MikroTik RouterOS 6.45.x (Stable)
Подробное описание изменений в MikroTik RouterOS 6.45.x (Stable). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 21 июня 2019, дата выхода последнего набора изменений – 24 октября 2019.
Полезные материалы по MikroTik
Углубленный курс "Администрирование сетевых устройств MikroTik" Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь
MikroTik RouterOS 6.45.7
Дата выхода: 24 октября 2019
Важные изменения:
- lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
- package - accept only packages with original filenames (CVE-2019-3976);
- package - improved package signature verification (CVE-2019-3977);
- security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
Изменения:
- capsman - fixed frequency setting requiring multiple frequencies;
- capsman - fixed newline character missing on some logging messages;
- conntrack - properly start manually enabled connection tracking;
- crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
- crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
- crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
- export - fixed "bootp-support" parameter export;
- ike2 - fixed phase 1 rekeying (introduced in v6.45);
- led - fixed default LED configuration for RBLHG5nD;
- lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
- radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
- sfp - fixed "sfp-rx-power" value for some transceivers;
- snmp - improved reliability on SNMP service packet validation;
- system - improved system stability for devices with AR9342 SoC;
- winbox - show SFP tab for QSFP interfaces;
- wireless - added "canada2" regulatory domain information;
- wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN.
MikroTik RouterOS 6.45.6
Дата выхода: 10 сентября 2019
Важные примечания:
- Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
- Old API authentication method will also no longer work, see documentation for new login procedure: https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
Изменения:
- capsman - fixed regulatory domain information checking when doing background scan;
- conntrack - improved system stability when using h323 helper (introduced in v6.45);
- crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
- qsfp - clear SFP monitoring data on port enable;
- qsfp - correctly display SFP monitoring data;
- qsfp - fixed EEPROM checksum validation;
- qsfp - show more QSFP module diagnostics;
- wireless - include last frequency when manually setting frequency step in "scan-list".
MikroTik RouterOS 6.45.5
Дата выхода: 26 августа 2019
Важные примечания:
- Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
- Old API authentication method will also no longer work, see documentation for new login procedure:https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
Изменения:
- crs328 - adjust fan speed based on SFP and CPU temperature;
- dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
- health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
- ike2 - don't release policy on rekey when child not found;
- ike2 - fixed ID validation with multiple SAN;
- ike2 - fixed policy port selection for responder with natted initiator;
- ike2 - fixed traffic selector address family selection when using IPv6;
- ike2 - improved rekeying process with Windows initiators;
- ike2 - properly start all initiators to the same remote address;
- ipsec - allow inline "passphrase" parameter when importing keys;
- ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
- ipsec - fixed minor spelling mistakes in logs;
- lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
- lte - fixed LTE interface disappearing on RBSXTLTE3-7;
- smb - improved stability on x86 and CHR (CVE-2019-16160);
- snmp - fixed encrypted data sequence (introduced in v6.44.5);
- ssh - fixed carriage return presence in subsequent sessions;
- switch - fix port isolation for non-CRS series switch chips;
- system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
- upnp - fixed XML parsing (FG-VD-19-110);
- watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
- winbox - added "auto-erase" parameter to "Tools/SMS" menu;
- winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
- winbox - added "revision" parameter to "System/Routerboard" menu;
- winbox - removed "max-sms" parameter from "Tools/SMS" menu;
- wireless - fixed basic rate reporting in snooper.
MikroTik RouterOS 6.45.4
Дата выхода: 13 августа 2019
Релиз только для внутреннего использования компанией MikroTik.
MikroTik RouterOS 6.45.3
Дата выхода: 29 июля 2019
Важные примечания:
- Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
- Old API authentication method will also no longer work, see documentation for new login procedure: https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
Изменения:
- certificate - renew certificates via SCEP when 3/4 of lifetime reached;
- crs317 - fixed multicast packet receiving (introduced in v6.45);
- hotspot - fixed default profile values not being used (introduced in v6.45);
- rb4011 - fixed SFP+ interface linking (introduced in v6.45.2);
- smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
- supout - fixed SIM slot printing (introduced in v6.45);
- wireless - improved U-APSD (WMM Power Save) support for 802.11e.
