MikroTik RouterOS 6.44.x (Long-term)
Подробное описание изменений в MikroTik RouterOS 6.44.x (Long-term). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 4 июля 2019, дата выхода последнего набора изменений – 24 октября 2020.
Полезные материалы по MikroTik
Углубленный курс "Администрирование сетевых устройств MikroTik" Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь
MikroTik RouterOS 6.44.6
Дата выхода: 24 октября 2020
Важные изменения:
- package - accept only packages with original filenames (CVE-2019-3976);
- package - improved package signature verification (CVE-2019-3977);
- security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979).
Изменения:
- capsman - fixed frequency setting requiring multiple frequencies;
- capsman - fixed newline character missing on some logging messages;
- ccr - improved packet processing after overloading interface;
- crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
- crs328 - adjust fan speed based on SFP and CPU temperature;
- crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
- crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
- export - fixed "bootp-support" parameter export;
- health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
- ike2 - fixed policy port selection for responder with natted initiator;
- ike2 - fixed traffic selector address family selection when using IPv6;
- interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
- ipsec - allow inline "passphrase" parameter when importing keys;
- ipsec - fixed minor spelling mistakes in logs;
- led - fixed default LED configuration for RBLHG5nD;
- ospf - fixed opaque LSA type checking in OSPFv2;
- ospf - fixed possible busy loop condition when accessing OSPF LSAs;
- ospf - improved "unknown" LSA handling in OSPFv3;
- profile - added "internet-detect" process classificator;
- radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
- sfp - fixed "sfp-rx-power" value for some transceivers;
- smb - improved stability on x86 and CHR;
- snmp - fixed encrypted data sequence (introduced in v6.44.5);
- snmp - improved reliability on SNMP service packet validation;
- ssh - accept remote forwarding requests with empty hostnames;
- ssh - fixed carriage return presence in subsequent sessions;
- ssh - improved remote forwarding handling (introduced in v6.44.3);
- supout - fixed supout file generation outside of internal storage with insufficient space;
- switch - fix port isolation for non-CRS series switch chips;
- system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
- system - improved system stability for devices with AR9342 SoC;
- upgrade - fixed "auto-upgrade" to use new style authentication;
- upnp - fixed XML parsing (FG-VD-19-110);
- watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
- winbox - added "auto-erase" parameter to "Tools/SMS" menu;
- winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
- winbox - added "revision" parameter to "System/Routerboard" menu;
- winbox - removed "max-sms" parameter from "Tools/SMS" menu;
- wireless - fixed basic rate reporting in snooper;
- wireless - improved 802.11ac stability for all ARM devices with wireless;
- wireless - improved range selection when distance set to "dynamic";
- wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN.
MikroTik RouterOS 6.44.5
Дата выхода: 4 июля 2019
Важные изменения:
- security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
- security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
- security - fixed vulnerability CVE-2019-13074.
Изменения:
- bridge - correctly handle bridge host table;
- capsman - fixed CAP system upgrading process for MMIPS;
- capsman - fixed interface-list usage in access list;
- certificate - removed "set-ca-passphrase" parameter;
- cloud - properly stop "time-zone-autodetect" after disable;
- conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
- defconf - automatically set "installation" parameter for outdoor devices;
- dhcpv6-client - fixed status update when leaving "bound" state;
- dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
- dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
- discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
- e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
- firewall - fixed fragmented packet processing when only RAW firewall is configured;
- firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
- gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
- hotspot - moved "title" HTML tag after "meta" tags;
- ipv6 - improved system stability when receiving bogus packets;
- ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
- rb3011 - improved system stability when receiving bogus packets;
- rb921 - improved system stability ("/system routerboard upgrade" required);
- snmp - improved reliability on SNMP service packet validation;
- ssh - fixed non-interactive multiple command execution;
- supout - added IPv6 ND section to supout file;
- supout - added "pwr-line" section to supout file;
- supout - changed IPv6 pool section to output detailed print;
- winbox - do not allow setting "dns-lookup-interval" to "0";
- wireless - improved DFS radar detection when using non-ETSI regulated country;
- wireless - improved installation mode selection for wireless outdoor equipment;
- wireless - updated "china" regulatory domain information;
- www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473).
Полезные материалы по MikroTik
Углубленный курс "Администрирование сетевых устройств MikroTik" Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь