Изменения в RouterOS:Release 6.46.x

Материал из MikroTik Wiki
Перейти к навигации Перейти к поиску

Изменения в MikroTik RouterOS 6.46 (2019-Dec-02 11:16)

ВАЖНЫЕ ИЗМЕНЕНИЯ В v6.46:


!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);


Изменения:

  • backup - fixed automatic backup file generation when configuration reset by button;
  • backup - store automatically created backup file in "flash" directory;
  • bonding - correctly remove HW offloaded bonding with ARP monitoring;
  • bonding - properly handle MAC addresses when bonding WLAN interfaces;
  • bridge - disable/enable bridge port when setting bpdu-guard;
  • bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
  • bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
  • bridge - include whole VLAN-id in DHCP Option 82 message;
  • btest - removed duplicate "duration" parameter;
  • capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
  • capsman - fixed channel auto reselection;
  • capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
  • capsman - improved DFS channel switching when radar detected;
  • capsman - improved radar detection algorithm;
  • ccr - improved general system stability;
  • certificate - added progress bar when creating certificate request;
  • certificate - added support for certificate request signing with EC keys;
  • certificate - allow specifying "file-name" parameter for export (CLI only);
  • certificate - allow specifying "name" parameter for import (CLI only);
  • certificate - improved CRL updating process;
  • certificate - removed "key-size" parameter for "create-certificate-request" command;
  • chr - added support for Azure guest agent;
  • console - added bitwise operator support for "ip6" data type;
  • console - fixed "address" column width when printing DHCPv4 leases;
  • console - fixed IP conversion to "num" data type;
  • console - fixed "tobool" conversion;
  • console - properly detect IPv6 address as "ip6" data type;
  • crs1xx/2xx - allow to set trunk port as mirroring target;
  • crs3xx - correctly handle L2MTU change;
  • crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
  • crs3xx - improved interface initialization;
  • crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
  • crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
  • crs3xx - remove previously set mirror-source property before changing it;
  • defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
  • defconf - require "policy" permission to print default configuration;
  • dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
  • dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
  • dhcpv4-server - improved stability when RADIUS Interim update is sent;
  • dhcpv6-client - fixed timeout when doing rebind;
  • dhcpv6-client - properly update bind time when unused prefix received from the server;
  • dhcpv6-client - properly update IPv6 address on rebind;
  • dhcpv6-server - fixed logged error message when using "address-pool=static-only";
  • dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
  • dhcpv6-server - include "User-Name" parameter in accounting requests;
  • dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
  • dot1x - added "reject-vlan-id" server parameter (CLI only);
  • dot1x - added support for dynamic switch rules from RADIUS;
  • dot1x - added support for "mac-auth" authentication type (CLI only);
  • ethernet - automatically detect interface when using IP address for power-cycle-ping;
  • ethernet - do not enable interface after reboot that is already disabled;
  • ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
  • export - always export "ssid" value for w60g interfaces;
  • fetch - do not allocate extra 500KiB on SMIPS;
  • fetch - improved stability when processing large output data;
  • gps - use "serial1" as default port on RBLtAP-2HnD;
  • hotspot - fixed non-local NAT redirection to port TCP/64873;
  • hotspot - fixed RADIUS CoA "address-list" update;
  • ike1 - fixed minor spelling mistake in logs;
  • ike2 - improved CHILD SA rekey process with Apple iOS 13;
  • ike2 - improved stability when retransmitting first packet as responder;
  • ipsec - added "error" topic for identity check failure logging messages;
  • ipsec - fixed DNS resolving when domain has only AAAA entries;
  • ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
  • ipv6 - changed "advertise-dns" default value to "yes";
  • led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
  • log - increased log message length limit to 1024 characters;
  • lte - added support for D402 modem;
  • lte - added support for LM960A18;
  • lte - added support for Telit LM960 and LE910C1 modems;
  • lte - do not allow setting 3G and GSM modes on LTE only modems;
  • lte - fixed band setting on R11e-4G;
  • lte - fixed network registration on R11e-LTE-US;
  • lte - fixed Sierra WP7601 driver loading;
  • lte - fix "operator" names not being displayed properly;
  • lte - improved modem initialization;
  • lte - show "primary-band" only for LTE modems;
  • lte - use /128 prefix for IPv6 address on LTE interface;
  • lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
  • ppp - added 3GPP IoT "access-technology" definitions;
  • ppp - added support for Sierra WP7601;
  • ppp - disable DTR send when using at-chat;
  • quickset - added "LTE AP Dual" mode support;
  • quickset - added "LTE APN" dropdown support;
  • quickset - fixed "LTE Band" checkbox display;
  • route - fixed area range summary route installation in VRF;
  • routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
  • routerboard - fixed USB configuration export on RBLtAP-2HnD;
  • routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
  • sniffer - allow filtering by packet size;
  • snmp - added "disabled" and "comment" parameters for communities;
  • snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
  • snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
  • snmp - fixed "ifLastChange" OID reporting for IF-MIB;
  • snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
  • snmp - improved interface status reporting for IfOperStatus OID;
  • snmp - improved LLDP interface returned index and type;
  • snmp - return only interfaces with MAC addresses for LLDP;
  • snmp - use "src-address" also for traps;
  • ssh - fixed output printing when "command" parameter used;
  • supout - include information from all LTE interfaces;
  • supout - removed "file" option from "/system sup-output" command;
  • switch - added "comment" property for switch vlan menu (CLI only);
  • switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
  • switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
  • switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
  • timezone - updated time zone database to version 2019c;
  • tr069-client - added CellDiagnostics parameter support;
  • tr069-client - added LTE band and cellular technology selection parameters;
  • tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
  • tr069-client - added multiple LTE monitoring parameters;
  • tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
  • upgrade - improved auto package updating using "check-for-updates";
  • ups - improved compatibility with APC UPS's;
  • usb - general USB modem stability improvements;
  • userman - updated Authorize.Net to use SHA512 hashing;
  • w60g - added "region" setting to limit allowed frequencies (CLI only);
  • w60g - do not reset link when changing comment on station;
  • w60g - fixed "monitor" command on disabled interfaces;
  • w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
  • webfig - fixed link to Winbox download;
  • winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
  • winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
  • winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
  • winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
  • winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
  • winbox - added wireless alignment LED types to "System/LEDs" menu;
  • winbox - fixed allowed range for bridge filter "new-priority" parameter;
  • winbox - fixed "CAPs Scanner" stopping;
  • winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
  • winbox - fixed file locking when uploading multiple files at once;
  • winbox - fixed firewall limit parameter support for rates more than 4G;
  • winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
  • winbox - fixed "Routing" menu icon presence when there is no routing package installed;
  • winbox - improved stability when transfering multiple files between multiple windows;
  • winbox - properly show timestamp in file "Creation Time" field;
  • winbox - removed "Set CA Passphrase" button from "Certificate" menu;
  • winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
  • winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
  • winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
  • winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
  • wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
  • wireless - added "ETSI" regulatory domain information;
  • wireless - added "indonesia4" regulatory domain information;
  • wireless - added "push-button-5s" value for "wps-mode" parameter;
  • wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
  • wireless - allow using "canada2" regulatory domain on US lock devices;
  • wireless - fixed 802.11n rate selection when managed by CAPsMAN;
  • wireless - fixed RX chain selection;
  • wireless - fixed sensor MAC address reporting in TZSP header;
  • wireless - improved 802.11ac stability for all ARM devices with wireless;
  • wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
  • wireless - updated "ukraine" regulatory domain information;
  • wireless - updated "united-states" regulatory domain information;

Изменения в MikroTik RouterOS 6.46.1 (2019-Dec-13 12:44)

  • capsman - fixed CAP upgrading (introduced in v6.46);
  • console - fixed "clear-history" restoring historic actions after power cycle;
  • console - removed "edit" and "set" actions from "System/History" menu;
  • defconf - fixed default configuration loading after fresh install (introduced in v6.46);
  • dhcpv6-server - use lease time from RADIUS;
  • dude - fixed image and font file accessing (introduced in v6.46);
  • gps - only adjust system time after GPS signal is established;
  • health - fixed health reporting on OmniTIK 5 PoE ac;
  • ipsec - improved system stability when processing decrypted packet on unregistered interface;
  • l2tp - improved system stability when disconnecting many clients at once;
  • log - fixed "disk-file-name" parameter validation (introduced in v6.46);
  • lora - added support for MIPSBE, PPC, TILE and x86 architectures;
  • lora - improved confirmed downlink forwarding;
  • lte - do not reset modem when setting the same SIM slot on LtAP;
  • lte - show SIM error when no card is present;
  • ppp - fixed session establishment with high amount of tunnels (introduced in v6.46);
  • ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
  • qsfp - do not show "sfp-wavelength" for cables that do not support it;
  • snmp - fixed health related OID polling (introduced in v6.46);
  • supout - fixed autosupout.rif file generation (introduced in v6.46);
  • system - fixed "*.auto.rsc" file execution (introduced in v6.46);
  • user-manager - fixed "db-path" parameter validation (introduced in v6.46);
  • webfig - fixed skin folder presence (introduced in v6.46);
  • winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
  • winbox - show "LCD" menu only on boards that have LCD screen;
  • wireless - added "russia4" regulatory domain information;
  • wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
  • wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;

Изменения в MikroTik RouterOS 6.46.2 (2020-Jan-14 07:17)

  • chr - improved stability when changing ARP modes on e1000 type adapters;
  • console - prevent "flash" directory from being removed (introduced in v6.46);
  • console - updated copyright notice;
  • crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
  • defconf - fixed "caps-mode" not initialized properly after resetting;
  • defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
  • lora - fixed packet sending when using "antenna-gain" higher than 5dB;
  • lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
  • lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
  • lte - report only valid info parameters on R11e-LTE6;
  • ppp - fixed minor typo in "ppp-client" monitor;
  • qsfp - do not report bogus monitoring readouts on modules without DDMI support;
  • qsfp - improved module monitoring readouts for DAC and break-out cables;
  • routerboard - added "mode-button" support for RBcAP2nD;
  • security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
  • system - fixed "*.auto.rsc" file execution (introduced in v6.46);
  • system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
  • traffic-generator - improved memory handling on CHR;
  • webfig - allow skin designing without "ftp" and "sensitive" policies;
  • webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
  • winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
  • winbox - fixed "Default Route Distance" default value when creating new LTE APN;
  • winbox - removed duplicate "join-eui" and "dev-eui" parameters under "Lora/Traffic";

Изменения в MikroTik RouterOS 6.46.3 (2020-Jan-28 10:46)

  • hotspot - fixed redirect to log in page (introduced in v6.45);
  • lora - added "ru-864-mid" channel plan;
  • lora - improved immediate packet delivery;
  • lte - added GPS port support for Quectel EP06 modem;
  • lte - added "psc" (Primary Scrambling Code) parameter for "cell-monitor" function on R11e-LTE6 and R11e-LTE;
  • lte - do not show invalid "phy-cellid" when it is not yet received on "R11e-LTE";
  • lte - do not show unrelated info parameters after network mode failover;
  • port - fixed multiple identical USB serial device detection (introduced in v6.46);
  • ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
  • snmp - fixed "ifOperStatus" reporting for combo ports;
  • winbox - removed duplicate "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";

Изменения в MikroTik RouterOS 6.46.4 (2020-Feb-21 11:26)


ВАЖНОЕ примечание!!!
- The Dude server must be updated to monitor 6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- To get RouterOS data from the devices, The Dude now requires RouterOS to be 6.46.4 or v6.47beta30+.

Изменения:

  • arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
  • branding - allow forcing configuration script as default configuration (new branding packet required);
  • branding - fixed "company-url" and "router-default-name" survival after system upgrade;
  • branding - fixed WEB HTML page survival after system upgrade;
  • certificate - fixed certificate verification when flushing CRL's;
  • chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
  • console - fixed script with "dont-require-permissions=yes" execution without sufficient permissions;
  • crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
  • defconf - added welcome note with common first steps for new users;
  • dude - updated The Dude to use new style authentication method;
  • health - fixed maximum SFP temperature reading under '/system health' menu;
  • ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
  • lte - added interface name prefix for logging events;
  • lte - added "phy-cellid" value support for R11e-LTE-US;
  • lte - do not allow using empty APN Profile names;
  • lte - improved all APN session activation after disconnect on R11e-LTE;
  • lte - use APN from network when blank APN used on R11e-4G;
  • snmp - fixed "routeros-version" value returning from registration table;
  • snmp - fixed UPS battery voltage value scaling;
  • ssh - added support for RSA keys with SHA256 hash (RFC8332);
  • system - improved system stability when receiving/sending TCP traffic on multicore devices;
  • telnet - improved telnet compatibility with other client implementations;
  • user-manager - fixed signup enabling (introduced in v6.46);
  • webfig - added default configuration confirmation window to WebFig;
  • webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
  • winbox - completely removed old style authentication method;
  • winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
  • wireless - improved compatibility for "ETSI" wireless country profile;

Изменения в MikroTik RouterOS 6.46.5 (2020-Apr-07 08:28)


ВАЖНЫЕ замечания!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.

MAJOR CHANGES IN v6.46.5:



!) user - enable "winbox" policy for groups with "dude" policy;



Changes in this release:

  • capsman - fixed "certificate" parameter updating on CAP;
  • console - prevent incorrect type interfaces appearing in command hints;
  • crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
  • crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
  • crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
  • discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
  • dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
  • ike1 - rekey phase 1 rekeying as responder for Windows initiators;
  • ipsec - improved system stability when handling fragmented packets;
  • led - added "dark-mode" functionality for CRS105-5S-FB;
  • lora - added IPv6 support for LoRa packet forwarder;
  • lora - added UTC timestamp for RX events in "rxpk" json;
  • lora - added value limits for "freq-off" parameter;
  • lora - properly update source address for packets when routing table is changed;
  • lte - fixed IP type selection from APN on RBSXTLTE3-7;
  • sniffer - fixed minor typo in "host" menu;
  • supout - added "gps" section to supout files;
  • supout - improved PoE-out information reporting;
  • system - improved kernel panic reporting in logs after reboot;
  • system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
  • traceroute - improved stability when invalid packet is received;
  • traffic-generator - improved statistics reporting;
  • w60g - improved stability after multiple disconnections;
  • winbox - added "Options" parameter support for DHCPv6 client and server;
  • winbox - added 160Mhz extension channel support for CAPsMAN;
  • winbox - added support for "Tools->WoL" menu;
  • winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
  • winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
  • winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
  • winbox - fixed "Bands" parameter display for LTE interfaces;
  • winbox - fixed "DSCP" parameter value setting;
  • winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
  • winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
  • winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
  • winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
  • winbox - fixed automatic "IPv6->Firewall->Address List" table update;
  • winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
  • winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
  • winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
  • winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
  • wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
  • wireless - added "skip-dfs-channels" parameter;
  • wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
  • wireless - updated "bangladesh" regulatory domain information;
  • wireless - updated "indonesia4" regulatory domain information;

Изменения в MikroTik RouterOS 6.46.6 (2020-Apr-27 10:32)

ВАЖНЫЕ примечания!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.

Changes in this release:

  • crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
  • defconf - fixed default IP address assigning on non-paired 60 GHz devices;
  • lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
  • lte - fixed "band" value setting when configuration is reset on R11e-4G;
  • snmp - fixed "ifSpeed" reporting for tunnel interfaces;
  • snmp - fixed multiple LTE interface OID reporting;
  • ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
  • winbox - fixed memory leak (introduced in v6.46.4);
  • winbox - increased limit of multi-entry fields to 100;
  • wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
  • wireless - improved system stability on hAP ac^2;
  • wireless - updated "south africa" regulatory domain information;