MikroTik RouterOS 6.45.2
Дата выхода: 17 июля 2019
Важные примечания:
- Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
- Old API authentication method will also no longer work, see documentation for new login procedure: https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
Изменения:
- bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
- cloud - properly stop "time-zone-autodetect" after disable;
- interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
- ipsec - added "connection-mark" parameter for mode-config initiator;
- ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
- ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
- ipsec - improved stability for peer initialization (introduced in v6.45);
- ipsec - show warning for policies with "unknown" peer;
- ospf - fixed possible busy loop condition when accessing OSPF LSAs;
- profile - added "internet-detect" process classificator;
- radius - fixed "User-Password" encoding (introduced in v6.45);
- ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
- ssh - fixed executed command output printing (introduced in v6.45);
- supout - fixed supout file generation outside of internal storage with insufficient space;
- upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
- vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
- wireless - improved 802.11ac stability for all ARM devices with wireless;
- wireless - improved range selection when distance set to "dynamic".
MikroTik RouterOS 6.45.1
Дата выхода: 27 июня 2019
Важные примечания:
- Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
- Old API authentication method will also no longer work, see documentation for new login procedure: https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
Важные изменения:
- dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
- ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
- security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
- security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
- security - fixed vulnerability CVE-2019-13074;
- user - removed insecure password storage.
Изменения:
- bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
- bridge - correctly handle bridge host table;
- bridge - fixed log message when hardware offloading is being enabled;
- bridge - improved stability when receiving traffic over USB modem with bridge firewall enabled;
- capsman - fixed CAP system upgrading process for MMIPS;
- capsman - fixed interface-list usage in access list;
- ccr - improved packet processing after overloading interface;
- certificate - added "key-type" field;
- certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
- certificate - fixed self signed CA certificate handling by SCEP client;
- certificate - made RAM the default CRL storage location;
- certificate - removed DSA (D) flag;
- certificate - removed "set-ca-passphrase" parameter;
- chr - legacy adapters require "disable-running-check=yes" to be set;
- cloud - added "replace" parameter for backup "upload-file" command;
- conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
- conntrack - significant stability and performance improvements;
- crs317 - fixed known multicast flooding to the CPU;
- crs3xx - added ethernet tx-drop counter;
- crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
- crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
- crs3xx - fixed "tx-drop" counter;
- crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
- defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
- defconf - automatically set "installation" parameter for outdoor devices;
- defconf - changed default configuration type to AP for cAP series devices;
- defconf - fixed channel width selection for RU locked devices;
- dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
- dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
- dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
- dhcpv4-server - added "client-mac-limit" parameter;
- dhcpv4-server - added IP conflict logging;
- dhcpv4-server - added RADIUS accounting support with queue based statistics;
- dhcpv4-server - added "vendor-class-id" matcher (CLI only);
- dhcpv4-server - improved stability when performing "check-status" command;
- dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
- dhcpv6-client - added option to disable rapid-commit;
- dhcpv6-client - fixed status update when leaving "bound" state;
- dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
- dhcpv6-server - added "address-list" support for bindings;
- dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
- dhcpv6-server - added RADIUS accounting support with queue based statistics;
- dhcpv6-server - added "route-distance" parameter;
- dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
- dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
- discovery - correctly create neighbors from VLAN tagged discovery messages;
- discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
- discovery - improved neighbour's MAC address detection;
- discovery - limit max neighbour count per interface based on total RAM memory;
- discovery - show neighbors on actual mesh ports;
- e-mail - include "message-id" identification field in e-mail header;
- e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
- ethernet - added support for 25Gbps and 40Gbps rates;
- ethernet - fixed running (R) flag not present on x86 interfaces and CHR legacy adapters;
- ethernet - increased loop warning threshold to 5 packets per second;
- fetch - added SFTP support;
- fetch - improved user policy lookup;
- firewall - fixed fragmented packet processing when only RAW firewall is configured;
- firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
- gps - fixed missing minus close to zero coordinates in dd format;
- gps - make sure "direction" parameter is upper case;
- gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
- gps - use "serial0" as default port on LtAP mini;
- hotspot - added "interface-mac" variable to HTML pages;
- hotspot - moved "title" HTML tag after "meta" tags;
- ike1 - adjusted debug packet logging topics;
- ike2 - added support for ECDSA certificate authentication (rfc4754);
