MikroTik RouterOS 6.40.x (Long-term)
Подробное описание изменений в MikroTik RouterOS 6.40.x (Long-term). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 20 февраля 2018, дата выхода последнего набора изменений – 20 августа 2018.
Полезные материалы по MikroTik
Углубленный курс "Администрирование сетевых устройств MikroTik" Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь
MikroTik RouterOS 6.40.9
Дата выхода: 20 августа 2018
Важные изменения:
- security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159.
Изменения:
- certificate - fixed "add-scep" template existence check when signing certificate;
- defconf - fixed wAP LTE kit default configuration;
- ethernet - improved large packet handling on ARM devices with wireless;
- ethernet - removed obsolete slave flag from "/interface vlan" menu;
- filesystem - fixed NAND memory going into read-only mode;
- hotspot - fixed user authentication when queue from old session is not removed yet;
- interface - fixed interface configuration responsiveness;
- ipsec - fixed policies becoming invalid if added after a disabled policy;
- ldp - properly load LDP configuration;
- ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
- sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
- snmp - added remote CAP count OID for CAPsMAN;
- supout - added "partitions" section to supout file;
- tile - fixed Ethernet interfaces becoming unresponsive;
- tr069-client - fixed unresponsive tr069 service when blackhole route is present;
- userman - fixed compatibility with PayPal TLS 1.2;
- userman - improved unique username generation process when adding batch of users;
- winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
- winbox - allow to specify full URL in SCEP certificate signing process;
- winbox - by default specify keepalive timeout value for tunnel type interfaces;
- winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
- winbox - show "scep-url" for certificates;
- winbox - show "sector-writes" on ARM devices that have such counters;
- winbox - show "sector-writes" on devices that have such counters;
- winbox - show "System/Health" only on boards that have health monitoring;
- wireless - added option to disable PMKID for WPA2;
- wireless - enable all chains by default on devices without external antennas after configuration reset;
- wireless - fixed packet processing after removing wireless interface from CAP settings;
- wireless - improved client "channel-width" detection;
- wireless - improved Nv2 PtMP performance;
- wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
- wireless - updated "united-states" regulatory domain information.
MikroTik RouterOS 6.40.8
Дата выхода: 23 апреля 2018
Важные изменения:
- winbox - fixed vulnerability that allowed to gain access to an unsecured router.
Изменения:
- certificate - fixed incorrect SCEP URL after an upgrade;
- health - fixed empty measurements on CRS328-24P-4S+RM;
- ike2 - use "policy-template-group" parameter when picking proposal as initiator;
- ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
- routerboard - fixed "mode-button" support on hAP lite r2 devices;
- ssh - fixed SSH service becoming unavailable;
- traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
- winbox - show "Switch" menu on cAP ac devices;
- wireless - improved compatibility with BCM chipset devices.
MikroTik RouterOS 6.40.7
Дата выхода: 29 марта 2018
Важные изменения:
- smb - fixed buffer overflow vulnerability, everyone using this feature is urged to upgrade.
Изменения:
- console - do not allow variables that start with digit to be referenced without "$" sign;
- led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
- netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
- romon - make "secret" field sensitive in console;
- tr069-client - fixed TR069 service becoming unavailable when related service package is not installed;
- winbox - fixed "/tool e-mail send" attachment behavior;
- winbox - fixed maximal ID for Traffic Generator stream;
- winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
- winbox - removed "Enable" and "Disable" buttons from IPsec "mode-config" list;
- winbox - show "D" flag under "/ip dhcp-client" menu;
- winbox - use proper graph name for HDD graphs;
- wireless - enable all chains by default on devices without external antennas after configuration reset.
MikroTik RouterOS 6.40.6
Дата выхода: 20 февраля 2018
Изменения:
- btest - fixed TCP test accuracy when low TX/RX rates are used;
- certificate - do not use UTF-8 for SCEP challenge password;
- certificate - fixed PKCS#10 version;
- chr - generate new system ID on first boot;
- crs317 - fixed reliability on FAN controller;
- defconf - fixed DISC Lite5 LED default configuration;
- dhcpv4-server - fixed framed and classless route received from RADIUS server;
- disk - fixed disk detach process;
- dude - fixed e-mail notifications when default port is not used;
- export - fixed "/system routerboard mode-button" compact export;
- filesystem - implemented additional system integrity checks on reboots;
- firewall - limited maximum "address-list-timeout" value to “35w3d13h13m56s”;
- hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
- hotspot - fixed Walled Garden IP functionality when address-list is used;
- ike1 - fixed crash on XAUTH if user does not exist;
- ike1 - fixed memory corruption when IPv6 is used;
- ike1 - improved stability on phase1 rekeying;
- ike2 - added support for multiple split networks;
- ike2 - delay rekeyed peer outbound SA installation;
- ike2 - improve half-open connection handling;
- ike2 - kill connection when peer changes address;
- ike2 - use peer configuration address when available on empty TSi;
- ipsec - fixed incorrect esp proposal key size usage;
- ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
- l2tp - improved reliability on packet processing in FastPath;
- netinstall - improved LTE package description;
- netinstall - properly generate skins folder when branding package is installed;
- ovpn - fixed resource leak on systems with high CPU usage;
- ovpn-server - do not periodically change automatically generated server MAC address;
- ppp - do not disconnect active PPP connection after "idle-timeout";
- ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
- ppp - fixed "change-mss" functionality when MSS is not set on forwarded packets;
- ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
- pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
- quickset - do not automatically change mode to CPE;
- quickset - renamed router IP static DNS name to "router.lan";
- route - fixed DHCP/PPP “add-default-route” “distance” minimal value to 1;
- route - improved reliability on routing table update;
- routerboard - properly report warnings under "/system routerboard" menu;
- scheduler - properly display long scheduler configuration;
- sfp - improved SFP module compatibility;
- sms - fixed minor problem for SMS delivery;
- snmp - added IPv6 addresses support on default "public" community;
- snmp - fixed bulk requests when non-repeaters are used;
- snmp - fixed consecutive OID bulk get from the same table;
- traceroute - fixed "/tool traceroute" results print;
- traffic-flow - do not count single extra packet per each flow;
- webfig - added support for proper default policies when adding script or scheduler job;
- webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
- webfig - fixed bridge port sorting order by name;
- webfig - fixed MAC address ordering;
- webfig - fixed router getting reset to default configuration;
- webfig - fixed column ordering;
- winbox - allow to specify "to-ports" for "action=masquerade";
- wireless - fixed wireless protocol mode restrictions if lockpack is installed and has limits for it;
- wireless - removed unused monitor command from CLI;
- wireless - updated "Australia", "Czech Republic", "UK 5.8 Fixed" and "United Kingdom" regulatory domain information.
Полезные материалы по MikroTik
Углубленный курс "Администрирование сетевых устройств MikroTik" Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь