Skip to content

RouterOS 7.17beta2 x86

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 28 Sep 00:59
· 22 commits to main since this release
7.17beta2
7719188
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

What's new in 7.17beta2 (2024-Sep-27 10:07):

!) device-mode - after upgrade, mode "advanced" is set by default and traffic-gen, changing active partitions, bootloader and downgrade features will be disabled;
!) webfig - redesigned HTML, styling and functionality;
*) 6to4 - fixed issue where 6to4 relay would not forward traffic unless destination address is set;
*) adlist - improved system stability;
*) adlist - improved logging;
*) adlist - optimized import on system with low disk space;
*) api - fixed REST API serialization of binary data;
*) arm64/x86 - added missing PCI id for mlx4 driver;
*) bridge - add HW offload support for active-backup bonds on 98DXxxxx, 88E6393X, 88E6191X and88E6190 switches;
*) bridge - added interface-list support for VLANs;
*) bridge - disallow duplicate static VLAN entries;
*) bridge - disallow multicast MAC address as admin-mac;
*) bridge - enable faster HW offloading when detect-internet is disabled;
*) bridge - fixed incorrect HW offloaded port state in certain cases on MSTI add;
*) bridge - fixed missing slave flag on port in certain cases;
*) bridge - fixed port monitor with interface-lists;
*) bridge - fixed port move command;
*) bridge - fixed setting bridge MTU to L2MTU value;
*) bridge - fixed unstable MLAG when host moved between bonds too quickly;
*) bridge - ignore disabled interfaces when calculating bridge L2MTU;
*) bridge - improved stability;
*) bridge - removed support for master port config conversion (used before version 6.41);
*) bth - improved stability on system time change;
*) chr/arm64 - fixed kernel crypto use without crypto extensions for RPi CM4;
*) cloud - changed ddns-enabled setting from "no" to "auto" (service is enabled when BTH is enabled);
*) cloud - improved DDNS and VPN state stability;
*) console - added :range command;
*) console - added group-by property for print command;
*) console - added lf/crlf options to :convert transform;
*) console - added password property to "/system/ssh-exec" command;
*) console - added to/from=num option for :convert command;
*) console - allow clearing history for a specific user;
*) console - allow setting width to supout.rif output;
*) console - clear history when removing user;
*) console - disallow autocomplete hints for user without read policy;
*) console - fixed endless loop when closing input prompt;
*) console - force print paging when output does not fit terminal width;
*) console - improved printing output in some menus;
*) console - improved scripting system stability;
*) console - print warning in CLI after enabling protected bootloader;
*) console - removed "chain" names from print parameter list and show all print parameters in "/ipv6/firewall/filter" directory;
*) container - allow import from .tar.gz file;
*) crypto - improve crypto speeds;
*) device-mode - added "basic" mode and renamed "enterprise" to "advanced";
*) device-mode - added bootloader, downgrade and partitions features;
*) device-mode - allow feature and mode update on x86 via power button and reboot/shutdown from AWS;
*) device-mode - fixed feature and mode update on ARM64 Hetzner;
*) device-mode - fixed feature and mode update via power-reset on MIPSBE devices;
*) dhcpv4-client - correctly handle adding/setting emtpy dhcp-options;
*) dhcpv4-client - respect Renewal-Time (58) and Rebinding-Time (59) options;
*) dhcpv4-server - do not remove options set config when DHCP network is changed;
*) dhcpv4/v6-server - added address-list parameter to which address will be added if the lease is bound;
*) dhcpv6-client - added prefix-address-list parameter;
*) dhcpv6-client/server - added support for DHCPv6 reconfigure messages;
*) dhcpv6-server - include all existing prefixes (with lifetime 0) in renew reply and new prefix if RADIUS returns different prefix;
*) discovery - added support for LLDP DCBX;
*) discovery - use LLDP description field to populate platform, version and board-name;
*) disk - allow to configure global and per disk mountpoint template - [slot],[model],[serial],[fw-version],[fs-label],[fs-uuid],[fs] variables supported;
*) disk - improved system stability;
*) disk - read/show exfat filesystem label;
*) disk - remove 32 character slot name limit;
*) disk - show detailed mountpoint users when unable to unmount;
*) disk,nvme - show nvme namespaces if configured more than one on a nvme drive;
*) dns - added option to create named DNS servers that can be used as forward-to servers (CLI only);
*) dns - DoH whitelist support for adlist using static FWD entries;
*) dns - whitelist support for adlist using static FWD entries;
*) ethernet - improved interface stability for RB4011 devices;
*) fetch - fixed certificate check when provided hostname is IP address;
*) fetch - fixed large file (over 4GB) fetch in HTTP/HTTPS mode;
*) file - correctly identify mounted disks;
*) file - improved handling of changes to the file system;
*) file - support files over 4GB size;
*) file - update file size before trying to request content;
*) firewall - added none-dynamic and none-static arguments for IPv6 address-list-timout settings;
*) firewall - added warning log for TCP SYN flood;
*) firewall - fixed "dst-limit" and "limit" mathers when using zero value for burst argument;
*) firewall - removed default mangle passthrough=yes configuration from export;
*) graphing - fixed graphing rule removal;
*) graphing - fixed queue graph storing on disk;
*) health - added cpu-overtemp-check on ARM, ARM64 devices (CLI only);
*) health - hide settings in CLI if there is nothing to show;
*) health - removed board-temperature on RB5009UPr+S+IN device;
*) igmp-proxy - refactored IGMP querier;
*) ike2 - improved performance by balancing multicore CPU usage for key exchange calculation also for initiator;
*) iot - added an option to print out LoRa traffic in CLI (not GUI-only option anymore);
*) iot - added new LoRa traffic FCnt packet counter parameter;
*) iot - bluetooth peripheral device menu now displays correct iBeacon major/minor values;
*) iot - fixed incorrect LoRa joineui filter export behavior;
*) iot - improvements to LoRa device's stats tab;
*) iot - removed crc-disabled and crc-error options from the LoRa forwarding;
*) iot - removed LoRa pause traffic option/setting;
*) iot - removed some LoRa radio related parameters (e.g. RSSI-OFF and Tx-enabled) that were not meant to be changed;
*) ipv6 - added IPv6 settings related to stale IPv6 neighbor cleanup;
*) isis - do not disable fast-path when isis is enabled on an interface;
*) isis - fixed console flags;
*) isis - fixed invalid L2 LSP type;
*) isis - make it work when MTU is larger than 1500;
*) isis - update interface MAC address on change (caused neighbor to stuck in init state);
*) kid-control - use time format according to ISO standard;
*) leds - fixed issue where interface LEDs might not properly disable in some cases;
*) log - added basic validation for "disk-file-name" property;
*) log - use time format according to ISO standard;
*) lte - added option to check/install modem firmware from early-access/testing channel (CLI only);
*) lte - added provider specific firmware update (FOTA) for Cosmote GR networks on Chateau 5G;
*) lte - fixed long "PLMN search in progress" for SXT 3-7;
*) lte - fixed signal info reporting for FG621-EA modem in UMTS network;
*) lte - improved modem FW upgrade for Chateau 5G;
*) lte - improvements to modem "firmware-upgrade" command;
*) lte - modem firmware update (FOTA), added support to install provider specific version;
*) lte - removed trailing "F" symbol from uicc;
*) mac-telnet - use ASCII DEL as erase/backspace char instead of BS (fixes mac-telnet backspace for WinBox4);
*) macvlan - improved error when trying to create new interface on already busy parent interface;
*) macvlan - updated driver;
*) mpls - added fast-path support for VPLS;
*) mpls - added MPLS mangle support;
*) mpls - added support for "ICMP Fragmentation needed";
*) mpls - do no drop LDP peering session on PW deactivation;
*) mpls - do not reconnect VPLS on name or comment changes;
*) netinstall - save and restore device-mode configuration on format;
*) netinstall-cli - added "-o" option to install devices only once per netinstall run;
*) netinstall-cli - fixed x86 detection;
*) ospf - fixed memory corruption;
*) ovpn - added VRF support to OVPN server (server menu now supports multiple entries);
*) ovpn - improved system stability;
*) poe-out - upgraded firmware for PSE (BT) controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) ppp - added support for bridge-port-pvid configuration via ppp profile;
*) ppp - set APN/PDN type "IPv4/v6" according assigned PPP profile protocol setting;
*) pppoe - added support for PPPoE server over 802.1Q VLANs;
*) profiler - classify ppp processing;
*) profiler - improved process classification;
*) profiler - renamed radv process to radvd;
*) ptp - added dynamic switch ACL rules in order to trap PTP packets to CPU instead of forwarding;
*) ptp - added option to configure L2 transport with forwardable and non-forwardable MAC destination;
*) ptp - display warning when none of the PTP ports has a link;
*) ptp - restrict configuring g8275 profile with IPv4 transport;
*) qos-hw - allow to disable/enable profiles, disabled or removed profile gets replaced with the default;
*) qos-hw - enabling PFC on port also requires setting egress-rate-queueN;
*) qos-hw - fixed export when changing default Tx Manager;
*) qos-hw - fixed incorrect port byte-use counter;
*) qos-hw - improved PFC behavior;
*) qos-hw - improved WRED and ECN behavior;
*) qos-hw - rename pfcN-pause and pfcN-resume to pfcN-pause-threshold and pfcN-resume-threshold;
*) qos-hw - switch-cpu port trust settings are forced to "keep";
*) queue - improved system stability when too many simple queues are added;
*) quickset - added "LTE AP" quickset profile with one wifi interface;
*) romon - send uptime in discovery (CLI only);
*) rose-storage - allow to set iscsi-iqn only when type=iscsi and allow nvme-tcp-name only when type=nvme-tcp;
*) rose-storage - do not allow to format exported disks;
*) rose-storage - enable autocomplete for local-path property in "/file/sync" menu;
*) rose-storage - enable more threads for faster RAID sync;
*) rose-storage - ensure unique nvme-tcp-names for nvme-tcp clients;
*) rose-storage - improved error messages;
*) rose-storage - improved system stability;
*) rose-storage,raid - improved stability of degraded arrays on startup;
*) rose-storage,raid - store superblock in 1.2 format, show raid super block info when detected to help with reassembling arrays;
*) route - improved stability;
*) routerboot - fixed boot MAC for MIPSBE CRS3xx and CRS5xx switches ("/system routerboard upgrade" required);
*) rsync - fixed when used over ssh and spaces in directory names;
*) sfp - fixed linking with 1Gbps optical modules with "combo-mode=sfp" configuration for CRS312 device;
*) sfp - improved initialization for certain SFP modules on CRS309 and CRS317 devices;
*) sfp - improved initialization and linking for some SFP modules;
*) sfp - improved power control configuration for QSFP optical modules according to the EEPROM field;
*) sfp - improved SFP auto-negotiation for L22, L23 devices;
*) smb - stability improvements for client/server;
*) socks - fixed comment property for access configuration;
*) ssl/tls - improved performance;
*) sstp - added pfs=required option to allow only ECDHE during TLS handshake;
*) supout - print non BGP and OSFP routes if route list is too large;
*) supout - reduce minimal RAM required for export to be included;
*) supout - use separate LTE section;
*) switch - added "all" argument for "new-dst-ports" switch rule property for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
*) switch - added IPv6 flow label matching in switch rules for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
*) switch - allow bond interfaces in switch rules for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
*) switch - allow matching network bitmask for IPv4 and IPv6 dst/src-address properties in switch rule;
*) switch - disallow switch-cpu in "ports" and "new-dst-ports" rule properties for CRS3xx, CRS5xx, CCR2116, CCR2216 and RB5009 devices;
*) switch - fixed L2MTU for 25Gbps ports;
*) switch - fixed RSPAN error message when using mirror-target=cpu;
*) switch - fixed rule disable in certain cases for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) switch - fixed wrong MAC learning when port learning is disabled for 88E6393X, 88E6191X and 88E6190 switch chips;
*) switch - force "mac-protocol" when matching IPv4 or IPv6 specific properties;
*) switch - improved CPU performance for CRS328-24P-4S+ switch;
*) switch - make switch rule "ports" property not required and unsettable (allows matching packets on all switch ports);
*) switch - updated dynamic switch rules when using HW bridge with IGMP snooping (224.0.0.0/24 and ff02::/16 destination addresses are forwarded and copied to CPU);
*) system - make ICMP error source address selection configurable (icmp-errors-use-inbound-interface-address parameter in ip settings);
*) system - make TCP timestamp handling configurable (tcp-timestamps parameter in ip settings);
*) upnp - rename service description file from gateway_description.xml back to gateway.xml;
*) user-manager - improved stability;
*) vrf - fixed packet handling with enabled queues;
*) webfig - added search option for settings;
*) webfig - fixed uploading files with Windows style newlines;
*) webfig - hide inherited wifi password;
*) webfig - improved keyboard navigation;
*) webfig - reduce flickering when table is sorted by column with duplicate values;
*) webfig - Skin Designer moved to centralized page;
*) webfig - status page is deprecated, old status page config will work, but can't be updated or created;
*) webfig - support unicode strings;
*) wifi - added a debug log entry when switching channel;
*) wifi - added ability to set security.owe-transition-interface to "auto";
*) wifi - added access-list stats (CLI only);
*) wifi - added configuration.installation property to limit use of indoor-only channels;
*) wifi - added debug log messages on station authentication mismatch;
*) wifi - added last-activity property in registration table;
*) wifi - added multi-passphrase (PPSK) support (CLI only);
*) wifi - added option to reset MAC address (CLI only);
*) wifi - added station-roaming support;
*) wifi - allow IPv6 LL address in caps-man-addresses;
*) wifi - disabled 802.11h on 2.4GHz station;
*) wifi - fixed failure to resume operation after DFS non-occupancy period has elapsed;
*) wifi - fixed the "no available channels" message still being displayed after a setting change has made some channels available;
*) wifi - indicate radios' ability to perform a channel switch in their "hw-caps" attribute;
*) wifi - indicate which channels are subject to DFS, or are indoor-only in output of "monitor" command;
*) wifi - re-word the "SA Query timeout" log message to "not responding";
*) wifi - show authentication type and wireless standard used by each client in registration table;
*) wifi - show regulatory limits on maximum bandwidth in output of radio/reg-info command;
*) wifi - when operating in station mode, log more information when AP switches to an unsupported channel;
*) wifi-qcom - added Superchannel country profile;
*) wifi-qcom-ac - allow use of channel 144 under "Japan" regulatory domain;
*) winbox - added "Scan" and "Test Disks" features under "System/Disks" menu;
*) winbox - added MAC address support for "Group" property under "Bridge/MDB" menu;
*) winbox - added missing properties under "IP/Neighbors" menu;
*) winbox - fixed duplicate timezone names;
*) winbox - fixed typo in "System/Reset Configuration" menu;
*) winbox - minimal required version is v3.41;
*) wireguard - do not initiate handshake when peer is configured as responder;
*) wireless - added option to reset MAC address (CLI only);
*) wireless - added vlan-id to registration-table;
*) wireless - allow to set Canada2 country profile when locked with US lock package for CubeG device;
*) wireless - fixed antenna gain for SXT5ac device;
*) wireless - preserve configured country while using setup-repeater, added "country" argument (CLI only);
*) zerotier - added debug logging;
*) zerotier - do not show default settings in export;
*) zerotier - upgraded to version 1.14.0;

Assets 16
Loading