- ike2 - added support for IKE SA rekeying for initiator;
- ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
- ike2 - improved certificate verification when multiple CA certificates received from responder;
- ike2 - improved child SA rekeying process;
- ike2 - improved XAuth identity conversion on upgrade;
- ike2 - prefer SAN instead of DN from certificate for ID payload;
- ippool - improved logging for IPv6 Pool when prefix is already in use;
- ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
- ipsec - added "ph2-total" counter to "active-peers" menu;
- ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
- ipsec - added traffic statistics to "active-peers" menu;
- ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
- ipsec - do not allow adding identity to a dynamic peer;
- ipsec - fixed policies becoming invalid after changing priority;
- ipsec - general improvements in policy handling;
- ipsec - properly drop already established tunnel when address change detected;
- ipsec - renamed "remote-peers" to "active-peers";
- ipsec - renamed "rsa-signature" authentication method to "digital-signature";
- ipsec - replaced policy SA address parameters with peer setting;
- ipsec - use tunnel name for dynamic IPsec peer name;
- ipv6 - improved system stability when receiving bogus packets;
- ltap - renamed SIM slots "up" and "down" to "2" and "3";
- lte - added initial support for Vodafone R216-Z;
- lte - added passthrough interface subnet selection;
- lte - added support for manual operator selection;
- lte - allow setting empty APN;
- lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
- lte - do not show error message for info commands that are not supported;
- lte - fixed session reactivation on R11e-LTE in UMTS mode;
- lte - improved firmware upgrade process;
- lte - improved "info" command query;
- lte - improved R11e-4G modem operation;
- lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
- lte - show alphanumeric value for operator info;
- lte - show correct firmware revision after firmware upgrade;
- lte - use default APN name "internet" when not provided;
- lte - use secondary DNS for DNS server configuration;
- m33g - added support for additional Serial Console port on GPIO headers;
- ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
- ospf - fixed opaque LSA type checking in OSPFv2;
- ospf - improved "unknown" LSA handling in OSPFv3;
- ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
- ppp - added initial support for Quectel BG96;
- proxy - increased minimal free RAM that can not be used for proxy services;
- rb3011 - improved system stability when receiving bogus packets;
- rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
- rb921 - improved system stability ("/system routerboard upgrade" required);
- routerboard - renamed 'sim' menu to 'modem';
- sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
- sms - added USSD message functionality under "/tool sms" (CLI only);
- sms - allow specifying multiple "allowed-number" values;
- sms - improved delivery report logging;
- snmp - added "dot1dStpPortTable" OID;
- snmp - added OID for neighbor "interface";
- snmp - added "write-access" column to community print;
- snmp - allow setting interface "adminStatus";
- snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
- snmp - fixed "send-trap" with multiple "trap-targets";
- snmp - improved reliability on SNMP service packet validation;
- snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
- ssh - accept remote forwarding requests with empty hostnames;
- ssh - added new "ssh-exec" command for non-interactive command execution;
- ssh - fixed non-interactive multiple command execution;
- ssh - improved remote forwarding handling (introduced in v6.44.3);
- ssh - improved session rekeying process on exchanged data size threshold;
- ssh - keep host keys when resetting configuration with "keep-users=yes";
- ssh - use correct user when "output-to-file" parameter is used;
- sstp - improved stability when received traffic hits tarpit firewall;
- supout - added IPv6 ND section to supout file;
- supout - added "kid-control devices" section to supout file;
- supout - added "pwr-line" section to supout file;
- supout - changed IPv6 pool section to output detailed print;
- switch - properly reapply settings after switch chip reset;
- tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
- tile - improved link fault detection on SFP+ ports;
- tr069-client - added LTE CQI and IMSI parameter support;
- tr069-client - fixed potential memory corruption;
- tr069-client - improved error reporting with incorrect firware upgrade XML file;
- traceroute - improved stability when sending large ping amounts;
- traffic-generator - improved stability when stopping traffic generator;
- tunnel - removed "local-address" requirement when "ipsec-secret" is used;
- userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
- w60g - do not show unused "dmg" parameter;
- w60g - prefer AP with strongest signal when multiple APs with same SSID present;
- w60g - show running frequency under "monitor" command;
- winbox - added "System/SwOS" menu for all dual-boot devices;
- winbox - do not allow setting "dns-lookup-interval" to "0";
- winbox - show "LCD" menu only on boards that have LCD screen;
- wireless - fixed frequency duplication in the frequency selection menu;
- wireless - fixed incorrect IP header for RADIUS accounting packet;
- wireless - improved 160MHz channel width stability on rb4011;
- wireless - improved DFS radar detection when using non-ETSI regulated country;
- wireless - improved installation mode selection for wireless outdoor equipment;
- wireless - set default SSID and supplicant-identity the same as router's identity;
- wireless - updated "china" regulatory domain information;
- wireless - updated "new zealand" regulatory domain information;
- www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473).
MikroTik RouterOS 6.45
Дата выхода: 21 июня 2019
Релиз только для внутреннего использования компанией MikroTik.
Полезные материалы по MikroTik
Углубленный курс "Администрирование сетевых устройств MikroTik" Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь