MikroTik RouterOS 6.44.x (Long-term)

Материал из MikroTik Wiki
Перейти к навигации Перейти к поиску

Подробное описание изменений в MikroTik RouterOS 6.44.x (Long-term). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 4 июля 2019, дата выхода последнего набора изменений – 24 октября 2020.

Чек-лист по настройке MikroTik
Проверьте свою конфигурацию по 28-ми пунктам

MikroTik RouterOS 6.44.6

Дата выхода: 24 октября 2020

Важные изменения:

  • package - accept only packages with original filenames (CVE-2019-3976);
  • package - improved package signature verification (CVE-2019-3977);
  • security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979).

Изменения:

  • capsman - fixed frequency setting requiring multiple frequencies;
  • capsman - fixed newline character missing on some logging messages;
  • ccr - improved packet processing after overloading interface;
  • crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
  • crs328 - adjust fan speed based on SFP and CPU temperature;
  • crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
  • crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
  • export - fixed "bootp-support" parameter export;
  • health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
  • ike2 - fixed policy port selection for responder with natted initiator;
  • ike2 - fixed traffic selector address family selection when using IPv6;
  • interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
  • ipsec - allow inline "passphrase" parameter when importing keys;
  • ipsec - fixed minor spelling mistakes in logs;
  • led - fixed default LED configuration for RBLHG5nD;
  • ospf - fixed opaque LSA type checking in OSPFv2;
  • ospf - fixed possible busy loop condition when accessing OSPF LSAs;
  • ospf - improved "unknown" LSA handling in OSPFv3;
  • profile - added "internet-detect" process classificator;
  • radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
  • sfp - fixed "sfp-rx-power" value for some transceivers;
  • smb - improved stability on x86 and CHR;
  • snmp - fixed encrypted data sequence (introduced in v6.44.5);
  • snmp - improved reliability on SNMP service packet validation;
  • ssh - accept remote forwarding requests with empty hostnames;
  • ssh - fixed carriage return presence in subsequent sessions;
  • ssh - improved remote forwarding handling (introduced in v6.44.3);
  • supout - fixed supout file generation outside of internal storage with insufficient space;
  • switch - fix port isolation for non-CRS series switch chips;
  • system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
  • system - improved system stability for devices with AR9342 SoC;
  • upgrade - fixed "auto-upgrade" to use new style authentication;
  • upnp - fixed XML parsing (FG-VD-19-110);
  • watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
  • winbox - added "auto-erase" parameter to "Tools/SMS" menu;
  • winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
  • winbox - added "revision" parameter to "System/Routerboard" menu;
  • winbox - removed "max-sms" parameter from "Tools/SMS" menu;
  • wireless - fixed basic rate reporting in snooper;
  • wireless - improved 802.11ac stability for all ARM devices with wireless;
  • wireless - improved range selection when distance set to "dynamic";
  • wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN.

MikroTik RouterOS 6.44.5

Дата выхода: 4 июля 2019

Важные изменения:

  • security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
  • security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
  • security - fixed vulnerability CVE-2019-13074.

Изменения:

  • bridge - correctly handle bridge host table;
  • capsman - fixed CAP system upgrading process for MMIPS;
  • capsman - fixed interface-list usage in access list;
  • certificate - removed "set-ca-passphrase" parameter;
  • cloud - properly stop "time-zone-autodetect" after disable;
  • conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
  • defconf - automatically set "installation" parameter for outdoor devices;
  • dhcpv6-client - fixed status update when leaving "bound" state;
  • dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
  • dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
  • discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
  • e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
  • firewall - fixed fragmented packet processing when only RAW firewall is configured;
  • firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
  • gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
  • hotspot - moved "title" HTML tag after "meta" tags;
  • ipv6 - improved system stability when receiving bogus packets;
  • ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
  • rb3011 - improved system stability when receiving bogus packets;
  • rb921 - improved system stability ("/system routerboard upgrade" required);
  • snmp - improved reliability on SNMP service packet validation;
  • ssh - fixed non-interactive multiple command execution;
  • supout - added IPv6 ND section to supout file;
  • supout - added "pwr-line" section to supout file;
  • supout - changed IPv6 pool section to output detailed print;
  • winbox - do not allow setting "dns-lookup-interval" to "0";
  • wireless - improved DFS radar detection when using non-ETSI regulated country;
  • wireless - improved installation mode selection for wireless outdoor equipment;
  • wireless - updated "china" regulatory domain information;
  • www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473).
Чек-лист по настройке MikroTik
Проверьте свою конфигурацию по 28-ми пунктам