7;
Wireless - improve regulatory compliance with DFS requirements;
Wireless - renamed "secondary-channel" to "secondary-frequency";
Wireless - updated "united kingdom" regulatory domain information;

New in RouterOS 6.49 Beta 36 (Apr 23, 2021)

New in RouterOS 6.48.2 Stable (Apr 13, 2021)

bonding - improved system stability when disabling/enabling bonding ports;
bridge - improved bridge stability when host changes port (introduced in v6.47);
console - require "write+ftp" permissions for exporting configuration to file;
console - updated copyright notice;
crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
dhcp - fixed link state checking for DHCP client;
ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
health - fixed voltage monitor on BaseBox5 devices;
ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
ike2 - fixed DH group negotiation with EAP;
ike2 - fixed EAP MSK length validation (introduced in v6.48);
ike2 - fixed initial traffic selector's protocol and port in transport mode;
ipv6 - improved system stability when parsing IPv6 options;
lora - added additional predefined network servers;
lora - added option to hide CRC error messages in monitor;
lora - improved downlink transmission;
ospf - fixed type-7 LSA translation to type-5;
ovpn - fixed route cache entry leak when establishing a new session;
poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
ppp - do not fail "at-chat" command when issued on disabled PPP interface;
ptp - improved management service stability when receiving bogus packets;
quickset - prefer 5GHz interface for WiFi scan in CPE mode;
rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
snmp - fixed SNMP trap agent address;
supout - fixed "topic" column presence in "Log" section;
switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
telnet - do not send options if connecting to non standard port;
telnet - fixed server when run on non standard port;
tr069-client - improved management service stability when receiving bogus packets;
upgrade - fixed upgrade procedure on 16MB devices;
upgrade - improved "long-term" upgrade procedure on SMIPS devices;
user - fixed "skin" configuration for user groups (introduced in v6.48);
webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
webfig - do not corrupt settings when starting "Wireless Sniffer";
webfig - do not move top right menu in opposite direction when scrolling horizontally;
webfig - do not show newly created SMB shares as invalid;
webfig - fixed new interface addition;
webfig - show "Interfaces" menu by default after logging in;
webfig - show "network-mode" for LTE modems that support it;
winbox - added "Channel" parameter under "System/Console" menu;
winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" enu;
winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
winbox - increased "target" field limit to 128 under "Queues" menu;
winbox - renamed IP protocol 41 to "ipv6-encap";
winbox - show "LCD" only on boards that have LCD;
winbox - show "System/Health" only on boards that have health monitoring;
winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;

New in RouterOS 7.1 Beta 5 Development (Mar 17, 2021)

New in RouterOS 6.47.9 LTS (Mar 15, 2021)

New in RouterOS 6.48.1 Stable (Feb 5, 2021)

New in RouterOS 6.48 Stable (Dec 23, 2020)

arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
arm - improved system stability;
arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
arm64 - improved reboot reason reporting in log;
bgp - fixed VPNV4 RD byte order;
bonding - added LACP monitoring;
branding - fixed LCD logo loading from new style branding package;
bridge - added "multicast-router" monitoring value for bridge interface;
bridge - added fixes and improvements for IGMP and MLD snooping;
bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
bridge - added warning message when port is disabled by the BPDU guard;
bridge - allow to exclude interfaces from extended ports;
bridge - automatically remove extended interfaces when deleting PE device from CB;
bridge - correctly filter packets by L2MTU size;
bridge - correctly remove dynamic VLAN assignment for bridge ports;
bridge - fixed "multicast-router" setting on bridge enable;
bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
bridge - fixed local MAC address removal from host table when deleting bridge interface;
bridge - fixed multicast table printing;
bridge - improved BPDU guard logging;
bridge - increased multicast table size to 4K entries;
Bridge - show "H" flag for extended bridge ports;
bridge - show error when switch do not support controlling bridge or port xtension;
bridge - use "frame-types=admit-all" by default for extended bridge ports;
cap - fixed L2MTU setting from CAPsMAN;
certificate - clear challenge password on renew;
certificate - fixed CRL URL length limit;
Certificate - fixed private key verification for CA certificate during signing process;
certificate - generate CRL even when CRL URL not specified;
certificate - properly flush expired SCEP OTP entries;
chr - fixed SSH key import on Azure;
chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
chr - improved interface loading on startup on XEN;
chr - improved system stability when changing flow control settings on e1000;
cloud - improved backup generation process;
conntrack - automatically reduce connection tracking timeouts when table is full;
console - allow "once" parameter for bonding monitoring;
crs3xx - added initial Bridge Port Extender support;
crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
crs3xx - correctly filter packets by L2MTU size;
crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
crs3xx - fixed duplicate host entries when creating static switch hosts;
crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
crs3xx - improved system stability on CRS354 devices;
crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
defconf - fixed static IP address setting in case default configuration loading fails;
defconf - improved CAP interface bridging;
defconf - improved default configuration generation on devices with non-default wireless interface names;
detnet - fixed malformed dummy DHCP User Class option;
detnet - use MAC address from bridge interface instead of slave port;
dhcp - fixed DHCP packet forwarding to IPsec policies;
dhcpv4-server - improved "client-id" value parsing;
dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
dhcpv6-server - added ability to generate binding on first request;
dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
dhcpv6-server - make sure that calling station ID always contains DUID;
discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
discovery - allow choosing which discovery protocol is used;
discovery - fixed discovery on mesh ports;
discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
discovery - fixed discovery when enabled only on master port;
discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
discovery - use interface MAC address when sending MNDP from slave port;
disk - fixed external EXT3 disk mounting on x86 systems;
dns - added IPv6 support for DoH;
dns - do not use type "A" for static entries with unspecified type;
dns - end ongoing queries when changing DoH configuration;
dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
dot1x - fixed reauthentication after server rejects a client into VLAN;
dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
dude - fixed configuration menu presence on ARM64 devices;
export - fixed RouterBOARD USB "type" parameter export;
filesystem - fixed repartition on RB4011 series devices;
filesystem - fixed repartition on non-first partition;
filesystem - improved long-term filesystem stability and data integrity;
gps - fixed "init-channel" release when not used;
health - changed PSU state parameter type to read-only;
health - removed unused "heater-control" and "heater-threshold" parameters;
hotspot - added "vlan-id" parameter support for hosts and HTML pages;
hotspot - added support for captive portal advertising using DHCP (RFC7710);
hotspot - fixed "html-directory" parameter export;
hotspot - improved management service stability when receiving bogus packets;
ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
ike1 - fixed 'rsa-signature-hybrid' authentication method;
ike1 - fixed memory leak on multiple CR payloads;
ike1 - fixed policy update with and without mode configuration;
ike1 - rekey phase 1 as responder for Windows initiators;
ike2 - added "prf-algorithm" support for phase 1;
ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
ike2 - fixed EAP MSK length validation;
ike2 - fixed too small payload parsing;
ike2 - improved EAP message integrity checking;
ike2 - improved child SA rekeying process;
interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
interface - fixed pwr-line running state (introduced in v6.45);
ipsec - added SHA384 hash algorithm support for phase 1;
ipsec - do not kill connection when peer's "name" or "comment" is changed;
ipsec - fixed client certificate usage when certificate is renewed with SCEP;
ipsec - fixed multiple warning message display for peers;
ipsec - inactivate peer's policy on disconnect;
ipsec - refresh peer's DNS only when phase 1 is down;
kidcontrol - allow creating static device entries without assigned user;
led - fixed state persistence after device reboot on NetMetal 5 ac devices;
lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
lte - added "comment" parameter for APN profiles;
lte - added support for Alcatel IK41VE1;
lte - fixed "band" value reporting;
lte - increased "at+cops" reply timeout to 90 seconds;
m33g - added support for "/system gpio" menu (CLI only);
metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
metarouter - fixed memory leak when tearing down metarouter instance;
ppp - added "bridge-learning" parameter support;
ppp - added "ipv6-routes" parameter to "secrets" menu;
ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
ppp - store "last-caller-id" for PPP secrets;
ppp - store "last-disconnect-reason" for PPP secrets;
profile - added "lcd" process classificator;
profile - improved idle process detection on x86 processors;
profile - improved process classification on ARM devices;
quickset - added "Port Mapping" to QuickSet;
quickset - fixed local IP address setting on master interface;
route - improved stability when 6to4 interface is configured with disabled IPv6 package;
routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
script - added error message in the logs if startup script runtime limit was exceeded;
snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
snmp - fixed value types for "dot1dStp";
snmp - fixed value types for "dot1qPvid";
sh - fixed returned output saving to file when "output-to-file" parameter is used;
ssh - skip interactive authentication when not running in interactive mode;
supout - added bonding interface monitor information;
supout - improved autosupout.rif file generation process;
timezone - updated timezone information from "tzdata2020d" release;
tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
tr069-client - added LTE model and revision parameters;
tr069-client - added additional wireless registration table parameters;
tr069-client - added branding package build time parameter;
tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
tr069-client - allow passing LTE firmware update URL as XML;
tr069-client - fixed RouterOS downgrade procedure;
tr069-client - fixed TotalBytesReceived parameter value;
tr069-client - send correct "ConnectionRequestURL" when using IPv6;
traffic-flow - added "sys-init-time" parameter support;
traffic-flow - added NAT event logging support for IPFIX;
traffic-generator - fixed 32Gbps limitation;
user-manager - do not allow creating limitation that crosses midnight;
user-manager - updated PayPal's root certificate authorities;
webfig - allow hiding QuickSet mode selector;
webfig - allow hiding and renaming inline buttons;
webfig - fixed default value presence when creating new entries under "IP/Kid Control";
webfig - properly stop background processes when switching away from QuickSet tab;
winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
winbox - added missing IGMP Snooping settings to "Bridge" menu;
winbox - added missing MSTP settings to "Bridge" menu;
winbox - added support for LTE Cell Monitor;
winbox - allow adding bonding interface with one slave interface;
winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
winbox - fixed minor typo in "Users" menu;
winbox - provide sane default values for bridge "VLAN IDs" parameter;
winbox - use health values reported by gauges for "System/Health" menu;
wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
wireless - create "connect-list" rule when address specified for "setup-repeater";
wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
wireless - improved WPS process stability;
wireless - increased "group-key-update" maximum value to 1 day;
wireless - updated "indonesia5" regulatory domain information;
wireless - updated "no_country_set" regulatory domain information;

New in RouterOS 6.48 RC 1 (Dec 15, 2020)

New in RouterOS 6.47.8 Stable (Nov 26, 2020)

New in RouterOS 6.47.6 Stable (Oct 22, 2020)

New in RouterOS 6.48 Beta 48 (Oct 15, 2020)

Changes in this release:
Bridge - automatically remove extended interfaces when deleting PE device from CB;
Cap - fixed L2MTU path discovery;
Cap - fixed L2MTU setting from CAPsMAN;
Certificate - fixed private key verification for CA certificate during signing process;
Cloud - improved backup generation process;
Crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
Crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
Defconf - fixed default configuration loading on RBmAP-2nD;
Dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
Discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
Dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
Fetch - improved SSL handshake processing;
Filesystem - improved long-term filesystem stability and data integrity;
Ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
Ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
Ike2 - fixed EAP MSK length validation;
Ike2 - fixed too small payload parsing;
Interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
Led - fixed state persistence after device reboot on NetMetal 5 ac devices;
Lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
Lte - fixed "band" value reporting;
Lte - fixed multiple APN passthrough on R11e-4G;
Lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
Lte - limit allowed APN count to 3 on R11e-LTE;
M33g - added support for "/system gpio" menu (CLI only);
Mpls - fixed duplicate "LabelRelease" message sending;
Profile - improved idle process detection on x86 processors;
Profile - improved process classification on ARM devices;
Quickset - added "Port Mapping" to QuickSet;
Quickset - fixed local IP address setting on master interface;
Radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
Routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
Routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
Script - added error message in the logs if startup script runtime limit was exceeded;
snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
Snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
Switch - fixed Ethernet padding for small packets;
Tr069-client - fixed RouterOS downgrade procedure;
Traffic-flow - added NAT event logging support for IPFIX;
Traffic-generator - fixed 32Gbps limitation;
User - improved WinBox and The Dude authenticated session handling;
User-manager - do not allow creating limitation that crosses midnight;
User-manager - updated PayPal's root certificate authorities;
Vrrp - made "password" parameter sensitive;
W60g - general stability and performance improvements;
Wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
Wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
Wireless - fixed incorrect wireless capability information in association response frames;
Wireless - updated "no_country_set" regulatory domain information;

New in RouterOS 6.47.4 Stable (Sep 21, 2020)

New in RouterOS 6.48 Beta 40 (Sep 15, 2020)

New in RouterOS 6.46.7 LTS (Sep 14, 2020)

Important note!!!:
The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
The Dude client must be manually upgraded after upgrading The Dude server.
The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes since 6.46.6:
Arm - improved stability when forcing 25G speed on unsupported interface;
Bridge - fixed host table update on SNMP query;
Bridge - fixed STP alternate and backup port states for devices with switch chip; crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
Crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
Crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
Crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
Crs3xx - improved 10G interface initialization on CRS312 devices;
Crs3xx - improved Ethernet port group traffic forwarding on CRS354 devices;
Crs3xx - improved system stability when using hardware offloaded MPLS;
Defconf - fixed default configuration loading on RBmAPL-2nD;
Dhcpv6-server - disallow changing binding's "prefix-pool";
Dhcpv6-server - do not require "server" parameter for bindings;
Discovery - do not send discovery packets on inactive bonding slave interfaces;
Discovery - do not send discovery packets on interfaces that are blocked by STP;
Dot1x - fixed duplicate EAP request packets for server;
Dot1x - fixed EAP packet version numbering;
Email - added support for multiple "to" recipients;
Export - fixed HotSpot "address-per-mac" parameter export;
Fetch - show status "uploaded" instead of "downloaded" when uploading a file;
Ftp - fixed possible buffer overflow;
Hotspot - ignore packets from host while MAC authentication is in progress;
Ike1 - improved stability when performing policy lookup on non-existant peer;
Ike2 - fixed local side NAT detection;
Ike2 - fixed policy reference for pending acquire;
Ike2 - retry RSA signature validation with deduced digest from certificate;
Interface - added new builtin "static" interface list;
Kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
Lcd - improved general system stability when LCD is not present;
Lte - fixed modem initialization when multiple modems are used simultaneously;
Lte - fixed PDP authentication configuration for SIM7600;
Lte - improved stability during firmware upgrade;
Metarouter - fixed image importing (introduced in v6.46);
Ospf - fixed disappearing NSSA default route;
Ospf - fixed processing of "unknown" LSA type;
Ospf - improved route tag processing for OSPFv3;
Poe - fixed "power-cycle" functionality on hEX PoE, PowerBox Pro and OmniTIK 5 PoE ac;
Port - removed serial console port on hEX S;
Ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
Profile - added support for CCR2004-1G-12S+2XS;
Qsfp - fixed auto-negotiation status;
Quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
Quickset - show "Antenna Gain" setting on devices without built-in antennas;
Route - improved stability when 6to4 interface is configured with disabled IPv6 package;
Routerboard - fixed "reset-button" menu presence on all devices;
Routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
Sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
Smb - fixed file path validation (introduced in v6.46);
Smb - fixed possible memory leak;
Smb - limit active session count to 5 per connection;
Sniffer - allow setting port for "streaming-server";
Snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
Switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
Switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
Upgrade - fixed space handling in package file names;
W60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
W60g - improved rate selection in low traffic conditions;
Webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
Winbox - added "region" parameter for W60G interfaces;
Winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
Winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
Winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
Winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
Winbox - fixed wireless sniffer parameter setting;
Winbox - hide irrelevant switch port parameters;
Wireless - added support for U-NII-2 for cAP ac;
Wireless - added support for U-NII-2 for wAP ac;
Wireless - allow setting "tx-power" up to 40;
Wireless - changed "station-roaming" default setting from "enabled" to "disabled";
Wireless - fixed potential wireless driver issue related to CVE-2020-3702;
Wireless - improved management service stability when receiving bogus packets;
Wireless - updated "bangladesh" regulatory domain information;
Wireless - updated "canada" regulatory domain information;
Wireless - updated "egypt" regulatory domain information;
Wireless - updated "indonesia5" regulatory domain information;
Wireless - updated "united states" regulatory domain information;
Www - added "tls-version" parameter in "IP->Services" menu;

New in RouterOS 6.47.3 Stable (Sep 3, 2020)

New in RouterOS 6.48 Beta 35 (Sep 2, 2020)

bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
bridge - fixed host table update on SNMP query;
bridge - fixed multicast table printing;
bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
bridge - increased multicast table size to 4K entries;
crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
defconf - improved CAP interface bridging;
defconf - improved default configuration generation on devices without wireless package installed;
discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
discovery - allow choosing which discovery protocol is used (CLI only);
discovery - fixed discovery on mesh ports;
discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
discovery - fixed discovery when enabled only on master port;
discovery - use interface MAC address when sending MNDP from slave port;
dns - added IPv6 support for DoH;
dns - fixed multiple TXT string replies;
dns - hide default static entry "type" from export;
fetch - fixed "src-address" usage for SFTP;
filesystem - improved long-term filesystem stability and data integrity;
health - removed unused "heater-control" and "heater-threshold" parameters;
hotspot - added support for captive portal advertising using DHCP (RFC7710);
hotspot - improved management service stability when receiving bogus packets;
ike2 - fixed local side NAT detection;
ipsec - do not kill connection when peer's "name" or "comment" is changed;
ipsec - refresh peer's DNS only when phase 1 is down;
lte - added support for Alcatel IK41VE1;
snmp - fixed value types for "dot1dStp";
tr069-client - send correct "ConnectionRequestURL" when using IPv6;
traffic-flow - added "sys-init-time" parameter support;
wireless - allow setting "tx-power" up to 40;

New in RouterOS 6.48 Beta 27 (Aug 19, 2020)

New in RouterOS 6.47.1 Stable (Jul 10, 2020)

Fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
Crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
Crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
Defconf - fixed default configuration generation on devices without "wireless" package installed;
Defconf - fixed default configuration loading on RBmAPL-2nD;
Defconf - improved default configuration generation on devices with changed wireless interface names;
Dhcpv6-server - disallow changing binding's "prefix-pool";
Dhcpv6-server - improved stability when changing server for static bindings;
Dns - do not allow setting "forward-to" same as "name" or "regex";
Dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
Dns - do not use DoH for local queries when a server is specified;
Export - fixed HotSpot "address-per-mac" parameter export;
Filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
Ftp - fixed possible buffer overflow;
Ike2 - fixed initiator child SA init without policy;
Ike2 - fixed policy reference for pending acquire;
Ike2 - retry RSA signature validation with deduced digest from certificate;
Ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
Lora - added "spoof-gps" parameter for fake GPS coordinate sending;
Lora - fixed JSON statistics inaccuracies;
Lte - added support for MTS 8810FT;
Lte - fixed modem initialization when multiple modems are used simultaneously;
Lte - fixed PDP authentication configuration for SIM7600;
Metarouter - fixed image importing (introduced in v6.46);
Ospf - improved route tag processing for OSPFv3;
Ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
Profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
Qsfp - fixed auto-negotiation status;
Qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
Routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
Routerboard - fixed "reset-button" menu presence on all devices;
Supout - added "LoRa" section to supout file;
Switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
W60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
Winbox - fixed flag displaying under "IP/DNS/Static" table;
Winbox - fixed minor typo in "BGP/Peer" menu;
Winbox - hide irrelevant switch port parameters;
Wireless - changed "station-roaming" default setting from "enabled" to "disabled";
Wireless - updated "bangladesh" regulatory domain information;
Wireless - updated "egypt" regulatory domain information;

New in RouterOS 6.47 Stable (Jul 3, 2020)

MAJOR CHANGES IN v6.47:
dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
socks - added support for SOCKS5 (RFC 1928);
user - enable "winbox" policy for groups with "dude" policy automatically on upgrade;
Changes in this release:
api - added ECDHE cipher support for "api-ssl" service;
bonding - improved slave interface MAC address handling;
bonding - prefer primary slave MAC address for bonding interface;
branding - do not ask to confirm configuration applied from branding package;
branding - fixed identity setting from branding package;
branding - improved branding package installation process when another branding package is already installed;
bridge - added logging debug message when a host MAC address is learned on a different bridge port;
bridge - added warning message when a bridge port gets dynamically added to VLAN range;
bridge - correctly remove disabled MSTI;
bridge - improved hardware offloading enabling/disabling;
certificate - added "skid" and "akid" values for detailed print;
certificate - allow dynamic CRL removal;
certificate - disabled CRL usage by default;
certificate - do not use SSL for first CRL update;
chr - added support for file system quiescing;
chr - added support for hardware watchdog on ESXI;
chr - enabled support for VMBus protocol version 4.1;
chr - improved system stability when running CHR on Hyper-V;
crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
crs3xx - improved 10G interface initialization on CRS312 devices;
crs3xx - improved switch host table updating;
crs3xx - show correct switch model for netPower 15FR device;
defconf - fixed default configuration initialization if power loss occurred during the process;
dhcpv4 - added end option (255) validation for both server and client;
dhcpv4-client - improved stability when changing client while still receiving advertisements;
dhcpv4-server - disallow zero lease-time setting;
dhcpv6-client - improved error logging when when renewed address differs;
dhcpv6-server - do not require "server" parameter for bindings;
dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
discovery - do not send discovery packets on inactive bonding slave interfaces;
discovery - do not send discovery packets on interfaces that are blocked by STP;
disk - improved disk management service stability when receiving bogus packets;
disk - improved recently created file survival after reboots;
dns - added support for exclusive dynamic DNS server usage from IPsec;
dns - added support for forwarding DNS queries of static entries to specific server;
dns - added support for multiple type static entries;
dot1x - added "radius-mac-format" parameter;
dot1x - added hex value support for RADIUS switch rules;
dot1x - added range "dst-port" support for RADIUS switch rules;
dot1x - added support for lower case "mac-auth" RADIUS formats;
dot1x - fixed "reject-vlan-id" value range;
dot1x - fixed dynamically created switch rule removal when client disconnects;
dot1x - fixed port blocking when interface changes state from disabled to enabled;
dot1x - improved Dot1X service stability when receiving bogus packets;
dot1x - improved debug logging output to "dot1x" topic;
dot1x - improved value validation for dynamically created switch rules;
email - added support for multiple "to" recipients;
ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
fetch - fixed "User-Agent" usage if provided by "http-header-field";
graphing - improved graphing service stability when receiving bogus packets;
health - added "gauges" submenu with SNMP OID reporting;
health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
hotspot - updated splash page design ('/ip hotspot reset-html' required);
ike1 - added error message when specifying "my-id" for XAuth identity;
ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
ike1 - do not try to keep phase 2 when purging phase 1;
ike1 - improved policy lookup with specific protocol;
ike1 - improved stability when performing policy lookup on non-existant peer;
ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
ike2 - added support for RADIUS Disconnect-Request message handling;
ike2 - added support for RFC8598;
ike2 - allow initiator address change before authentication;
ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
interface - improved system stability when receiving bogus packets;
interface - increased loopback interface MTU to 65536;
ipsec - added "split-dns" parameter support for mode configuration;
ipsec - added "use-responder-dns" parameter support;
ipsec - allow specifying two peers for a single policy for failover;
ipsec - control CRL validation with global "use-crl" setting;
ipsec - do full certificate validation for identities with explicit certificate;
ipsec - fixed minor spelling mistake in logs;
ipsec - improved IPsec service stability when receiving bogus packets;
ipsec - place dynamically created IPsec policies by L2TP client at the begining of the table;
kidcontrol - ignore IPv6 multicast MAC addresses;
l2tp - added "src-address" parameter for L2TP client;
l2tp - added "use-peer-dns" parameter for L2TP client;
l2tp - improved dynamically created IPsec configuration updating;
l2tp - use L2TP interface when adding dynamic IPsec peer;
lcd - fixed LCD service becoming unavailable on devices without LCD screen;
lcd - improved general system stability when LCD is not present;
led - fixed minor typo in LED warning message;
log - added logging entry when changing user's password;
log - added tunnel endpoint address to establishment and disconnect logging entries;
log - made startup script failures log as critical errors;
lte - added support for Huawei K5161 modem;
lte - added support for NEOWAY N720;
lte - added support for multiple passthrough APN configuration;
lte - do not allow running "scan" on R11e-4G;
lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
lte - fixed "band" parameter persistence after disable/enable;
lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
lte - fixed VLAN interface passthrough support;
lte - fixed multiple APN reactivation after deactivation by operator;
lte - improved stability during firmware upgrade;
lte - made "mac-address" parameter read-only;
lte - show "phy-cellid" value only in LTE mode;
netinstall - removed "Flashfig" from Netinstall;
netinstall - removed "Make Floppy" from Netinstall;
netinstall - signed netinstall.exe with Digital Signature;
netwatch - improved Netwatch service stability when invalid configuration values are passed;
ovpn - added "use-peer-dns" parameter for OVPN client;
port - removed serial console port on hEX S;
ppp - added "Acct-Session-Id" attribute to "Access-Request" messages;
ppp - added support for ZTE MF90;
ppp - fixed minor typo when running "info" command;
ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
pptp - added "use-peer-dns" parameter for PPTP client;
profile - added support for CCR2004-1G-12S+2XS;
proxy - increased minimal free RAM that can not be used for proxy services;
qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default;
quickset - do not show "SINR" field in Quick Set when there is no data;
quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
quickset - removed "EARFCN" field from Quick Set;
quickset - removed "LTE band" setting from Quick Set;
quickset - show "Antenna Gain" setting on devices without built-in antennas;
quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
routerboard - added "hold-time" parameter to mode-button menu;
routerboard - added "reset-button" menu - custom command execution with reset button;
routing - improved IGMP-Proxy service stability when receiving bogus packets;
routing - improved routing service stability when receiving bogus packets;
sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
sniffer - allow setting port for "streaming-server";
snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
snmp - improved OID policy checking and error reporting on "set" command;
snmp - improved stability when polling MAC address related OID;
ssh - improved SSH service stability when receiving bogus packets;
supout - added "dot1x" section to supout files;
supout - improved UPS information reporting;
switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
system - improved driver loading speed on startup;
tr069-client - added LTE firmware update functionality support;
tr069-client - added additional LTE information parameters;
tr069-client - added additional wireless registration table parameters;
tr069-client - added interface type parameter support;
tr069-client - added multiple simultaneous session support for diagnostics test;
tr069-client - added total connection tracking entries parameter;
tr069-client - removed warning log message when not using HTTPS;
traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and NetFlow v9;
upgrade - fixed space handling in package file names;
ups - added battery info for APC SmartUPS 2200;
ups - improved compatibility with APC Smart UPS 1000 and 1500;
user - improved user management service stability when receiving bogus packets;
w60g - fixed link status logging;
w60g - improved rate selection in low traffic conditions;
w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
webfig - fixed WinBox download link;
webfig - fixed skin usage from branding package;
webfig - updated icon design;
winbox - added "Rate" parameter for switch ACL rules;
winbox - added "auth-info" parameter under "Dot1X->Active" menu;
winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
winbox - added "auto-erase" option to "Tool/SMS" menu;
winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
winbox - added "comment" parameter for Dot1X client;
winbox - added "region" parameter for W60G interfaces;
winbox - added "skip-dfs-channels" parameter to wireless interface menu;
winbox - added comment support for "Switch->VLAN" menu;
winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
winbox - added support for inline bar graphs for LTE signal values;
winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
winbox - fixed bonding type interface support for "Switch->Host" table;
winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
winbox - fixed wireless sniffer parameter setting;
winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
winbox - show "Hardware Offload" parameter for bonding interfaces;
winbox - updated icon design;
wireless - added "russia 6ghz" regulatory domain information;
wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
wireless - fixed Nstreme wireless protocol performance decrease;
wireless - improved management service stability when receiving bogus packets;
wireless - updated "egypt" regulatory domain information;
wireless - updated "russia4" regulatory domain information;
www - added "tls-version" parameter in "IP->Services" menu;

New in RouterOS 6.46.6 (Apr 28, 2020)

New in RouterOS 6.46.5 (Apr 8, 2020)

!) user - enable "winbox" policy for groups with "dude" policy;
*) capsman - fixed "certificate" parameter updating on CAP;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) sniffer - fixed minor typo in "host" menu;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved statistics reporting;
*) w60g - improved stability after multiple disconnections;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;

New in RouterOS 6.47 Beta 54 (Apr 6, 2020)

The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
The Dude client must be manually upgraded after upgrading The Dude server.
Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
Changes in this release:
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);

New in RouterOS 6.47 Beta 53 (Apr 3, 2020)

New in RouterOS 6.47 Beta 49 (Mar 20, 2020)

dns - added client side support for DNS over HTTPS (DoH (RFC8484;
socks - added support for SOCKS5 (RFC 1928;
user - enable "winbox" policy for groups with "dude" policy;
branding - fixed identity setting from branding package;
branding - properly use HTML files for Hotspot (introduced in v6.47beta;
bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only;
bridge - correctly remove disabled MSTI;
bridge - improved hardware offloading enabling/disabling;
capsman - fixed "certificate" parameter updating on CAP;
certificate - disabled CRL usage by default;
certificate - do not use SSL for first CRL update;
chr - added support for file system quiescing;
crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32;
crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
dhcpv4 - added end option (255 validation for both server and client;
dhcpv4-client - improved stability when changing client while still receiving advertisements;
dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4;
filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
hotspot - updated splash page design ('/ip hotspot reset-html' required;
ike1 - added error message when specifying "my-id" for XAuth Identity;
ike1 - improved stability when performing policy lookup on non-existant peer;
ipsec - control CRL validation with global "use-crl" setting;
ipsec - do full certificate validation for identities with explicit certificate;
lcd - fixed LCD service becoming unavailable on devices without LCD screen;
led - added "dark-mode" functionality for CRS105-5S-FB;
led - fixed minor typo in LED warning message;
lora - added IPv6 support for LoRa packet forwarder;
lora - added value limits for "freq-off" parameter;
lora - properly update source address for packets when routing table is changed;
lte - added support for NEOWAY N720;
lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
lte - made "mac-address" parameter read-only;
ppp - added support for ZTE MF90;
ppp - fixed minor typo when running "info" command;
proxy - increased minimal free RAM that can not be used for proxy services;
quickset - do not show "SINR" field in Quick Set when there is no data;
quickset - removed "EARFCN" field from Quick Set;
route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
sniffer - fixed minor typo in "host" menu;
snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4;
supout - added "gps" section to supout files;
switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
system - improved driver loading speed on startup;
system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43;
traffic-generator - improved statistics reporting;
w60g - fixed link status logging;
w60g - improved rate selection in low traffic conditions;
winbox - added "Options" parameter support for DHCPv6 client and server;
winbox - added "Rate" parameter for switch ACL rules;
winbox - added 160Mhz extension channel support for CAPsMAN;
winbox - added comment support for "Switch->VLAN" menu;
winbox - added support for "Tools->WoL" menu;
winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required;
winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
winbox - fixed "Bands" parameter display for LTE interfaces;
winbox - fixed "DSCP" parameter value setting;
winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required;
winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
winbox - fixed automatic "IPv6->Firewall->Address List" table update;
winbox - fixed bonding type interface support for "Switch->Host" table;
winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
winbox - show "Hardware Offload" parameter for bonding interfaces;
winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
winbox - updated icon design;
wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
wireless - updated "indonesia4" regulatory domain information;

New in RouterOS 6.46.4 (Feb 27, 2020)

Important note:
The Dude server must be updated to monitor 6.46.4 and v6.47beta30+ RouterOS type devices.
The Dude client must be manually upgraded after upgrading The Dude server.
Changes in this release:
Arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
Branding - allow forcing configuration script as default configuration (new branding packet required);
Branding - fixed "company-url" and "router-default-name" survival after system upgrade;
Branding - fixed WEB HTML page survival after system upgrade;
Certificate - fixed certificate verification when flushing CRL's;
Chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
Console - fixed script with "dont-require-permissions=yes" execution without sufficient permissions;
Crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
Defconf - added welcome note with common first steps for new users;
Dude - updated The Dude to use new style authentication method;
Health - fixed maximum SFP temperature reading under '/system health' menu;
Ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
Lte - added interface name prefix for logging events;
Lte - added "phy-cellid" value support for R11e-LTE-US;
Lte - do not allow using empty APN Profile names;
Lte - improved all APN session activation after disconnect on R11e-LTE;
Lte - use APN from network when blank APN used on R11e-4G;
Snmp - fixed "routeros-version" value returning from registration table;
Snmp - fixed UPS battery voltage value scaling;
Ssh - added support for RSA keys with SHA256 hash (RFC8332);
System - improved system stability when receiving/sending TCP traffic on multicore devices;
Telnet - improved telnet compatibility with other client implementations;
User-manager - fixed signup enabling (introduced in v6.46);
Webfig - added default configuration confirmation window to WebFig;
Webfig - do not show WebFig menu when opening 'Check For Updates' in Quick
Set:
Winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
Wireless - improved compatibility for "ETSI" wireless country profile;

New in RouterOS 6.46.3 (Feb 6, 2020)

New in RouterOS 6.46.2 (Jan 16, 2020)

New in RouterOS 6.47 Beta 19 (Jan 14, 2020)

Changes in this release:
socks - added support for SOCKS5 (RFC 1928;
bonding - improved slave interface MAC address handling;
bonding - prefer primary slave MAC address for bonding interface;
bridge - added logging message when a host MAC address is learned on a different bridge port;
chr - improved stability when changing ARP modes on e1000 type adapters;
console - prevent "flash" directory from being removed (introduced in v6.46;
console - updated copyright notice;
crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
defconf - fixed "caps-mode" not initialized properly after resetting;
defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46;
discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
discovery - do not send discovery packets on inactive bonding slave interfaces;
discovery - do not send discovery packets on interfaces that are blocked by STP;
dot1x - added "radius-mac-format" parameter (CLI only;
health - added "gauges" submenu with SNMP OID reporting;
lora - added "ru-864-mid" channel plan;
lora - fixed packet sending when using "antenna-gain" higher than 5dB;
lora - improved immediate packet delivery;
lte - do not allow running "scan" on R11e-4G;
lte - fixed "band" value setting when configuration is reset on R11e-4G;
lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
lte - improved all APN session activation after disconnect on R11e-LTE;
lte - report only valid info parameters on R11e-LTE6;
lte - use APN from network when blank APN used on R11e-4G;
ppp - fixed minor typo in "ppp-client" monitor;
qsfp - do not report bogus monitoring readouts on modules without DDMI support;
qsfp - improved module monitoring readouts for DAC and break-out cables;
routerboard - added "mode-button" support for RBcAP2nD;
sniffer - allow setting port for "streaming-server";
snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
snmp - improved OID policy checking and error reporting on "set" command;
supout - added "dot1x" section to supout files;
system - correctly handle Generic Receive Offloading (GRO for MPLS traffic;
system - fixed "*.auto.rsc" file execution (introduced in v6.46;
system - fixed "check-installation" on PowerPC devices (introduced in v6.46;
traceroute - improved stability when invalid packet is received;
traffic-generator - improved memory handling on CHR;
webfig - allow skin designing without "ftp" and "sensitive" policies;
webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46;
winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
winbox - fixed "Default Route Distance" default value when creating new LTE APN;
winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Other changes since v6.46.1:
crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
dhcpv6-client - improved error logging when when renewed address differs;
fetch - fixed "User-Agent" usage if provided by "http-header-field";
lte - fixed multiple APN reactivation after deactivation by operator;
netinstall - removed "Flashfig" from Netinstall;
netinstall - removed "Make Floppy" from Netinstall;
netinstall - signed netinstall.exe with Digital Signature;
snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
snmp - improved stability when polling MAC address related OID;
w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
winbox - added "auto-erase" option to "Tool/SMS" menu;

New in RouterOS 6.46.1 (Dec 17, 2019)

New in RouterOS 6.45.7 (Oct 28, 2019)

New in RouterOS 7.0 Beta 3 (Oct 23, 2019)

New in RouterOS 6.46 Beta 55 (Oct 15, 2019)

lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
bridge - include whole VLAN-id in DHCP Option 82 message;
capsman - fixed background scan showing incorrect regulatory domain mismatch error;
capsman - fixed frequency setting requiring multiple frequencies;
capsman - fixed newline character missing on some logging messages;
console - fixed "address" column width when printing DHCPv4 leases;
crs1xx/2xx - allow to set trunk port as mirroring target;
crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
dhcpv6-server - fixed logged error message when using "address-pool=static-only";
dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
led - fixed default LED configuration for RBLHG5nD;
lte - added support for LM960A18;
lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
lte - fixed Sierra WP7601 driver loading;
lte - fix "operator" names not being displayed properly;
ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
quickset - added "LTE APN" dropdown support;
quickset - fixed "LTE Band" checkbox display;
sfp - fixed "sfp-rx-power" value for some transceivers;
sniffer - allow filtering by packet size;
snmp - improved LLDP interface returned index and type;
snmp - return only interfaces with MAC addresses for LLDP;
system - fixed branding package installation (introduced in v6.46beta34);
system - improved system stability for devices with AR9342;
tr069-client - added CellDiagnostics parameter support;
tr069-client - fixed firmware update (introduced in v6.46beta34);
upgrade - improved auto package updating using "check-for-updates";
userman - fixed customer referencing on WEB (introduced in v6.46beta9);
wireless - updated "united-states" regulatory domain information;

New in RouterOS 6.45.6 (Sep 11, 2019)

New in RouterOS 6.45.5 (Aug 28, 2019)

Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
Https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
crs328 - adjust fan speed based on SFP and CPU temperature;
dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
ike2 - don't release policy on rekey when child not found;
ike2 - fixed ID validation with multiple SAN;
ike2 - fixed policy port selection for responder with natted initiator;
ike2 - fixed traffic selector address family selection when using IPv6;
ike2 - improved rekeying process with Windows initiators;
ike2 - properly start all initiators to the same remote address;
ipsec - allow inline "passphrase" parameter when importing keys;
ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
ipsec - fixed minor spelling mistakes in logs;
lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
lte - fixed LTE interface disappearing on RBSXTLTE3-7;
smb - improved stability on x86 and CHR;
snmp - fixed encrypted data sequence (introduced in v6.44.5);
ssh - fixed carriage return presence in subsequent sessions;
switch - fix port isolation for non-CRS series switch chips;
system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
upnp - fixed XML parsing (FG-VD-19-110);
watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
winbox - added "auto-erase" parameter to "Tools/SMS" menu;
winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
winbox - added "revision" parameter to "System/Routerboard" menu;
inbox - removed "max-sms" parameter from "Tools/SMS" menu;
wireless - fixed basic rate reporting in snooper;

New in RouterOS 6.46 Beta 34 (Aug 22, 2019)

New in RouterOS 6.46 Beta 28 (Aug 9, 2019)

Certificate - improved CRL updating process;
Defconf - require "policy" permission to print default configuration;
Gps - use "serial1" as default port on RBLtAP-2HnD;
Ike1 - fixed minor spelling mistake in logs;
Ike2 - don't release policy on rekey when child not found;
Ike2 - fixed ID validation with multiple SAN;
Ike2 - fixed policy port selection for responder with natted initiator;
Ike2 - improved rekeying process with Windows initiators;
Ipsec - allow inline "passphrase" parameter when importing keys;
Lte - fixed band setting on R11e-4G;
Lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
Ppp - added 3GPP IoT "access-technology" definitions;
Ppp - added support for Sierra WP7601;
Routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
Snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
Webfig - fixed link to Winbox download;
Winbox - added "auto-erase" parameter to "Tools/SMS" menu;
Winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
Winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
Winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
Winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
Winbox - added "revision" parameter to "System/Routerboard" menu;
Winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
Winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
Winbox - added wireless alignment LED types to "System/LEDs" menu;
Winbox - fixed allowed range for bridge filter "new-priority" parameter;
Winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
Winbox - fixed file locking when uploading multiple files at once;
Winbox - fixed firewall limit parameter support for rates more than 4G;
Winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
Winbox - fixed "Routing" menu icon presence when there is no routing package installed;
Winbox - improved stability when transfering multiple files between multiple windows;
Winbox - removed "max-sms" parameter from "Tools/SMS" menu;
Winbox - removed "Set CA Passphrase" button from "Certificate" menu;
Winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
Winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
Winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
Winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Wireless - fixed basic rate reporting in snooper;

New in RouterOS 6.45.3 (Aug 1, 2019)

New in RouterOS 6.46 Beta 16 (Jul 24, 2019)

New in RouterOS 6.45.2 (Jul 19, 2019)

New in RouterOS 6.46 Beta 9 (Jul 11, 2019)

New in RouterOS 6.46 Beta 6 (Jul 4, 2019)

New in RouterOS 6.45.1 (Jul 1, 2019)

Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) security - fixed vulnerabilities CVE-2018-1157, CVE-2018-1158;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
!) user - removed insecure password storage;
----------------------
Changes in this release:
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - correctly handle bridge host table;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - improved stability when receiving traffic over USB modem with bridge firewall enabled;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) certificate - fixed self signed CA certificate handling by SCEP client;
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) certificate - removed "set-ca-passphrase" parameter;
*) chr - legacy adapters require "disable-running-check=yes" to be set;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - fixed "tx-drop" counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv4-server - added IP conflict logging;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - fixed running (R) flag not present on x86 interfaces and CHR legacy adapters;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) gps - use "serial0" as default port on LtAP mini;
*) hotspot - added "interface-mac" variable to HTML pages;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) m33g - added support for additional Serial Console port on GPIO headers;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) routerboard - renamed 'sim' menu to 'modem';
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - fixed "send-trap" with multiple "trap-targets";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - keep host keys when resetting configuration with "keep-users=yes";
*) ssh - use correct user when "output-to-file" parameter is used;
*) sstp - improved stability when received traffic hits tarpit firewall;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);

New in RouterOS 6.45 Beta 50 (May 21, 2019)

New in RouterOS 6.45 Beta 45 (May 13, 2019)

New in RouterOS 6.45 Beta 42 (May 9, 2019)

dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only;
capsman - fixed interface-list usage in access list;
cloud - added "replace" parameter for backup "upload-file" command;
crs3xx - correctly handle switch reset (introduced in v6.45beta31;
defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
defconf - automatically set "installation" parameter for outdoor devices;
dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
dhcpv4-server - added RADIUS accounting support with queue based statistics;
dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only;
discovery - correctly create neighbors from VLAN tagged discovery messages;
discovery - show neighbors on actual mesh ports;
ethernet - increased loop warning threshold to 5 packets per second;
gps - make sure "direction" parameter is upper case;
gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
hotspot - moved "title" HTML tag after "meta" tags;
ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only;
rb921 - improved system stability ("/system routerboard upgrade" required;
ssh - accept remote forwarding requests with empty hostnames;
ssh - improved remote forwarding handling (introduced in v6.44.3;
tr069-client - improved error reporting with incorrect firware upgrade XML file;
w60g - do not show unused "dmg" parameter;
w60g - show running frequency under "monitor" command;
winbox - show "LCD" menu only on boards that have LCD screen;
wireless - fixed frequency duplication in the frequency selection menu;
wireless - improved 160MHz channel width stability on rb4011;
wireless - improved installation mode selection for wireless outdoor equipment;
wireless - set default SSID and supplicant-identity the same as router's identity;
wireless - updated "china" regulatory domain information;

New in RouterOS 6.44.3 (Apr 24, 2019)

New in RouterOS 6.45 Beta 34 (Apr 18, 2019)

New in RouterOS 6.45 Beta 22 (Mar 29, 2019)

New in RouterOS 6.45 Beta 20 (Mar 26, 2019)

New in RouterOS 6.45 Beta 19 (Mar 22, 2019)

New in RouterOS 6.45 Beta 16 (Mar 18, 2019)

New in RouterOS 6.44.1 (Mar 14, 2019)

New in RouterOS 6.45 Beta 6 (Mar 5, 2019)

Bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
Certificate - added support for ECC (Elliptic Curve Cryptography);
Certificate - force 3DES encryption for P12 certificate export;
Crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
Crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
Dhcp - fixed dual stack queue addition;
Dhcpv4-server - added "vendor-class-id" matcher (CLI only);
Dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
Ethernet - added support for 25Gbps and 40Gbps rates;
Fetch - improved user policy lookup;
Gps - increase precision for dd format;
Ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
Ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
Ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
Lte - added passthrough interface subnet selection;
Lte - added support for manual operator selection;
Lte - do not show error message for info commands that are not supported;
Lte - do not show "session-uptime" if session is not up;
Lte - improved R11e-4G modem operation;
Lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
Lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
Lte - show alphanumeric value for operator info;
Lte - show correct firmware revision after firmware upgrade;
Lte - use secondary DNS for DNS server configuration;
Ppp - added initial support for Quectel BG96;
Rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
Sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
Sms - improved delivery report logging;
Snmp - added "dot1dStpPortTable" OID;
Ssh - use correct user when "output-to-file" parameter is used;
Switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
Tile - improved link fault detection on SFP+ ports;
Winbox - added "use-local-address" parameter in "IP/Cloud" menus;
Wireless - fixed incorrect IP header for RADIUS accounting packet;
Wireless - updated "india" regulatory domain information;
Wireless - updated "new zealand" regulatory domain information;

New in RouterOS 6.44 (Feb 26, 2019)

Changes in this release:
Bgp - properly update keepalive time after peer restart;
Bridge - added option to monitor fast-forward status;
Bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
Bridge - disable fast-forward when using SlowPath features;
Bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
Bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
Bridge - fixed log message when hardware offloading is being enabled;
Bridge - fixed packet forwarding when changing MSTI VLAN mappings;
Bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
Bridge - fixed possible memory leak when using MSTP;
Bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
Bridge - improved packet handling when hardware offloading is being disabled;
Bridge - improved packet processing when bridge port changes states;
Btest - added multithreading support for both UDP and TCP tests;
Btest - added warning message when CPU load exceeds 90% (CLI only);
Capsman - always accept connections from loopback address;
Certificate - added support for multiple "Subject Alt. Names";
Certificate - enabled RC2 cipher to allow P12 certificate decryption;
Certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
Certificate - show digest algorithm used in signature;
Chr - assign interface names based on underlying PCI device order on KVM;
Chr - distribute NIC queue IRQ's evenly across all CPUs;
Chr - fixed IRQ balancing when using more than 32 CPUs;
Chr - improved system stability when insufficient resources are allocated to the guest;
Cloud - added "ddns-update-interval" parameter;
Cloud - do not reuse old UDP socket if routing changes are detected;
Cloud - ignore "force-update" command if DDNS is disabled;
Cloud - improved DDNS service disabling;
Cloud - made address updating faster when new public address detected;
Conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
Console - renamed IP protocol 41 to "ipv6-encap";
Console - updated copyright notice;
Crs317 - fixed packet forwarding when LACP is used with hw=no;
Crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
Crs3xx - improved fan control stability;
Defconf - fixed configuration not generating properly on upgrade;
Defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
Defconf - fixed IPv6 link-local address range in firewall rules;
Dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
Dhcp - properly load DHCP configuration if options are configured;
Dhcpv4-server - added "parent-queue" parameter (CLI only);
Dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
Dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
Dhcpv4-server - use ARP for conflict detection;
Dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
Dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
Dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
Dhcpv6-server - improved DHCPv6 server stability when using "print" command;
Dhcpv6-server - show "client-address" parameter for bindings;
Discovery - detect proper slave interface on bounded interfaces;
Discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
Discovery - send master port in "interface-name" parameter;
Discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
E-mail - added info log message when e-mail is sent successfully;
Ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
Ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
Ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
Ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
Ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
Ethernet - improved per core ethernet traffic classificator on mmips devices;
Export - fixed "silent-boot" compact export;
Fetch - added "http-header-field" parameter;
Fetch - added option to specify multiple headers under "http-header-field", including content type;
Fetch - fixed "without-paging" option;
Fetch - improved file downloading to slow memory;
Fetch - improved stability when using HTTP mode;
Fetch - removed "http-content-type" parameter;
Gps - increase precision for dd format;
Gps - moved "coordinate-format" from "monitor" command to "set" parameter;
Health - improved fan control stability on CRS328-24P-4S+RM;
Hotspot - added "https-redirect" under server profiles;
Hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
Ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
Ike1 - fixed memory leak;
Ike2 - added option to specify certificate chain;
Ike2 - added peer identity validation for RSA auth (disabled after upgrade);
Ike2 - allow to match responder peer by "my-id=fqdn" field;
Ike2 - fixed local address lookup when initiating new connection;
Ike2 - improved subsequent phase 2 initialization when no childs exist;
Ike2 - properly handle certificates with empty "Subject";
Ike2 - retry RSA signature validation with deduced digest from certificate;
Ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
Ike2 - show weak pre-shared-key warning;
Interface - added "pwr-line" interface support (more information will follow in next newsletter);
Ipsec - added account log message when user is successfully authenticated;
Ipsec - added basic pre-shared-key strength checks;
Ipsec - added new "remote-id" peer matcher;
Ipsec - allow to specify single address instead of IP pool under "mode-config";
Ipsec - fixed active connection killing when changing peer configuration;
Ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
Ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
Ipsec - hide empty prefixes on "peer" menu;
Ipsec - improved invalid policy handling when a valid policy is uninstalled;
Ipsec - made dynamic "src-nat" rule more specific;
Ipsec - made peers autosort themselves based on reachability status;
Ipsec - moved "profile" menu outside "peer" menu;
Ipsec - properly detect AES-NI extension as hardware AEAD;
Ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
Ipsec - require write policy for key generation;
Kidcontrol - added IPv6 support;
Kidcontrol - added "reset-counters" command for "device" menu (CLI only);
Kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
Kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
Kidcontrol - dynamically discover devices from DNS activity;
Kidcontrol - fixed validation checks for time intervals;
Kidcontrol - properly detect time zone changes;
Kidcontrol - use "/128" prefix-length for IPv6 addresses;
L2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
Lcd - made "pin" parameter sensitive;
Led - fixed default LED configuration for RBSXTsq-60ad;
Led - fixed default LED configuration for wAP 60G AP devices;
Led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
Lldp - fixed missing capabilities fields on some devices;
Lte - added additional ID support for Novatel USB730L modem;
Lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
Lte - added "ecno" field for "info" command;
Lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
Lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
Lte - added initial support for Telit LN940;
Lte - added multiple APN support for R11e-4G;
Lte - added option to lock the LTE operator;
Lte - added support for JioFi JMR1040 modem;
Lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
Lte - fixed DHCP IP acquire (introduced in v6.43.7);
Lte - fixed DHCP relay packet forwarding when in passthrough mode;
Lte - fixed IPv6 activation for R11e-LTE-US modems;
Lte - fixed Jaton/SQN modems preventing router from booting properly;
Lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
Lte - fixed missing running (R) flag for Jaton LTE modems;
Lte - fixed passthrough DHCP address forward when other address is acquired from operator;
Lte - fixed reported "rsrq" precision (introduced in v6.43.8);
Lte - improved compatibility for Alt38xx modems;
Lte - improved SIM7600 initialization after reset;
Lte - improved SimCom 7100e support;
Lte - query "cfun" on initialization;
Lte - require write policy for at-chat;
Lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
Netinstall - do not show kernel failure critical messages in the log after fresh install;
Ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
Port - improved "remote-serial" TCP performance in RAW mode;
Ppp - added "at-chat" command;
Ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
Profiler - classify kernel crypto processing as "encrypting";
Profile - removed obsolete "file-name" parameter;
Proxy - removed port list size limit;
Radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
Rb3011 - implemented multiple engine IPsec hardware acceleration support;
Rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
Rb4011 - improved SFP+ interface linking to 1Gbps;
Rbm33g - improved stability when used with some USB devices;
Romon - improved reliability when processing RoMON packets on CHR;
Routerboard - removed "RB" prefix from PWR-LINE AP devices;
Routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
Smb - added commenting option for SMB users (CLI only);
Smb - fixed macOS clients not showing share contents;
Smb - fixed Windows 10 clients not able to establish connection to share;
Sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
Snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
Snmp - changed fan speed value type to Gauge32;
Snmp - fixed "rsrq" reported precision;
Snmp - fixed w60g station table;
Snmp - removed "rx-sector" ("Wl60gRxSector") value;
Snmp - report bridge ifSpeed as "0";
Snmp - report ifSpeed 0 for sub-layer interfaces;
Ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
Ssh - added error log message when key exchange fails;
Ssh - close active SSH connections before IPsec connections on shutdown;
Ssh - fixed public key format compatibility with RFC4716;
Supout - fixed "poe-out" output not showing all interfaces;
Supout - fixed Profile output on single core devices;
Switch - added comment field to switch ACL rules;
Switch - fixed ACL rules on IPQ4018 devices;
System - accept only valid path for "log-file" parameter in "port" menu;
System - removed obsolete "/driver" command;
Tr069-client - added "check-certificate" parameter to allow communication without certificates;
Tr069-client - added "connection-request-port" parameter (CLI only);
Tr069-client - added support for InformParameter object;
Tr069-client - fixed certificate verification for certificates with IP address;
Tr069-client - fixed HTTP cookie getting duplicated with the same key;
Tr069-client - increased reported "rsrq" precision;
Traceroute - improved stability when sending large ping amounts;
Traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
Tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
Upgrade - made security package depend on DHCP package;
Usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
Usb - improved USB device powering on startup for hAP ac^2 devices;
Usb - increased default power-reset timeout to 5 seconds;
Userman - added first and last name fields for signup form;
Userman - show redirect location in error messages;
User - require "write" permissions for LTE firmware update;
Vrrp - made "password" parameter sensitive;
W60g - added "10s-average-rssi" parameter to align mode (CLI only);
W60g - added align mode "/interface w60g align" (CLI only);
W60g - fixed scan in bridge mode;
W60g - improved PtMP performance;
W60g - improved reconnection detection;
W60g - improved "tx-packet-error-rate" reading;
W60g - renamed disconnection message when license level did not allow more connected clients;
W60g - renamed "frequency-list" to "scan-list";
Watchdog - allow specifying DNS name for "send-smtp-server" parameter;
Webfig - improved file handling;
Winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
Winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
Winbox - added "challenge-password" field when signing certificate with SCEP;
Winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
Winbox - added "coordinate-format" parameter in LTE interface settings;
Winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
Winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
Winbox - added src/dst address and in/out interface list columns to default firewall menu view;
Winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
Winbox - allow setting "network-mode" to "auto" under LTE interface settings;
Winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
Winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
Winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
Winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
Winbox - fixed missing w60g interface status values;
Winbox - improved file handling;
Winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
Winbox - organized wireless parameters between simple and advanced modes;
Winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
Winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
Winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
Winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Winbox - show "W60G" wireless tab on wAP 60G AP;
Wireless - added new "installation" parameter to specify router's location;
Wireless - improved AR5212 response to incoming ACK frames;
Wireless - improved connection stability for new model Apple devices;
Wireless - improved NV2 performance for all ARM devices;
Wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
Wireless - improved system stability for all ARM devices with wireless;
Wireless - improved system stability for all devices with 802.11ac wireless;
Wireless - improved system stability when scanning for other networks;
Wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
Wireless - report last seen IP address in RADIUS accounting messages;
Wireless - show "installation" parameter when printing configuration;

New in RouterOS 6.43.12 (Feb 11, 2019)

New in RouterOS 6.44 Beta 61 (Jan 18, 2019)

ipsec - added new "identity" menu with common peer distinguishers;
bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
certificate - added support for multiple "Subject Alt. Names";
certificate - enabled RC2 cipher to allow P12 certificate decryption;
chr - improved system stability when insufficient resources are allocated to the guest;
console - updated copyright notice;
crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20;
gps - moved "coordinate-format" from "monitor" command to "set" parameter;
ike1 - fixed "rsa-key" authentication (introduced in v6.44beta;
ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
ipsec - added new "remote-id" peer matcher;
ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8;
ipsec - moved "profile" menu outside "peer" menu;
lcd - made "pin" parameter sensitive;
led - fixed default LED configuration for RBSXTsq-60ad;
lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54;
lte - fixed reported "rsrq" precision (introduced in v6.43.8;
profile - removed obsolete "file-name" parameter;
radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
rb4011 - improved SFP+ interface linking to 1Gbps;
ssh - close active SSH connections before IPsec connections on shutdown;
ssh - fixed public key format compatibility with RFC4716;
supout - fixed "poe-out" output not showing all interfaces;
system - accept only valid path for "log-file" parameter in "port" menu;
system - removed obsolete "/driver" command;
tr069-client - added "check-certificate" parameter to allow communication without certificates;
tr069-client - added support for InformParameter object;
tr069-client - fixed certificate verification for certificates with IP address;
tr069-client - increased reported "rsrq" precision;
vrrp - made "password" parameter sensitive;
winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
winbox - added "coordinate-format" parameter in LTE interface settings;
winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;

New in RouterOS 6.44 Beta 54 (Jan 7, 2019)

New in RouterOS 6.43.8 (Dec 21, 2018)

Telnet - do not allow to set "tracefile" parameter;
Bridge - fixed IPv6 link-local address generation when auto-mac=yes;
Capsman - fixed "group-key-update" parameter not using correct units;
Crs3xx - improved data transmission between 10G and 1G ports;
Console - properly remove system note after configuration reset;
Dhcpv4-server - fixed dynamic lease reuse after expiration;
Dhcpv6-server - properly handle DHCP requests that include prefix hint;
Ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
Gps - added "coordinate-format" parameter;
Led - fixed default LED configuration for RBMetalG-52SHPacn;
Led - fixed PWR-LINE AP ethernet led polarity ("/system routerboard upgrade" required);
Lte - disallow setting LTE interface as passthrough target;
Lte - fixed DHCP IP acquire (introduced in v6.43.7);
Lte - fixed passthrough functionality when interface is removed;
Lte - increased reported "rsrq" precision;
Lte - reset USB when non-default slot is used;
Package - use bundled package by default if standalone packages are installed as well;
Resource - fixed "total-memory" reporting on ARM devices;
Snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
Switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
System - fixed situation when all configuration was not properly loaded on bootup;
Timezone - fixed "Europe/Dublin" time zone;
Upgrade - automatically uninstall standalone package if already installed in bundle;
Webfig - do not show bogus VHT field in wireless interface advanced mode;
Winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
Winbox - allow to change VHT rates when 5ghz-n/ac band is used;
Winbox - renamed "Radius" to "RADIUS";
Winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
Wireless - added new "installation" parameter to specify router's location;
Wireless - improved stability for 802.11ac;
Wireless - improvements in wireless frequency selection;

New in RouterOS 6.44 Beta 50 (Dec 19, 2018)

ipsec - added new "identity" menu with common peer distinguishers;
speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
telnet - do not allow to set "tracefile" parameter;
bgp - properly update keepalive time after peer restart;
bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
bridge - fixed IPv6 link-local address generation when auto-mac=yes;
capsman - always accept connections from loopback address;
certificate - added support for multiple "Subject Alt. Names";
cloud - added "ddns-update-interval" parameter;
conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
console - properly remove system note after configuration reset;
crs3xx - improved fan control stability;
crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
defconf - fixed IPv6 link-local address range in firewall rules;
dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
dhcpv4-server - added "parent-queue" parameter (CLI only);
dhcpv6-server - properly handle DHCP requests that include prefix hint;
discovery - detect proper slave interface on bounded interfaces;
discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
discovery - send master port in "interface-name" parameter;
discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
export - fixed "silent-boot" compact export;
fetch - added "http-header-field" parameter;
gps - added "coordinate-format" parameter (CLI only);
ike2 - allow to match responder peer by "my-id=fqdn" field;
ipsec - improved invalid policy handling when a valid policy is uninstalled;
kidcontrol - added IPv6 support;
kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
led - fixed default LED configuration for RBMetalG-52SHPacn;
lte - added "ecno" field for "info" command;
lte - disallow setting LTE interface as passthrough target;
lte - fixed passthrough functionality when interface is removed;
lte - improved SimCom 7100e support;
lte - increased reported "rsrq" precision;
lte - reset USB when non-default slot is used;
package - use bundled package by default if standalone packages are installed as well;
ppp - added "at-chat" command;
resource - fixed "total-memory" reporting on ARM devices;
snmp - added "tx-ccq" ("mtxrWlStatTxCCQ"and "rx-ccq" ("mtxrWlStatRxCCQ"values;
snmp - changed fan speed value type to Gauge32;
snmp - removed "rx-sector" ("Wl60gRxSector"value;
ssh - fixed public key format compatibility with RFC4716;
switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
system - fixed situation when all configuration was not properly loaded on bootup;
timezone - fixed "Europe/Dublin" time zone;
traceroute - improved stability when sending large ping amounts;
upgrade - automatically uninstall standalone package if already installed in bundle;
user - require "write" permissions for LTE firmware update;
watchdog - allow specifying DNS name for "send-smtp-server" parameter;
webfig - do not show bogus VHT field in wireless interface advanced mode;
winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
winbox - added "challenge-password" field when signing certificate with SCEP;
winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
winbox - added src/dst address and in/out interface list columns to default firewall menu view;
winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
winbox - allow to change VHT rates when 5ghz-n/ac band is used;
winbox - fixed missing w60g interface status values;
winbox - renamed "Radius" to "RADIUS";
winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
wireless - fixed conformity with EU regulatory domain rules;
wireless - improved system stability for all ARM devices with wireless;

New in RouterOS 6.43.7 (Dec 3, 2018)

Changes in this release:
Bridge - properly disable dynamic CAP interfaces;
Certificate - fixed "expires-after" parameter calculation;
Certificate - fixed time zone adjustment for SCEP requests;
Certificate - properly flush old CRLs when changing store location;
Chr - fixed possible memory allocation failure when using multiple CPUs or interfaces on Xen installations;
Crs328 - fixed SFP ports not reporting auto-negotiation status;
Crs328 - improved link status update on disabled SFP and SFP+ interfaces;
Defconf - automatically accept default configuration if reset done by holding button;
Defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
Discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
Discovery - fixed neighbor discovery for PPP interfaces;
Discovery - properly use System ID for "software-id" value on CHR;
Export - fixed "silent-boot" compact export;
Health - fixed bad voltage readings on RB493G;
Interface - improved system stability when including/excluding a list to itself;
Ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
Ipsec - improved stability when uninstalling multiple SAs at once;
Ipsec - properly handle peer profiles on downgrade;
Ipsec - properly update warnings under peer menu;
Kidcontrol - do not allow users with "read" policy to pause and resume kids;
Log - properly handle long echo messages;
Lte - added support for more ZTE MF90 modems;
Ospf - improved stability while handling type-5 LSAs;
Routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
Routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
Snmp - do not initialise interface traps on bootup if they are not enabled;
Timezone - updated timezone information from tzdata2018g release;
Traffic-flow - fixed post NAT port reporting;
Traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
Tunnel - made "ipsec-secret" parameter sensitive;
Usb - fixed power-reset for hAP ac^2 devices;
User - speed up first time login process after upgrade from version older than v6.43;
Winbox - allow to specify SIM slot on LtAP mini;
Winbox - enabled "fast-forward" by default when adding new bridge;
Winbox - fixed neighbor discovery for IPv6 neighbors;
Winbox - show "System/Health" only on boards that have health monitoring;

New in RouterOS 6.44 Beta 28 (Oct 30, 2018)

MAJOR CHANGES IN v6.44:
Cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
Upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
Upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
Changes in this release:
Radius - initial implementation of RadSec (Radius communication over TLS);
Bridge - added option to monitor fast-forward status;
Bridge - disable fast-forward when using SlowPath features;
Bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
Certificate - fixed time zone adjustment for SCEP requests;
Crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
crs328 - fixed SFP ports not reporting auto-negotiation status;
crs328 - improved link status update on disabled SFP and SFP+ interfaces;
Defconf - automatically accept default configuration if reset done by holding button;
defconf - fixed configuration not generating properly on upgrade;
ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
Fetch - fixed "without-paging" option;
health - fixed bad voltage readings on RB493G;
ike2 - added option to specify certificate chain;
ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
Ike2 - show weak pre-shared-key warning;
Ipsec - added basic pre-shared-key strength checks;
Ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
Ipsec - improved stability when uninstalling multiple SAs at once;
Ipsec - made peers autosort themselves based on reachability status;
Ipsec - properly update warnings under peer menu;
Lte - added support for JioFi JMR1040 modem;
Lte - fixed IPv6 activation for R11e-LTE-US modems;
Lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
Lte - fixed missing running (R) flag for Jaton LTE modems;
Ospf - improved stability while handling type-5 LSAs;
Port - improved "remote-serial" TCP performance in RAW mode;
Rb3011 - implemented multiple engine IPsec hardware acceleration support;
Rbm33g - improved stability when used with some USB devices;
Routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
Routerboard - show "boot-os" and "force-backup-booter" option only on devices that have such feature;
Snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
Ssh - added error log message when key exchange fails;
Ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
Tr069-client - fixed HTTP cookie getting duplicated with the same key;
Tunnel - made "ipsec-secret" parameter sensitive;
Upgrade - made security package depend on DHCP package;
Wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
W60g - fixed scan in bridge mode;
W60g - renamed "frequency-list" to "scan-list";
W60g - renamed disconnection message when license level did not allow more connected clients;
W60g - added align mode "/interface w60g align" (CLI only);

New in RouterOS 6.43.4 (Oct 18, 2018)

New in RouterOS 6.44 Beta 20 (Oct 10, 2018)

New in RouterOS 6.44 Beta 17 (Oct 5, 2018)

New in RouterOS 6.44 Beta 14 (Oct 3, 2018)

bridge - do not learn untagged frames when filtering only tagged packets;
bridge - fixed packet forwarding when changing MSTI VLAN mappings;
bridge - fixed possible memory leak when using MSTP;
bridge - improved packet processing when bridge port changes states;
bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
cloud - improved DDNS service disabling;
dhcp - properly load DHCP configuration if options are configured;
dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
ike2 - improved subsequent phase 2 initialization when no childs exist;
ipsec - added account log message when user is successfully authenticated;
ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43;
ipsec - fixed stability issues after changing peer configuration (introduced in v6.43;
ipsec - improved invalid policy handling when a valid policy is uninstalled;
kidcontrol - added "reset-counters" command for "device" menu (CLI only;
kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only;
kidcontrol - dynamically discover devices from DNS activity;
kidcontrol - fixed validation checks for time intervals;
led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
lte - added additional ID support for Novatel USB730L modem;
lte - added "cell-monitor" command for R11e-LTE international modem (CLI only;
lte - added support for JioFi JMR1040 modem;
ntp - fixed possible NTP server stuck in "started" state;
rb3011 - implemented multiple engine IPsec hardware acceleration support;
romon - improved packet processing when MTU in path is lower than 1500;
snmp - fixed w60g station table;
snmp - report bridge ifSpeed as "0";
ssh - fixed single command execution (introduced in v6.44beta9;
traffic-flow - fixed post NAT port reporting;
w60g - added interface stats;
w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
wireless - improved stability for 802.11ac;

New in RouterOS 6.43.2 (Sep 21, 2018)

New in RouterOS 6.43.1 (Sep 18, 2018)

New in RouterOS 6.44 Beta 6 (Sep 18, 2018)

New in RouterOS 6.44 Beta 6 (Sep 11, 2018)

New in RouterOS 6.43 (Sep 10, 2018)

New in RouterOS 6.43 RC66 (Aug 30, 2018)

New in RouterOS 6.43 RC64 (Aug 24, 2018)

bridge - added an option to manually specify ports that have a multicast router (CLI only;
bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only;
bridge - added support for DHCP Option 82 (CLI only;
bridge - added support for DHCP Snooping (CLI only;
bridge - added support for IGMP Snooping fast-leave feature (CLI only;
cloud - close local UDP port if no activity;
console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
console - removed automatic swapping of "from=" and "to=" in "for" loops;
crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
crs3xx - added hardware support for DHCP Snooping and Option 82;
crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51;
crs3xx - fixed SwOS config import;
defconf - fixed default configuration for RBSXTsq5nD;
dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56;
fetch - added "as-value" output format;
fetch - fixed address and DNS verification in certificates;
health - added missing parameters from export;
ipsec - added warning messages for incorrect peer configuration;
ipsec - improved stability when using IPsec with disabled route cache;
leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
lte - added "sector-id" to info command;
lte - fixed SIM7600 series module support with newer device IDs;
ppp - added support for Alfa Network U4G modem;
rb3011 - added IPsec hardware acceleration support;
snmp - added EAP identity to CAPsMAN registration table;
supout - added monitored bridge VLAN table to supout file;
switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chips;
tr069-client - use SNI extension for HTTPS;
ups - improved UPS serial parsing stability;
w60g - added "beamforming-event" stats counter;
w60g - fixed random disconnects;
w60g - general stability and performance improvements;
wireless - accept only valid path for sniffer output file parameter;
wireless - added "czech republic 5.8" regulatory domain information;
wireless - added "etsi2" regulatory domain information;
wireless - added option to disable PMKID for WPA2;
wireless - updated "czech republic" regulatory domain information;

New in RouterOS 6.42.7 (Aug 20, 2018)

Bridge - improved bridge port state changing process;
Crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
Crs3xx - added command that forces fan detection on fan-equipped devices;
Crs3xx - fixed port disable on CRS326 and CRS328 devices;
Crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
Crs3xx - fixed VLAN filtering when there is no tagged interface specified;
Dhcpv4-relay - fixed false invalid flag presence;
Dhcpv6-client - allow to set "default-route-distance";
Dhcpv6 - improved reliability on IPv6 DHCP services;
Dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
Ethernet - improved large packet handling on ARM devices with wireless;
Ethernet - removed obsolete slave flag from "/interface vlan" menu;
Ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
Ipsec - improved invalid policy handling when a valid policy is uninstalled;
Ldp - properly load LDP configuration;
Led - fixed default LED configuration for RBLHGG-5acD-XL devices;
Lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
Lte - fixed memory leak on USB disconnect;
Lte - fixed SMS send feature when not in LTE network;
Package - do not allow to install out of bundle package if it already exists within bundle;
Ppp - fixed interface enabling after a while if none of them where active;
Sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
Upgrade - fixed RouterOS upgrade process from RouterOS v5;
Userman - fixed compatibility with PayPal TLS 1.2;
Vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
W60g - added distance measurement feature;
W60g - fixed random disconnects;
W60g - general stability and performance improvements;
W60g - improved MCS rate detection process;
W60g - improved MTU change handling;
W60g - properly close connection with station on disconnect;
W60g - stop doing distance measurements after first successful measurement;
Winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
Winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
Winbox - fixed warning presence for "IP/IPsec/Peers" menu;
Winbox - properly display all flags for bridge host entries;
Winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
Wireless - added option to disable PMKID for WPA2;
Wireless - fixed memory leak when performing wireless scan on ARM;
Wireless - fixed packet processing after removing wireless interface from CAP settings;
Wireless - updated "united-states" regulatory domain information;

New in RouterOS 6.43 RC56 (Aug 14, 2018)

Api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
Backup - do not encrypt backup file unless password is provided;
Btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
Cloud - added IPv6 support;
Cloud - added support for licensed CHR instances (including trial);
Cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
Mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
Radius - use MS-CHAPv2 for "login" service authentication;
Romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
Webfig - improved authentication process;
Winbox - improved authentication process excluding man-in-the-middle possibility;
Winbox - minimal required version is v3.15;
Changes in this release:
Bridge - added support for BPDU Guard (CLI only);
Bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
Bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
Bridge - forward LACPDUs when "protocol-mode=none";
Bridge - improved packet handling;
Cloud - added simultaneous IPv4/IPv6 support;
Console - added "dont-require-permissions" parameter for scripts;
Dhcpv4-relay - fixed false invalid flag presence;
Dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
Dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
Dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
Ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
Ethernet - improved large packet handling on ARM devices with wireless;
Ethernet - removed obsolete slave flag from "/interface vlan" menu;
Hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
Ike1 - zero out reserved bytes in NAT-OA payload;
Ike2 - fixed initiator first policy selection;
Ippool - improved used address error message;
Ipsec - added warning messages for incorrect peer configuration;
Ipsec - separate phase1 proposal configuration from peer menu;
Ppp - fixed interface enabling after a while if none of them where active;
Ppp - improved modem mode switching;
Snmp - added "temp-exception" trap;
Switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
Tile - fixed false HW offloading flag for MPLS;
Tr069-client - allow editing of "provisioning-code" attribute (CLI only);
Tr069-client - fixed unresponsive tr069 service when blackhole route is present;
Upgrade - fixed RouterOS upgrade process from RouterOS v5;
Ups - improved UPS serial parsing stability;
W60g - general stability and performance improvements;
W60g - stop doing distance measurements after first successful measurement;
Winbox - added "default-route-distance" parameter for "IPv6/DHCP-client" menu;
Winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
Winbox - fixed warning presence for "IP/IPsec/Peers" menu;
Winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
Winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
Wireless - added option to disable PMKID for WPA2 (CLI only);
Wireless - fixed memory leak when performing wireless scan on ARM;
Wireless - updated "united-states" regulatory domain information;

New in RouterOS 6.43 RC51 (Aug 2, 2018)

bridge - added per-port based "tag-stacking" feature;
bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
bridge - improved bridge port state changing process;
bridge - improved packet processing when bridge port changes states;
bridge - renamed option "vlan-protocol" to "ether-type";
certificate - do not allow to perform "undo" on certificate changes;
crs3xx - added command that forces fan detection on fan-equipped devices;
crs3xx - fixed port disable on CRS326 and CRS328 devices;
dhcpv6-client - allow to set "default-route-distance";
dhcpv6-client - fixed "add-default-route" parameter;
dhcpv6-client - fixed option handling;
dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33
filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43;
health - fixed voltage measurements for RB493G devices;
hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
ike1 - zero out reserved bytes in NAT-OA payload;
ike2 - fixed rekeyed child deletion during another exchange;
ike2 - improved basic exchange logging readability;
ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
ipsec - fixed "static-dns" value storing (CLI only;
ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
ldp - properly load LDP configuration;
led - fixed default LED configuration for RBLHGG-5acD-XL devices;
lte - added "registration-status" parameter under "/interface lte info" command;
lte - added additional D-Link PIDs;
lte - added additional low endpoint SIM7600 PIDs;
lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
lte - fixed memory leak on USB disconnect;
lte - fixed SMS send feature when not in LTE network;
lte - ignore empty MAC addresses during Passthrough discovery phase;
lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
multicast - allow to add more than one RP per IP address for PIM;
ospf - improved link-local LSA flooding;
rb1100ahx4 - added DES and 3DES hardware acceleration support;
routerboot - removed RAM test from TILE devices (routerboot upgrade required;
sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
snmp - added "phy-rate" reading for "station-bridge" mode;
snmp - fixed "remote-cap" peer MAC address format;
ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1;
tile - added DES and 3DES hardware acceleration support;
w60g - added distance measurement feature;
w60g - fixed random disconnects;
w60g - improved MCS rate detection process;
w60g - improved MTU change handling;
w60g - properly close connection with station on disconnect;
wireless - fixed "/interface wireless sniffer packet print follow" output;
wireless - fixed packet processing after removing wireless interface from CAP settings;

New in RouterOS 6.43 RC45 (Jul 23, 2018)

New in RouterOS 6.42.6 (Jul 12, 2018)

New in RouterOS 6.43 RC 42 (Jul 5, 2018)

New in RouterOS 6.43 RC40 (Jul 3, 2018)

New in RouterOS 6.42.5 (Jun 27, 2018)

New in RouterOS 6.43 RC34 (Jun 25, 2018)

MAJOR CHANGES IN v6.43:
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
Changes in this release:
!) cloud - added IPv6 support;
console - do not show spare parameters on ping command;
crs317 - properly report link state when one link interface is disabled;
crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
crs3xx - fixed flow control;
crs3xx - fixed LACP member failover;
dhcpv4-client - fixed double ACK packet handling;
ethernet - do not show "combo-state" field if interface is not SFP or copper;
led - fixed LED default configuration for LtAP mini;
lte - added eNB ID to info command;
ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
supout - added "w60g" section to supout file;
watchdog - added "ping-timeout" setting (CLI only);
winbox - show "sector-writes" on ARM routers that has such counters;
winbox - show "System/Health" only on boards that have health monitoring;
Other changes since v6.42.4:
api - properly classify API sessions in log;
backup - generate proper file name when router identity is longer than 32 symbols;
bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
bridge - added ingress filtering options to bridge interface;
bridge - added initial Q-in-Q support;
bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
bridge - fixed dynamic VLAN table entries when using ingress filtering;
bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
capsman - allow to change "radio-name" (CLI only);
capsman - increase timeout for the CAP to CAPsMAN communication;
certificate - added "expires-after" parameter;
chr - added checksum offload support for Hyper-V installations;
chr - added large send offload support for Hyper-V installations;
chr - added multiqueue support on Xen installations;
chr - added support for multiqueue feature on "virtio-net";
chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
chr - do not show IRQ entries from removed devices;
chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
chr - fixed interface name assign process when running CHR on Hyper-V;
chr - fixed MTU changing process when running CHR on Hyper-V;
chr - fixed NIC hotplug for "virtio-net";
chr - improved boot time for Hyper-V installations;
chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
crs3xx - fixed VLAN filtering when there is no tagged interface specified;
defconf - fixed missing bridge ports after configuration reset;
dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
dhcp - reduced resource usage of DHCP services;
dhcpv4-client - fixed DHCP client that was stuck on invalid state;
dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
dhcpv6-client - added missing "Server identifier" parameter in release message;
dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
dhcpv6-server - added initial dynamic simple queue support;
dude - fixed client auto upgrade (broken since 6.43rc17);
export - do not show w60g password on "hide-sensitive" type of export;
filesystem - improved software crash handling on devices with FLASH type memory;
ike1 - purge both SAs when timer expires;
interface - improved reliability on dynamic interface handling;
ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
ipsec - added warning messages for incorrect peer configuration;
ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
ipsec - install all DNS server addresses provided by "mode-config" server;
ipsec - separate phase1 proposal configuration from peer menu;
ipsec - use monotonic timer for SA lifetime check;
kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
kidcontrol - allow to edit discovered devices;
led - improved w60g alignment trigger;
log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
log - show interface name on OSPF "different MTU" info log messages;
lte - added additional ID support for SIM7600 modem;
lte - added extended LTE signal info for SIM7600 modules;
lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
lte - added roaming status reading for info command (CLI only);
lte - added support for Novatel USB730LN modem with new ID;
lte - added support for Quanta 1k6e modem;
lte - allow to execute concurrent internal AT commands;
lte - allow to use multiple PLS modems at the same time;
lte - do not allow to remove default APN profile;
lte - do not allow to send "at-chat" commands for configless modems;
lte - expose GPS channel for PLS modems;
lte - fixed SIM7600 registration info;
lte - improved modem event processing;
lte - improved r11e-LTE and r11e-LTE-US dialling process;
lte - improved r11e-LTE configuration exchange process;
lte - improved reading of SMS message after entering running state;
lte - improved readings of info command results for the SXT LTE;
lte - improved stability of USB LTE interface detection process;
lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
lte - show UICC in correct format for SXT LTE devices;
lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
lte - use alphanumeric operator format in info command;
ntp - allow to specify link-local address for NTP server;
ppp - added support for additional ID for E3531 modem;
ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
quickset - recognize 160 MHz channel as HomeAP mode;
romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
romon - properly classify RoMON sessions in log and active users list;
routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
smb - fixed valid request handling when additional options are used;
sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
ssh - disconnect all active connections when router gets rebooted or turned off;
switch - added support for port isolation by switch chip;
swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
usb - fixed power-reset for hAP ac^2 devices;
user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
w60g - added 4th 802.11ad channel (CLI only);
w60g - added distance measurement (CLI only);
w60g - general stability and performance improvements;
w60g - improved link stability;
w60g - improved maximal achievable distance;
w60g - improved maximum link distance;
w60g - properly report center status under "tx-sector-info";
w60g - removed distance lock for wAP 60G devices;
webfig - properly display time interval within Kid Control menu;
webfig - properly show NTP clients "last-adjustment" value;
winbox - added "poe-fault" LED trigger;
winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
winbox - added bridge Fast Forward statistics counters;
winbox - fixed arrow key handling within table filter fields;
winbox - fixed bridge port MAC learning parameter values;
winbox - properly close session when uploading multiple files to the router at the same time;
winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
winbox - show "Switch" menu on hAP ac^2 devices;
winbox - show HT MCS tab when "5ghz-n/ac" band is used;
wireless - added option for RADIUS "called-station-id" format selection;
wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
wireless - fixed wireless interface lockup after period of inactivity;
wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
x86 - improved Ethernet driver for Davicom DM9x0x;

New in RouterOS 6.42.4 (Jun 19, 2018)

bridge - allow to make changes for bridge port when it is interface list;
bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
certificate - fixed "add-scep" template existence check when signing certificate;
chr - fixed adding MSTI entries;
chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
chr - fixed various network hang scenarios when running CHR on Hyper-V;
console - fixed script permissions if script is executed by other RouterOS service;
dhcpv4-server - fixed DHCP server that was stuck on invalid state;
health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
kidcontrol - fixed dynamically created firewall rules order;
led - added "dark-mode" functionality for hEX S and SXTsq 5 ac devices;
led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
quickset - added missing wireless "channel-width" settings;
quickset - added support for "5ghz-a/n" band when CPE mode is used;
snmp - added remote CAP count OID for CAPsMAN;
snmp - fixed readings for CAPsMAN slave interfaces;
supout - added "partitions" section to supout file;
usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
userman - improved unique username generation process when adding batch of users;
w60g - improved RAM memoy allocation processes;
winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
winbox - allow to specify full URL in SCEP certificate signing process;
winbox - by default specify keepalive timeout value for tunnel type interfaces;
winbox - show "scep-url" for certificates;
winbox - show "System/Health" only on boards that have health monitoring;
winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
wireless - enable all chains by default on devices without external antennas after configuration reset;
wireless - improved Nv2 reliability on ARM devices;

New in RouterOS 6.43 RC29 (Jun 15, 2018)

New in RouterOS 6.43 RC27 (Jun 12, 2018)

New in RouterOS 6.43 RC23 (Jun 5, 2018)

Backup - generate proper file name when router identity is longer than 32 symbols;
Bridge - added ingress filtering options to bridge interface;
Bridge - added initial Q-in-Q support;
Capsman - increase timeout for the CAP to CAPsMAN communication;
Certificate - added "expires-after" parameter;
Certificate - fixed "add-scep" template existence check when signing certificate;
Chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
Chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
Chr - fixed interface name assign process when running CHR on Hyper-V;
Chr - fixed MTU changing process when running CHR on Hyper-V;
Chr - fixed various network hang scenarios when running CHR on Hyper-V;
Chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
Console - fixed script permissions if script is executed by other RouterOS service;
Dhcpv6-server - added initial dynamic simple queue support;
Ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
Ipsec - separate phase1 proposal configuration from peer menu;
Lte - improved modem event processing;
Ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
Ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
Quickset - added missing wireless "channel-width" settings;
Quickset - added support for "5ghz-a/n" band when CPE mode is used;
Quickset - recognize 160 MHz channel as HomeAP mode;
Romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
Supout - added "partitions" section to supout file;
Switch - added support for port isolation by switch chip;
Webfig - properly display time interval within Kid Control menu;
Webfig - properly show NTP clients "last-adjustment" value;
Winbox - added "poe-fault" LED trigger;
Winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
Winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
Winbox - allow to specify full URL in SCEP certificate signing process;
Winbox - fixed arrow key handling within table filter fields;
Winbox - properly close session when uploading multiple files to the router at the same time;
Winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
Winbox - show "scep-url" for certificates;
Winbox - show "System/Health" only on boards that have health monitoring;
Winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;

New in RouterOS 6.42.3 / 6.43 RC21 (May 30, 2018)

Dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
Dhcp - fixed DHCP server stuck in invalid state;
Dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
Dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
Kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
Lte - do not allow to remove default APN profile;
Snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
Vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
W60g - added distance measurement (CLI only);
Winbox - by default specify keepalive timeout value for tunnel type interfaces;
Winbox - show "System/Health" only on boards that have health monitoring;
Wireless - added option for RADIUS "called-station-id" format selection;
Wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
Bridge - added ingress filtering options to bridge interface (CLI only);
Bridge - added initial Q-in-Q support (CLI only);
Bridge - allow to make changes for bridge port when it is interface list;
Bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
Bridge - fixed dynamic VLAN table entries when using ingress filtering;
Bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
Capsman - allow to change "radio-name" (CLI only);
Certificate - add "expires-after" parameter (CLI only);
Chr - added checksum offload support for Hyper-V installations;
Chr - added large send offload support for Hyper-V installations;
Chr - added multiqueue support on Xen installations;
Chr - added support for multiqueue feature on "virtio-net";
Chr - added virtual Receive Side Scaling support for Hyper-V installations;
Chr - do not show IRQ entries from removed devices;
Chr - fixed adding MSTI entries;
Chr - fixed NIC hotplug for "virtio-net";
Chr - improved boot time for Hyper-V installations;
Crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
Crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
Crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
Crs3xx - fixed VLAN filtering when there is no tagged interface specified;
Defconf - fixed missing bridge ports after configuration reset;
Dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
Dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
Dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
Dhcpv6-client - added missing "Server identifier" parameter in release message;
Dhcpv6-server - added initial dynamic simple queue support;
Filesystem - improved software crash handling on devices with FLASH type memory;
Interface - improved reliability on dynamic interface handling;
Ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
Ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
Ipsec - added warning messages for incorrect peer configuration;
Ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
Ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
Ipsec - install all DNS server addresses provided by "mode-config" server;
Ipsec - separate phase1 proposal configuration from peer menu (CLI only);
Kidcontrol - allow to edit discovered devices;
Kidcontrol - fixed dynamically created firewall rules order;
Led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
Led - improved w60g alignment trigger;
Log - show interface name on OSPF "different MTU" info log messages;
Lte - added extended LTE signal info for SIM7600 modules;
Lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
Lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
Lte - added roaming status reading for info command (CLI only);
Lte - added support for Novatel USB730LN modem with new ID;
Lte - allow to execute concurrent internal AT commands;
Lte - allow to use multiple PLS modems at the same time;
Lte - do not allow to send "at-chat" commands for configless modems;
Lte - expose GPS channel for PLS modems;
Lte - fixed SIM7600 registration info;
Lte - improved r11e-LTE and r11e-LTE-US dialling process;
Lte - improved r11e-LTE configuration exchange process;
Lte - improved reading of SMS message after entering running state;
Lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
Lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
Lte - use alphanumeric operator format in info command;
Routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
Routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
Smb - fixed valid request handling when additional options are used;
Ssh - disconnect all active connections when router gets rebooted or turned off;
Switch - added support for port isolation by switch chip (CLI only);
Tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
User - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
W60g - added 4th 802.11ad channel (CLI only);
W60g - general stability and performance improvements;
W60g - improved maximal achievable distance;
W60g - removed distance lock for wAP 60G devices;
Winbox - added bridge Fast Forward statistics counters;
Winbox - fixed bridge port MAC learning parameter values;
Winbox - show "Switch" menu on hAP ac^2 devices;
Winbox - show HT MCS tab when "5ghz-n/ac" band is used;
Wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
Wireless - fixed wireless interface lockup after period of inactivity;
Wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;

New in RouterOS 6.43 RC17 (May 24, 2018)

backup - do not encrypt backup file unless password is provided;
bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
bridge - added initial Q-in-Q support (CLI only;
btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
crs3xx - fixed VLAN filtering when there is no tagged interface specified;
lte - added ICCID reading for info command R11e-LTE (CLI only;
lte - added roaming status reading for info command (CLI only;
lte - improved r11e-LTE configuration exchange process;
lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only;
lte - use alphanumeric operator format in info command;
mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
radius - use MS-CHAPv2 for "login" service authentication;
romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
smb - fixed valid request handling when additional options are used;
user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades;
w60g - added 4th 802.11ad channel (CLI only;
w60g - general stability and performance improvements;
w60g - improved maximal achievable distance;
w60g - removed distance lock for wAP 60G devices;
webfig - improved authentication process;
winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required;
wireless - fixed wireless interface lockup after period of inactivity;
wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
wireless - improved client "channel-width" detection;
bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
bridge - added ingress filtering options to bridge interface (CLI only;
bridge - allow to make changes for bridge port when it is interface list;
bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10;
bridge - fixed dynamic VLAN table entries when using ingress filtering;
capsman - allow to change "radio-name" (CLI only;
certificate - add "expires-after" parameter (CLI only;
chr - added checksum offload support for Hyper-V installations;
chr - added large send offload support for Hyper-V installations;
chr - added multiqueue support on Xen installations;
chr - added support for multiqueue feature on "virtio-net";
chr - added virtual Receive Side Scaling support for Hyper-V installations;
chr - do not show IRQ entries from removed devices;
chr - fixed NIC hotplug for "virtio-net";
chr - improved boot time for Hyper-V installations;
crs3xx - added initial Q-in-Q hardware offloading support (CLI only;
crs3xx - fixed ACL rate rules (introduced in v6.41rc27;
crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11;
defconf - fixed missing bridge ports after configuration reset;
dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc;
dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
dhcpv6-server - added initial dynamic simple queue support;
filesystem - improved software crash handling on devices with FLASH type memory;
interface - improved reliability on dynamic interface handling;
ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only;
ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only;
ipsec - added warning messages for incorrect peer configuration;
ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
ipsec - install all DNS server addresses provided by "mode-config" server;
ipsec - separate phase1 proposal configuration from peer menu (CLI only;
kidcontrol - allow to edit discovered devices;
led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58;
led - improved w60g alignment trigger;
log - show interface name on OSPF "different MTU" info log messages;
lte - added extended LTE signal info for SIM7600 modules;
lte - added extended signal information for Quectel LTE EP06 modem;
lte - added support for Novatel USB730LN modem with new ID;
lte - allow to execute concurrent internal AT commands;
lte - allow to use multiple PLS modems at the same time;
lte - do not allow to send "at-chat" commands for configless modems;
lte - expose GPS channel for PLS modems;
lte - fixed SIM7600 registration info;
lte - improved r11e-LTE and r11e-LTE-US dialling process;
lte - improved reading of SMS message after entering running state;
lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
routerboard - fixed "protected-routerboot" feature (introduced in v6.42;
ssh - disconnect all active connections when router gets rebooted or turned off;
switch - added support for port isolation by switch chip (CLI only;
tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
winbox - added bridge Fast Forward statistics counters;
winbox - fixed bridge port MAC learning parameter values;
winbox - show "Switch" menu on hAP ac^2 devices;
winbox - show HT MCS tab when "5ghz-n/ac" band is used;
wireless - added option for RADUS "called-station-id" format selection (CLI only;
wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
wireless - improved Nv2 PtMP performance;
wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;

New in RouterOS 6.43 RC14 (May 18, 2018)

New in RouterOS 6.43 RC11 (May 10, 2018)

New in RouterOS 6.43 RC7 (May 8, 2018)

New in RouterOS 6.43 RC6 (May 3, 2018)

New in RouterOS 6.43 RC5 (Apr 26, 2018)

New in RouterOS 6.43 RC4 (Apr 23, 2018)

New in RouterOS 6.43 RC3 (Apr 20, 2018)

bridge - fixed hardware offloading for MMIPS and PPC devices;
bridge - fixed LLDP packet receiving;
certificate - add "expires-after" parameter (CLI only;
chr - added checksum offload support for Hyper-V installations;
chr - added large send offload support for Hyper-V installations;
chr - added multiqueue support on Xen installations;
chr - added support for multiqueue feature on "virtio-net";
chr - added virtual Receive Side Scaling support for Hyper-V installations;
chr - do not show IRQ entries from removed devices;
chr - fixed NIC hotplug for "virtio-net";
chr - improved boot time for Hyper-V installations;
crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
crs3xx - fixed failing connections through bonding in bridge;
ike2 - use "policy-template-group" parameter when picking proposal as initiator;
ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only;
ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only;
ipsec - added warning messages for incorrect peer configuration;
ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
ipsec - separate phase1 proposal configuration from peer menu (CLI only;
led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
led - improved w60g alignment trigger;
log - show interface name on OSPF "different MTU" info log messages;
lte - added extended LTE signal info for SIM7600 modules;
lte - allow to send "at-chat" command over disabled LTE interface;
lte - allow to use multiple PLS modems at the same time;
lte - expose GPS channel for PLS modems;
lte - fixed SIM7600 registration info;
routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
routerboard - fixed "mode-button" support on hAP lite r2 devices;
w60g - allow to manually set "tx-sector" value;
w60g - fixed incorrect RSSI readings;
w60g - show phy rate on "/interface w60g monitor" (CLI only;
winbox - added bridge Fast Forward statistics counters;
winbox - allow to specify "any" as wireless "access-list" interface;
winbox - fixed "/ip dhcp-server network set dns-none" parameter;
winbox - fixed bridge port MAC learning parameter values;
winbox - show "Switch" menu on cAP ac devices;
winbox - show correct "Switch" menus on CRS328-24P-4S+;
wireless - enable all chains by default on devices without external antennas after configuration reset;
wireless - improved compatibility with BCM devices;

New in RouterOS 6.42 (Apr 17, 2018)

Tile - improved system performance and stability ("/system routerboard upgrade" required;
W60g - increased distance for wAP 60G to 200+ meters;
Bridge - added host aging timer for CRS3xx and Atheros hw-bridges;
Bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
Bridge - added per-port learning options;
Bridge - added support for static hosts;
Bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions;
Bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
Bridge - fixed false MAC address learning on hAP ac^2 and cAP ac devices;
Bridge - fixed incorrect "fast-forward" enabling when ports were switched;
Bridge - fixed MAC learning for VRRP interfaces on bridge;
Bridge - fixed reliability on software bridges when used on devices without switch chip;
Bridge - hide options for disabled bridge features in CLI;
Bridge - show "hw" flags only on Ethernet interfaces and interface lists;
Capsman - added "allow-signal-out-of-range" option for Access List entries;
Capsman - added support for "interface-list" in Access List and Datapath entries;
Capsman - improved CAPsMAN responsiveness with large amount of CAP interfaces;
Capsman - log "signal-strength" when successfully connected to AP;
Certificate - added PKCS#10 version check;
Certificate - dropped DES support and added AES instead for SCEP;
Certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
Certificate - fixed incorrect SCEP URL after an upgrade;
Chr - added "open-vm-tools" on VMware installations;
Chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
Chr - added "xe-daemon" on Xen installations;
Chr - added support for Amazon Elastic Network Adapter (ENA driver;
Chr - added support for booting from NVMe disks;
Chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
Chr - added support for NIC hot-plug on VMware and Xen installations;
Chr - fixed additional disk detaching on Xen installations;
Chr - fixed interface matching by name on VMware installations;
Chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
Chr - fixed suspend on Xen installations;
Chr - make additional disks visible under "/disk" on Xen installations;
Chr - make Virtio disks visible under "/disk" on KVM installations;
Chr - run startup scripts on the first boot on AWS and Google Cloud installations;
Console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
Console - improved console stability after it has not been used for a long time;
Crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
Crs212 - fixed Ethernet boot when connected to boot server through CRS326 device;
Crs326 - fixed known multicast flooding to the CPU;
Crs3xx - added switch port "storm-rate" limiting options;
Crs3xx - added “hw-offload” support for 802.3ad and “balance-xor” bonding;
Detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41;
Dhcp - improved DHCP service reliability when it is configured on bridge interface;
Dhcp - reduced resource usage of DHCP services;
Dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
Dhcpv6 - make sure that time is set before restoring bindings;
Dhcpv6-client - added info exchange support;
Dhcpv6-client - added possibility to specify options;
Dhcpv6-client - added support for options 15 and 16;
Dhcpv6-client - implement confirm after reboot;
Dhcpv6-server - added DHCPv4 style user options;
Dns - do not generate "Undo" messages on changes to dynamic servers;
Email - set maximum number of sessions to 100;
Fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
Fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
Fetch - increased maximum number of sessions to 100;
Filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
Flashfig - properly apply configuration provided by Flashfig;
Gps - improved NMEA sentence handling;
Health - added log warning when switching between redundant power supplies;
Health - fixed empty measurements on CRS328-24P-4S+RM;
Hotspot - improved HTTPS matching in Walled Garden rules;
Ike1 - display error message when peer requests "mode-config" when it is not configured;
Ike1 - do not accept "mode-config" reply more than once;
Ike1 - fixed wildcard policy lookup on responder;
Ike2 - fixed framed IP address received from RADIUS server;
Interface - improved interface configuration responsiveness;
Ippool - added ability to specify comment;
Ippool6 - added pool name to "no more addresses left" error message;
Ipsec - fixed AES-CTR and AES-GCM support on RB1200;
Ipsec - improved single tunnel hardware acceleration performance on MMIPS devices;
Ipsec - properly detect interface for "mode-config" client IP address assignment;
Ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
Ipv6 - update IPv6 DNS from RA only when it is changed;
Kidcontrol - initial work on "/ip kid-control" feature;
Led - added "Dark Mode" support for wAP 60G;
Led - added w60g alignment trigger;
Led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
Led - removed unused "link-act-led" trigger for devices which does not use it;
Lte - added initial support for Quectel LTE EP06-E;
Lte - added initial support for SIM7600 LTE modem interface;
Lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US;
Lte - do not add DHCP client on LTE modems that doesn't use DHCP;
Lte - fixed DHCP client adding for MF823 modem;
Lte - fixed LTE band setting for SXT LTE;
Mac-ping - fixed duplicate responses;
Modem - added initial support for AC340U;
Netinstall - fixed MMIPS RouterOS package description;
Netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
Netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
Poe - do not show "poe-out-current" on devices which can not determine it;
Poe - hide PoE related properties on interfaces that does not provide power output;
Ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
Ppp - allow to override remote user PPP profile via "Mikrotik-Group";
Quickset - fixed NAT if PPPoE client is used for Internet access;
Quickset - properly detect IP address when one of the bridge modes is used;
Quickset - properly detect LTE interface on startup;
Quickset - show "G" flag for guest users;
Quickset - use "/24" subnet for local network by default;
R11e-lte - improved LTE connection initialization process;
Rb1100ahx4 - improved reliability on hardware encryption;
Routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required;
Routerboard - properly detect hAP ac^2 RAM size;
Sniffer - fixed "/tool sniffer packet" results listed in incorrect order;
Snmp - added "/caps-man interface print oid";
Snmp - added "/interface w60g print oid";
Snmp - added "board-name" OID;
Snmp - improved request processing performance for wireless and CAP interfaces;
Ssh - fixed SSH service becoming unavailable;
Ssh - generate SSH keys only on the first connect attempt instead of the first boot;
Ssh - improved key import error messages;
Ssh - remove imported public SSH keys when their owner user is removed;
Switch - hide "ingress-rate" and "egress-rate" for non-CRS3xx switches;
Tile - added "aes-ctr" hardware acceleration support;
Tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
Tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
Tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
Tr069-client - fixed HTTPS authentication process;
Traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
Upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
Ups - improved communication between router and UPS;
Ups - improved disconnect message handling between RouterOS and UPS;
Userman - added support for ARM and MMIPS platform;
W60g - added "tx-power" setting (CLI only;
W60g - added RSSI information (CLI only;
W60g - added TX sector alignment information (CLI only;
Watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
Winbox - added "antenna" setting under GPS settings for MIPS platform devices;
Winbox - added "crl-store" setting to certificate settings;
Winbox - added "insert-queue-before" to DHCP server;
Winbox - added "use-dn" setting in OSPF instance General menu;
Winbox - added 160 MHz "channel-width" to wireless settings;
Winbox - added DHCPv6 client info request type and updated statuses;
Winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
Winbox - added possibility to delete SMS from inbox;
Winbox - allow to comment new object without committing it;
Winbox - allow to open bridge host entry;
Winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
Winbox - fixed typo from "UPtime" to "Uptime";
Winbox - fixed Winbox closing when viewing graph which does not contain any data;
Winbox - improved stability when using trackpad scrolling in large lists;
Winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
Winbox - moved "ageing-time" setting from STP to General tab;
Winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
Winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
Winbox - show Bridge Port PVID column by default;
Winbox - show CQI in LTE info;
Winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
Winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
Winbox - use proper graph name for HDD graphs;
Wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only;
Wireless - added initial support for "nstreme-plus";
Wireless - added support for "band=5ghz-n/ac";
Wireless - added support for "interface-list" for Access List entries;
Wireless - added support for legacy AR9485 chipset;
Wireless - enable all chains by default on devices without external antennas after configuration reset;
Wireless - fixed "wds-slave" channel selection when single frequency is specified;
Wireless - fixed incompatibility with macOS clients;
Wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
Wireless - fixed nv2 protocol on ARM platform SXTsq devices;
Wireless - fixed RB911-5HnD low transmit power issue;
Wireless - fixed RTS/CTS option for the ARM based wireless devices;
Wireless - fixed wsAP wrong 5 GHz interface MAC address;
Wireless - improved compatibility with specific wireless AC standard clients;
Wireless - improved Nv2 PtMP performance;
Wireless - improved packet processing on ARM platform devices;
Wireless - improved wireless performance on hAP ac^2 devices while USB is being used;
Wireless - improved wireless scan functionality;

New in RouterOS 6.42 RC 52 (Mar 27, 2018)

New in RouterOS 6.42 RC 49 (Mar 21, 2018)

New in RouterOS 6.42 RC 46 (Mar 20, 2018)

New in RouterOS 6.42 RC 43 (Mar 15, 2018)

New in RouterOS 6.41.3 (Mar 12, 2018)

New in RouterOS 6.42 RC 37 (Mar 1, 2018)

New in RouterOS 6.42 RC 35 (Feb 26, 2018)

New in RouterOS 6.42 RC 30 (Feb 21, 2018)

New in RouterOS 6.42 RC 28 (Feb 16, 2018)

New in RouterOS 6.42 RC 27 (Feb 15, 2018)

New in RouterOS 6.41.1 (Feb 2, 2018)

bridge - fixed "mst-override" export;
bridge - fixed allowed MSTI priority values;
bridge - fixed ARP option changing on bridge (introduced v6.41);
bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
bridge - fixed hw-offload disabling when adding a port with "horizon" set;
bridge - fixed IGMP Snooping after disabling/enabling bridge;
bridge - fixed interface list moving in "/interface bridge port" menu;
bridge - fixed repetitive port "priority" set;
bridge - fixed situation when packet could be sent with local MAC as dst-mac;
bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
btest - fixed TCP test accuracy when low TX/RX rates are used;
certificate - do not use utf8 for SCEP challenge password;
certificate - fixed PKCS#10 version;
crs317 - improved transmit performance between 10G and 1G ports;
crs326 - fixed possible packet leaking from CPU to switch ports;
crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
detnet - additional work on "detect-internet" implementation;
dhcpv4-server - fixed framed and classless route received from RADIUS server;
discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
dude - fixed e-mail notifications when default port is not used;
firewall - fixed "tls-host" firewall feature (introduced v6.41);
firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
ike2 - delay rekeyed peer outbound SA installation;
ike2 - improve half-open connection handling;
ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
log - properly report bridge interface MAC address changes;
netinstall - improved LTE package description;
netinstall - properly generate skins folder when branding package is installed;
ovpn - fixed resource leak on systems with high CPU usage;
ppp - changed default value of "route-distance" to 1;
ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
radius - added warning if PPP authentication over RADIUS is enabled;
radius - increase allowed RADIUS server timeout to 60s;
rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
routerboot - fixed missing upgrade firmware for "ar7240" devices;
sfp - improved SFP module compatibility;
snmp - allow also IPv6 on default public community;
tile - fixed USB device speed detection after reboot;
traffic-flow - do not count single extra packet per each flow;
webfig - added support for proper default policies when adding script or scheduler job;
webfig - fixed bridge port sorting order by name;
webfig - fixed MAC address ordering;
webfig - fixed wireless snooper address, SSID and other column ordering;
winbox - added "dhcp-option-set" to DHCP server;
winbox - allow to specify "to-ports" for "action=masquerade";
winbox - do not show "hw" option on non-Ethernet interfaces;
winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
wireless - updated "Czech Republic" country 5.8 GHz frequency range;

New in RouterOS 6.40.2 (Aug 24, 2017)

New in RouterOS 6.36.2 (Aug 25, 2016)

New in RouterOS 6.36.1 (Aug 25, 2016)

New in RouterOS 6.36 (Aug 25, 2016)

