Skip Navigation
Mikrotik @lemmy.world
walden @sub.wetshaving.social

RouterOS 7.19 stable

What's new in 7.19 (2025-May-22 10:53):

*) arm64 - fixed possible transmit queue timeout on CCR2216, CCR2116, RDS2216;*) arp - added warning, when "Published" ARP entry used on an interface with "reply-only" ARP mode enabled;*) bgp - added input.filter-community;*) bgp - fixed excessive CPU usage;*) bgp - fixed input.accept-community;*) bgp - fixed memory leak on receiving notify and closing session;*) bgp - improved performance on BGP input;*) bonding - added setting for LACP active/passive modes;*) bridge - added new STP monitoring fields for bridge and ports (Tx/Rx BPDU, Tx/Rx TC, forward/discard transitions, last topology change, message-age, max-age, remaining-hops, bridge-id);*) bridge - fixed bridge port hang when using invalid port IDs;*) bridge - fixed dhcp-snooping in QinQ setups;*) bridge - fixed issue when local MACs were removed unnecessarily;*) bridge - fixed minor memory leak on link down;*) bridge - fixed multicast packet flow on hardware offloaded bridge which acts as "multicast-router";*) bridge - improved default bridge and port layout on console and GUI;*) bridge - improved stability in case of configuration error (introduced in v7.15);*) bridge - moved "TCHANGE" logs from bridge,stp to bridge,stp,debug;*) bridge - offload VXLAN only if another HW offloaded port exists in the bridge;*) bridge - properly flush bridge hosts when bonding is used as bridge port and loses hw-offloading status;*) bridge - rename "ports" to "interface" under MDB table for configuration consistency with other menus;*) bridge - renamed STP monitor fields (port-number to port-id, designated-port-number to designated-port-id, designated-bridge to designated-bridge-id);) bridge - show designated- monitor field for all port roles;*) bridge - show warning instead of causing error when using multicast MAC as admin-mac (introduced in v7.17);*) bth - properly specify "in-interface" when adding dynamic firewall NAT rule;*) capsman - fixed "undo" command for cap interfaces;*) certificate - added built-in root certificate authorities store;*) certificate - do not include CA identity in SCEP POST requests;*) certificate - fixed cloud-dns challenge validation for sn.mynetname.net (CLI only);*) certificate - improve error message when trying to use certificate;*) certificate - optimize trust store;*) cloud - fixed issues when BTH is toggled fast between enable/disable;*) cloud - improved "BTH Files" web page design;*) conntrack - improved stability on busy systems;*) console - added on-error to "for" and "foreach" loops;*) console - added proplist to monitor command;*) console - disallow incomplete double-quoted arguments (allows multiline string pasting);*) console - do not treat return values as errors in scripts run from scheduler;*) console - enabled verbose error logging for non-scripted/non-verbose imports;*) console - fixed issue with file-name completion (introduced in v7.18);*) console - fixed issue with files when using scripts (introduced in v7.18);*) console - fixed misaligned multiline in brief print mode;*) console - improve time value handling;*) console - improved file add/remove process stability;*) console - print large number argument values in proper format in export output;*) console - set "/system/note show-at-login=yes" the default value after configuration reset;*) console - validate script arguments (do, on-error, etc.) and reject invalid values;*) container - allow changing container name;*) container - fixed repository name handling to prevent redirect issues when basic authentication is used;*) container - try to derive a user readable container name from remote image or file;*) defconf - added DHCP Client on RDS2216 MGMT interface;*) defconf - increased PPP interface wait time;*) device-mode - added new "rose" mode where "container" feature is enabled by default;*) dhcpv4 - improved outgoing packet logging;*) dhcpv4-client/server - added support for DHCPv4 reconfigure messages;*) dhcpv4-server - "Relay-Agent-Information" (82) option moved at the end of option list in response packets;*) dhcpv4-server - accept packets with htype 6;*) dhcpv4/v6-client - added check-gateway parameter;*) dhcpv4/v6-client - fixed default route when DHCP client interface is in VRF;*) dhcpv6-client - allow selecting to which routing tables add default route;*) dhcpv6-relay - clear saved routes on DHCP release;*) dhcpv6-relay - show client address;*) dhcpv6-server - allow unsetting prefix-pool for static bindings and show warning if prefix is not in selected prefix-pool;*) dhcpv6-server - change bound status to waiting on binding disable;*) dhcpv6-server - change static binding bound status to waiting on server disable;*) dhcpv6-server - fix when expired static binding is declined with false "binding belongs to another server" reason;*) dhcpv6-server - improved stability when disabled server have static bindings;*) dhcpv6-server - improved stability when disabling server with active bindings;*) disk - add "sector-size" property in print detail;*) disk - add reset-counters to /disk btrfs filesystem;*) disk - renamed "eject-drive" command to "eject" (CLI only);*) disk - renamed "format-drive" command to "format" (CLI only);*) dlna - improved folder indexing behavior;*) dns - improved DNS server service stability;*) dot1x - fixed dynamic switch ACL rules on boards with a lot of ports (e.g. CRS520);*) ethernet - improved Ethernet and PoE port mapping to ensure a consistent and reliable interface order;*) fetch - fixed false successful messages in FTP mode;*) file - added show-hidden parameter to /file/print, allowing referencing and deleting hidden files;*) file - fixed missing files from The Dude (introduced in v7.18);*) file - improved responsiveness on slow filesystems;*) firewall - always show "passthrough" when exporting mangle table;*) firewall - detect VRF addresses as local;*) firewall - fixed IP/Settings "ipv4-fasttrack-active" status showing as inactive when it is active;*) health - hide settings in CLI if there is nothing to show;*) health - improved performance on devices with simple voltage sensors;*) hotspot - improvements to memory usage;*) igmp-proxy - do not try to send leave message for multicast groups that the device itself has joined on the upstream interface (cosmetic fix for proxy error logs);*) ike2 - improved initial key exchange process on slow or unreliable connections;*) iot - improvement to LoRa dev-addr-validation behavior;*) iot - improvement to LoRa join eui/net id filtering behavior;*) iot - improvement to LoRa stability and functionality;*) iot - improvement to LoRa whitelist/blacklist support;*) iot - iot-bt-extra package stability improvement;*) ip-service - show all TCP/UDP connections on the system;*) ip-service - show all TCP/UDP ports on system, including ports in containers;*) ip-service - show error message when service enable fails;*) ippool6 - properly free IPv6 pool used prefix when it is not used any more;*) ipsec - fixed system failure on MMIPS devices when using IPsec services;*) ipsec - lower standalone cipher, hash priority when using ctr aead;*) ipv6 - avoid watchdog reboot due to link-local IPv6 address reconfiguration on thousand of interfaces at once;*) ipv6 - fixed EUI-64 false error message on address update when "from-pool" option is used;*) isis - properly validate 3-way hello handshake;*) l2tp-ether - improved stability when trying to connect to disabled L2TP server with IPsec;*) l3hw - remove VLAN tag before VXLAN encapsulation (fixes pvid behavior for bridged VXLAN);*) log - added additional CEF fields from firewall and login logs;*) log - fixed remote logging after reboot when hostname is forwarded to a DNS server;*) log - populate in/out fields in firewall CEF logs with correct data;*) lte - added UICC parameter in LTE monitor for R11e-4G modem;*) lte - additional fixes for eSIM management support;*) lte - AT modems, improved redialing when modem lost connectivity without notifying host about APN status change;*) lte - automatically enable roaming for known roaming only SIM/eSIM profiles;*) lte - Chateau 5G R16 fix DHCP relay packet forwarding using LTE interface;*) lte - deactivate current eSIM profile before activating new profile;*) lte - fixed default APN for configless modems;*) lte - fixed EC200A-EU APN authentication;*) lte - fixed initialization for Neoway N75 modem;*) lte - fixed initialization for R11e-LTE6 modem;*) lte - fixed LTE passthrough activation issue when IPv6 APN is used;*) lte - fixed LTE status update or possible crash when modem is unexpectedly removed from system;*) lte - fixed MBIM modem recovery after modem unexpected restart;*) lte - fixed modem recovery after firmware upgrade for R11e-LTE modem;*) lte - fixed possible crash or missing IPv6 address on first APN activation when IPv6 capable APN is used;*) lte - fixed Router Advertisement processing issue for AT modems when an APN with "ip-type=ipv6" was configured;*) lte - improved dialer for EC200A-EU modem;*) lte - improved R11e-LTE6 link recovery delay time after unexpected modem registration status changes;*) lte - initial support for user settable modem redial timer;*) lte - initialize Quectel modems as soon as they are ready after unexpected restart;*) lte - reset internal link-recovery-timer on sim slot change;*) lte - set apn profile name the same as apn if no name specified when creating the profile;*) lte - show correct value for 5G SA "current-cellid";*) net - remove support for automatic multicast tunneling (AMT) interface (introduced in v7.18);*) netinstall - improved network socket re-opening when NIC status changes while running the server;*) netinstall - provide warning if memory on installed router is full after installation;*) netinstall - show warning when network configuration on PC might not be appropriate for installation;*) netinstall-cli - check for other running Netinstall servers on startup;*) netinstall-cli - clear old configuration before user script using "-s";*) netinstall-cli - fixed issue with applying the branding package;*) ospf - fixed "mismatch" typo in logs;*) ospf - make auth-key parameter sensitive;*) ovpn - properly match GCM hardware acceleration capabilities (introduced in v7.17);*) ovpn-server - do not reset active connections when changing comment or name;*) ovpn-server - fixed server start-up after a reboot;*) ovpn-server - properly show "username" in log when authentication fails;*) pimsm - fixed issue where own query caused querier detection;*) poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);*) port - added support for Huawei E3372-325 variant (vendor-id="0x3566" device-id="0x2001");*) port - added USB mode switch support for "huawei-alt-mode";*) port - fixed KNOT BG77 modem port lost after RouterOS upgrade from previous versions;*) port - improvements to KNOT BG77 modem port channel handling;*) ppc - fixed VLAN TCP packet transmit on PPC devices;*) profiler - improved process classification;*) ptp - added "ptp" logging topic;*) ptp - allow multiple instances;*) ptp - fixed PTP on 2.5G links;*) ptp - fixed PTP on QSFP ports for CRS326, CRS510, CRS520, CCR2216 devices;*) queue - fixed system failure when CAKE kind queue was configured but queue type definition does not exist anymore (introduced in v7.18);*) queue - speed-up queue addition/removal process;*) quickset - improved system stability;*) rose-storage - added Btrfs disk balance command (CLI only);*) rose-storage - added degraded Btrfs mount option (CLI only);*) rose-storage - fixed mounting Btrfs subvolumes using macOS SMB client;*) rose-storage - fixes for Btrfs;*) rose-storage - improved system stability when removing NVMe disks;*) rose-storage - rename default RAID device name from "raid" to "raid-array";*) rose-storage - show Btrfs balance and scrub errors if any;*) route - added options to set dynamic-in and connected-in chains in /routing/settings;*) route - fixed stuck output when calling prints from multiple routing menus;*) route - fixed route rule "min-prefix" unset;*) route - improve stability on BGP reconnect;*) route - make AFI naming consistent;*) route - show "routing-table" by default on console print output;*) route - show BGP session name instead of cache-id;*) route-filter - fixed the "blackhole" option setting process;*) route-filter - improved performance;*) sfp - added sfp-encoding data output from EEPROM;*) sfp - improved QSFP link stability for CRS354 devices;*) sniffer - add max-packet-size (2k-64k) setting to be able to sniffer more than 2k data per packet;*) snmp - fixed v2 getnext noSuchName error when OID with requested key does not exist;*) ssh - fixed authorization with SSH key when multiple user SSH public keys are imported;*) ssl/tls - respond with more precise alert error messages;*) ssl/tls - send certificate authority in Certificate message even if it is not trusted;*) switch - do not count rx-too-long multiple times on 100Gbps QSFP28;*) switch - fixed egress mirroring for packets coming from external CPU port (e.g. CRS520, CCR2216, CCR2116);*) switch - fixed switch name for hEX Refresh;*) switch - flush CPU port FDB entries on switch disable;*) switch - improve rate limit accuracy for MT7531, MT7621, EN7562CT;*) switch - improved boot stability on devices with Alpine CPU and switch chip;*) switch - improved stability when enabling IGMP snooping with VXLAN (introduced in v7.18);*) switch - properly match IPv6 packets with empty ACL rule on CRS3xx, CRS5xx, CCR2004, CCR2116, CCR2216, RDS devices;*) system - fixed "/system reboot" when the system disk is completely full;*) system - improved internal "flash/" prefix handling for different file path related settings;*) system - improved system stability when sending TCP data from the router;*) system – added new "switch-marvell" and "wifi-mediatek" packages to support upcoming products;*) timezone - updated timezone information from "tzdata2025b" release;*) torch - improved data reporting;*) upgrade - improved free disk space calculation;*) upgrade - improved upgrade procedure reliability;*) vrrp - fixed detection of connection tracking after reboot (introduced in v7.17);*) vxlan -improved system stability when using IPv6 VTEP;*) webfig - allow table column resize over side toolbar;*) webfig - don't reorder rows when selecting header cells with Alt+click;*) webfig - show IPv6 firewall connections;*) webfig - show missing data in "IP/DNS/Cache" records;*) wifi - add channel.reselect-time parameter which allows to perform channel re-selection at given time of day (CLI only);*) wifi - add information on CAP uptime and connection uptime in "Remote CAP" list;*) wifi - added "eap-identity" to registration table;*) wifi - added SSID to logs;*) wifi - display error when trying to run snooper on interface which does not support wireless packet capture (sniffer);*) wifi - fix authentication of clients which omit some RSN information at association;*) wifi - fix incorrect info about current channel for station interfaces after AP has switched channel (introduced in v7.17);*) wifi - fix possible snooper crash when parsing frames with malformed headers;*) wifi - fixed 5GHz chain enumeration on Chateau PRO ax;*) wifi - implement WPA2 PSK authentication with key derivation using SHA256 (CLI only);*) wifi - improve parsing of captured frames which have nested flags in radiotap header;*) wifi - improved stability for wifi interfaces;*) wifi - improved stability when doing SNMP query;*) wifi - improved wifi connection stability when used as a station for "b" mode access point;*) wifi - re-word log entries about disconnections which are likely caused by peer using a wrong passphrase;*) wifi - use at least TLS 1.2 for securing connection between CAPsMAN manager and CAPs;*) wifi-qcom - fix inability of interfaces in station mode to connect if they do not support full bandwidth of AP;*) wifi-qcom - fix OWE authentication for 802.11ac interfaces in station mode;*) winbox - added "MAC Telnet" under "Wifi/Registration" menu;*) winbox - added "Multi Passphrase Group" for wifi;*) winbox - added "Reset MAC address" for legacy wireless and wifi;*) winbox - added comment fields for WiFi "Multi Passphrase Group" menu;*) winbox - added comment under "User Manager/Routers" menu;*) winbox - added country to wireless setup-repeater;*) winbox - added missing "Switch" menu for RDS;*) winbox - added missing file systems for disk formatting;*) winbox - added missing parameters for BTRFS related action functions;*) winbox - added mount-point parameter under "Disk/Settings" menu;*) winbox - added netmask support for switch rule Src/Dst IPv6 Address settings;*) winbox - allow opening BTRFS menu entries;*) winbox - changed default wireless wds-cost-range values;*) winbox - do not show not relevant values for certificate template;*) winbox - fixed "Multi Passphrase Group" setting for wifi;*) winbox - fixed "registry-url" field under "Containers" configuration menu;*) winbox - fixed missing SMB client on non-ROSE devices;*) winbox - fixed several statistics counters not being read only;*) winbox - fixed switch menu for Chateau 5G;*) winbox - fixed time interval type fields precision under "Disks" menu;*) winbox - hide container File/Remote Image fields only when instance added;*) winbox - improve graphing efficiency when communicating with WinBox;*) winbox - make BTRFS "Parent" and "Send Parent" options optional;*) winbox - properly show/hide OSPF, RIP and BGP tabs for IPv6 routes;*) winbox - renamed "raid-member" to "raid member" flag for consistency;*) winbox - show eSIM profiles under eSIM menu without manual refresh;*) wireguard - add wg-import config-string parameter to import config directly from terminal;*) wireguard - update peer info on "get" command;*) wireless - added "eap-identity" to registration table;*) wireless - implement handling of RADIUS disconnect messages by CAPsMAN;*) wireless - suggest all legitimate frequencies for interfaces with 20/40mhz-XX channel width in GUI;*) x86 - added support for Emulex NIC;*) x86 - i40e updated driver to 2.27.8 version;*) x86 - remove unnecessary console output on shutdown;

Comments

0