arm - added Dude server support;
dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=110428);
dude - server package is now made smaller. client side content upgrade is now removed from it and is downloaded straight from our cloud. So workstations on which client is used will require access to wan. Alternatively upgrade must be done by reinstalling the client on each new release;
firewall - added "/interface list" menu which allows to create list of interfaces which can be used as in/out-interface-list matcher in firewall and use as a filter in traffic-flow;
firewall - added pre-connection tracking filter - "raw" table, that allow to protect connection-tracking from unnecessary traffic;
firewall - allow to add domain name to address-lists (dynamic entries for resolved addresses will be added to specified list);
wireless - wireless-fp is discontinued, it needs to be uninstalled/disabled before upgrade;
address - allow multiple equal ip addresses to be added if neither or only one is enabled;
address-list - make "dynamic=yes" as read-only option;
arm - fixed kernel failure on low memory;
arp - added arp-timeout option per interface;
bonding - fixed 802.3ad load balancing mode over tunnels ;
bonding - fixed bonding primary slave assignment for ovpn interfaces after startup;
bonding - fixed crash on RoMON traffic transmit;
bonding - implemented l2mtu value == smallest slave interfaces l2mtu;
capsman - fixed crash when running over ovpn;
certificate - added automatic scep renewal delay after startup to avoid all requests accessing CA at the same time;
certificate - cancel pending renew when certificate becomes valid after date change;
certificate - display issuer and subject on check failure;
certificate - do not exit after card-verify;
certificate - force scep renewal on system clock updates;
chr - fixed CHR seeing its own system disk mounted as additional data disk;
clock - fixed time keeping for SXT ac, 911L, cAP, mAP lite, wAP;
clock - save current time to configuration once per day even if there are no time zone adjustments pending;
cloud - fixed export order;
console - fixed get false function;
console - show message time in echo log messages;
defconf - changed channel extension to 20/40/80mhz for all ac boards;
dhcp-pd - correct server listing for commands;
dhcp-server - fixed radius framed route addition after reboot on client renew;
dhcpv6-client - fixed ia lifetime validation when it is set by dhcpv6 client;
dhcpv6-relay - set packet link-address only when it is manually configured;
dhcpv6-server - fixed binding last-seen update;
disk - added support for Plextor PX-G128M6e(A) SSD on CCR1072;
email - fixed send from winbox;
email - removed subject and body length limit;
ethernet - fixed incorrect ether1 link speed after reboot on rb4xx series routers;
ethernet - fixed memory leak when setting interface without changing configuration;
fastpath - fixed kernel failure when fastpath handles packet with multicast dst-address;
fetch - support tls host name extension;
firewall - added udplite, dccp, sctp connection tracking helpers;
firewall - do not show disabled=no in export;
firewall - fixed spelling in built-in firewall commentary;
gps - fixed longitude seconds part;
health - fixed broken factory voltage calibration data for some hAP ac boards;
health - fixed incorrect voltage after reboot on RB2011UAS;
icmp - fixed kernel failure when icmp packet could not be processed on high load;
ippool6 - fixed crash on acquire when prefix length is equal with pool prefix length;
ipsec - add dead ph2 detection exception for windows msgid noncompliance with rfc;
ipsec - added dead ph2 reply detection;
ipsec - don't register temporary ph2 on dead list;
ipsec - fix initiator modecfg dynamic dns;
ipsec - fixed AH with SHA2;
ipsec - fixed checks before accessing ph1 nat options;
ipsec - fixed mode-config export;
ipsec - fixed route cache overflow when using ipsec with route cache disabled;
ipsec - fixed windows msgid check on x86 devices;
ipsec - show remote peer address in error messages when possible;
ipsec - store udp encapsulation type in proposal;
kernel - fixed possible kernel deadlock when Sierra USB mode is being used;
l2tp - fixed crash when rebooting or disabling l2tp while there are still active connections;
lcd - reduced lowest backlight-timeout value from 5m to 30s;
license - do not expire demo license right after fresh installation of x86;
log - added whole scep certificate chain print;
log - increase excessive multicast/broadcast warning threshold every time it is logged;
log - make logging process less aggressive on startup;
lte - added allow-roaming option for Huawei MU709, ME909s devices;
lte - added cinterion pls8 support;
lte - added support for Huawei E3531;
lte - added support for ZTE ZM8620;
lte - added use-peer-dns option (will work only combined with add-default-route);
lte - changed driver loading for class 2 usb rndis devices;
lte - display message in lte,error log if no response received;
lte - display message in lte,error log when PIN is required;
lte - fix crash on SXT LTE while resetting card while at high traffic;
lte - fixed access technology logging;
lte - fixed connection for Huawei without cell info;
lte - fixed modem init when pin request present;
lte - fixed modem network configuration version checks;
lte - fixed network-mode support after downgrade;
lte - Huawei MU609 must use latest firmware to work correctly;
lte - improved multiple same model modems identification;
lte - show uicc for Huawei modems;
lte - use only creg result codes as network status indications;
mesh - fixed crash when connection references a mesh network but it is not available any more;
modem - added support for Alcatel OneTouch X600;
modem - added support for Quectel EC21 and EC25;
modem - added support for SpeedUP SU-900U modem;
nand - improved nand refresh feature to enhance stored data integrity;
ovpn - enable perfect forwarding secrecy support by default;
ovpn - fixed compatibility with OpenVPN 2.3.11;
pppoe - allow to set MTU and MRU higher than 1500 for PPPoE;
pppoe - do not allow to send out bigger packets than l2mtu if mrru is provided;
proxy - limit max ram usage to 80% for tile and x86 devices;
queue - reset queue type on interfaces which default queue type changes to no-queue after upgrade;
rb2011 - fixed ether6-ether10 flapping when two ports from both switch chips are in the same bridge;
rb3011 - fixed port flapping on ether6-ether10;
rb3011 - fixed reset button functionality;
rb3011 - fixed usb driver load;
rb3011 - fixed usb storage mounting;
rb3011 - improved performance on high cpu usage;
route - added suppport for more than 8 bits of options;
route - fixed ospf by handling ipv6 encoded prefixes with stray bits;
sniffer - fixed ipv6 address matching;
snmp - fixed get function for snmp>=v2 when oid does not exist;
snmp - fixed interface stats branch from MikroTik MIB;
snmp - report current access technology and cell id for lte modems;
snmp - report ram memory as ram instead of other;
ssh - add rsa host key size parameter;
ssh-keygen - add rsa key size parameter;
ssl - do not exit while there still are active sessions;
ssl - fixed memory leak on ssl connect/disconnect (fetch, ovpn, etc.);
sstp - fixed dns name support in connect-to field if http-proxy is specified;
supout - erase panic data properly on Netinstall;
switch - fixed switch compact export;
timezone - updated timezone information from tzdata2016e release;
traffic-flow - added ipfix support (RFC5101 and RFC5102);
tunnel - added option to auto detect tunnel local-address;
tunnel - fixed rare crash by specifying minimal header length immediately at tunnel initialization;
upnp - fixed nat rule dst-port by making it visible again;
usb - I-tec U3GLAN3HUB usb hub/ethernet dongle now shows up correctly as ethernet interface;
usb - implement possibility to recognize usb hubs/ethernet-dongles (if usb hubs/ethernet-dongles are not recognized with this version - send supout.rif file);
userman - fixed crash on database upload;
userman - use ipnpb.paypal.com for payment verification;
wap-ac - fixed performance problems with 2.4GHz wireless (additional reboot after upgrade required);
webfig - do not allow to press OK or Apply if current configuration values are not loaded yet;
webfig - reduced refresh time for wireless registration table to 1 second;
winbox - added 2ghz-g/n band for wireless-rep;
winbox - added icons to bridge filter actions similar to ip firewall;
winbox - added support for ipv6 dhcp relay;
winbox - allow to reorder hotspot walled-garden & walled-garden-ip rules;
winbox - do not allow to specify vlan-mode=no-tag in capsman datapath config;
winbox - do not show filter for combined fields like bgp-vpn4 RD;
winbox - do not show mode setting for WDS interfaces;
winbox - fixed crash on disconnect in secure mode;
winbox - fixed crash when using ctrl+d;
winbox - fixed safe mode;
winbox - improve filtering on list fields;
winbox - report correctly dude users in active users list;
winbox - set default sa-learning value to "yes" for CRS Ingress VLAN Translation rules;
winbox - show action column as first in bridge firewall;
winbox - show error when telnet is not allowed because of permissions;
wireless - fixed multiple wireless packages enabled at the same time after upgrade;
wireless-rep - added initial API support for snooper;
wireless-rep - fixed crash on nv2 reconnect;
wireless-rep - fixed scan-list unset;
wireless-rep - treat missing SSID element as hidden SSID.

New in RouterOS 6.35.4 (Aug 25, 2016)

New in RouterOS 6.35.2 (Aug 25, 2016)

New in RouterOS 6.35.1 (Aug 25, 2016)

New in RouterOS 6.35 (Aug 25, 2016)

arp - apply Linux Kernel patch to stop RouterOS from randomly exhibiting misplaced ARPs;
mipsbe - (excluding RB4xx and CRS series) fixed rare ethernet tx buffer corruption;
nand - implemented once a week nand refresh to improve stored data integrity (will increase sector writes);
pppoe-client - implemented fastpath support;
l2tp - implemented l2tp and lns fastpath/fasttrack support;
queue - added bucket-size setting to queues (derived from max-limit);
tile - fixed rare situation when some cores decide not to take part in packet processing till next reboot;
tunnels - fixed performance slowdown on any other tunnel disable/enable;
winbox - increased minimal required winbox version to 3.4;
wireless - added new package "wireless-rep";
wireless - improved 1-chain 802.11ac station compatibility with other vendor multi-chain APs;
address-list - fixed crash in low memory situations;
bonding - fixed crash when creating vlans on bonding interface;
capsman - added 802.11g/n band;
capsman - fixed capsman extension channel names;
certificate - revoked certificates not showing as (R)evoked;
certificate - allow manual crl url addition;
chr - added support for VLAN on Hyper-V;
chr - fixed Hyper-V booting from SCSI;
chr - fixed Hyper-V on windows 8/10 reboot loop;
chr - fixed bridge firewall;
chr - fixed kernel crash when virtual ethernet was not connected to anything in Hyper-V;
chr - implemented automatic storage increase on disk image size increase;
chr - implemented kernel crash saving to autosupout.rif (will utilize additional 24Mb of RAM);
chr - make shutdown request from hyper-v work (might fix other hypervisor as well);
chr - no more installation on first boot;
chr - try to renew expired license once a hour instead of 100h;
cloud - don't write minor status changes to storage;
console - fixed print follow in "/ip dns cache" menu;
console - show RouterOS Version in /interface wireless scan;
console - sort completions/hints in natural order;
console - update copyright notice;
defconf - fixed default configuration for SXT LTE;
dhcpv6-client - fixed wrong error message;
dhcpv6-client - fix ia expiration and lifetime validation;
dhcpv6-server - acquire binding on renew if it does not exist;
dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=104395);
dude - fixed dude login logging, no more shows as winbox login;
email - fixed send cmd server addr override;
ethernet - add option to see S-GPON-ONU module, GPON side SN in "/int eth mon sfp#";
ethernet - do not allow to set self as master port;
export - bonding did not show up in global export;
export - exclude default values from export in "/interface l2tp-server server" menu;
export - fixed export when ipv6 address was taken from pool;
export - fixed rare situations when not whole config was exported;
export - updated defaults for compact export;
fastpath - fixed crash when packet arrives on disabled interface;
fastpath - fixed show rx-bits-per-second on all VLAN interfaces;
fastpath - improved vlan fastpath;
fasttrack - fixed timer updating in connections table for fasttrack connections;
fetch - decrease connection idle timeout;
firewall - added experimental "action=route" in mangle prerouting - that forces packets to specific gateway by ignoring routing decisions (CLI only);
health - always report fan speed (even if it is 0);
health - swap fan2 and fan3 on CCR1072;
hotspot - clean-up all dead entries at once;
hotspot - fixed possible deadlock;
hotspot - improved html page resistance against attacks;
hotspot - make video tag work properly on hotspot login.html page
ip - rename max-arp-entries to less confusing max-neighbor-entries;
ippool6 - fixed potential crash;
ipsec - always re-key ph1 because it was possible that ph1 without DPD would expire;
ipsec - better flush on proposal change;
ipsec - fixed crash on policy update;
ipsec - fixed fast ph2 SA addition;
ipsec - fixed larval SA refresh for display;
ipsec - fixed multiple consecutive dynamic policy flush;
l2tp & pppoe - fixed user traffic accounting when fastpath was used;
l2tp - introduced per tunnel allow-fast-path option;
l2tp - added support for Hidden AVP, it is needed for proxy authentication;
l2tp - added support for max-sessions;
l2tp - added support for proxy authentication when receiving forwarded PPPoE sessions;
l2tp - fixed small memory leak on reconnects;
lcd - fixed branding packet logo drawing on startup;
led - fixed crash on assigned interface removal;
led - turn on fault led on CCR1072 if CPU too hot;
leds - fixed AP-CAP led blinking after successful association to CAPsMAN;
lte - added ipv6 support for SXT LTE;
lte - changed AT command processing;
lte - changed AT parsing because supported Huawei modems use unsolicited events instead of polling;
lte - fixed bandlux modem dialing;
lte - fixed crash on early initialization;
lte - improve situation when SXT modem never finds operator;
lte - replaced signal-strength with rssi in info command;
lte - support Alt38XX modem;
lte - support for zte mf820s2;
lte - supported modems now use unsolicited events for network monitoring;
lte - use timer for modem info;
map lite - added hardware WPS button support;
mpls - do not reset VPLS on TE tunnel re-optimize;
ntp - fixed ntp client hangs in reached state;
ospf - fixed crash when getting neighbor router-id in NBMA area;
ppp - fixed ppp interface reconnect when uPnP was used;
ppp - close connection if peer wants to re-authenticate;
ppp - fixed memory leak high number of pppoe clients to the same server;
ppp - fixed ppp crash if lcp packets were lost and authentication got delayed;
ppp - fixed some clients can not connect due to LCP restart;
pppoe - added rfc4679 support;
pppoe - fixed crash when removing pppoe service;
pppoe-server - added pado-delay option;
profiler - classify certificate signing;
proxy - fixed ftp request url decode;
queue - improve "/queue interface" menu;
quickset - fixed invalid date adjusted the signal threshold for the signal chart and refresh rate;
quickset - fixed situations when hidden password was passed as ******* from winbox nd webfig;
radius - warn radius client if incorrect secret is being used;
rb3011 - fixed sfp compatibility with CCR when using direct attached cables;
rb3011 - fixed time keeping;
rb3011 - make ether6-ether10 work if SFP module is present on bootup;
romon-ssh - fixed active addresses for romon user;
route - do not show duplicate gateway on connected route;
route - fixed filter by routing table;
routing - fixed rare kernel failure on different dynamic routing configurations;
routing - fixed routing-marks were not erased from memory when they are not being used;
services - do not show ssh entry under ip services if security package is disabled;
snmp - don't group oids for bulk get with maxreps > 1 ;
snmp - fixed cpu load reporting to 1min average and change oid to 1.3.6.1.4.1.2021.11.10.0;
snmp - fixed dhcpv4 lease hwaddr format according to mib;
snmp - fixed getbulk result ordering with multiple request OIDs;
ssh - simplify login process;
ssl - optimized certificate update;
system - log time changes;
tile - corrected max-l2mtu;
tile - fixed fastpath related memory leak;
tile - fixed performance regression on switch chip (introduced in 6.33rc18);
tile-crypto - fixed minor memory leak;
tool fetch - fixed https cleanup on user stop while handshaking;
trafficgen - fixed console arguments;
trafficgen - fixed crash when unexpected stream reappears;
trafflow - fixed potential deadlock;
ups - fixed entering hibernate mode when below battery capacity limit;
users - added separate RoMoN policy;
webfig - fixed firewall rule sorting did not work in other chains except all;
webfig - show single item groups as optional values;
webfig - sort numeric columns numerically even if they contain some text;
winbox - added "pw-type" to "/interface vpls bgp-vpls" menu;
winbox - added "use-control-word" and "pw-mtu" to "/interface vpls cisco-bgp-vpls" menu;
winbox - added /interface wireless setup-repeater;
winbox - added all the rates settings to the capsman;
winbox - added flip-screen option to lcd settings;
winbox - added init-delay option to routerboard settings;
winbox - added ipv6 firewall missing log option;
winbox - added missing eap-ttls-mschamv2 method to wireless security profile;
winbox - added mtu=auto support to eoipv6 tunnel;
winbox - added sfp-mac for GPON interfaces;
winbox - added support for new settings from wireless-rep package;
winbox - added support for route action in mangle rules;
winbox - allow to set additional-network-modes;
winbox - allow to set multiple dh-groups;
winbox - disable autostart for wireless scan,snooper,align etc. on open;
winbox - do not show "enable-jumper-reset" setting on devices without serial port;
winbox - do not show real-tx-power column in current-tx-power by default;
winbox - fixed unset options in /routing ospf interface menu;
winbox - hotspot default-trial user shows profile as "unknown" in Winbox;
winbox - improved winbox connection loss detection, fixes winbox safe mode;
winbox - limit ospf key to 16 symbols;
winbox - make additional-network-mode optional for lte interface;
winbox - make build with latest lte changes;
winbox - make mrru disabled and set mtu+mru to auto by default on new servers;
winbox - show "usb-power-reset" option on all boards that have it;
wireless - fixed crash on nstreme-dual interface stats update;
wireless-rep - added 802.11g/n only band;
wireless-rep - added STEP feature for the scan-list;
wireless-rep - added WPS client support;
wireless-rep - added support for saving wireless scan results to file;
wireless-rep - added support for wireless background scan for 802.11 protocol;
wireless-rep - added support for wireless repeater mode for 802.11 protocol;
wireless-rep - added support for wireless scan rounds setting;
wireless-rep - adjust roaming scan times;
wireless-rep - allow to connect to AP after scan;
wireless-rep - do not allow empty ssid for AP modes;
wireless-rep - fixed crash on non-HT clients;
wireless-rep - fixed latency issues with Intel wireless clients;
wireless-rep - fixed nv2 protocol;
wireless-rep - fixed qos frame-priority when nv2 protocol used in station-wds mode;
wireless-rep - fixed signal leds;
wireless-rep - fixed speed issue when connected with Intel 802.11ac;
wireless-rep - initial support for station roaming for station mode in 802.11 protocol;
wireless-rep - request interface name for setup-repeater;
wireless-rep - use full identity where possible;
wireless-rep,capsman - added more configuration settings;
wireless-rep,capsman - added rate config support.