MikroTik RouterOS 7.19.x

Подробное описание изменений в MikroTik RouterOS 7.19.x. Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 22 мая 2025, дата выхода последнего набора изменений – 12 сентября 2025.

Полезные материалы по MikroTik

Секреты настройки MikroTik

Более 17.000 подписчиков самого большого telegram-канала «MikroTik-сэнсэй» первыми узнают секреты настройки MikroTik от автора этой вики.

Подписаться на «MikroTik‑сэнсэй»

MikroTik RouterOS 7.19.6 Stable

Дата выхода: 12 сентября 2025.

Изменения:

• bridge - improved system stability with IGMP snooping;
• ethernet - improved performance for hEX Refresh and hEX S (2025);
• ike2 - improved system stability;
• leds - fixed signal strength LEDs for Cube 60G ac;
• log - added VRF support for remote logging;
• log - establish a new connection to the remote log server when action settings are edited (e.g. after changing the src-address property);
• log - fixed memory leak when a connection to remote TCP log server failed;
• log - fixed unsent message retransmit to correct endpoints (introduced in v7.18);
• log - randomize source port when using remote logging with src-address specified;
• lte - fixed wrong subnet mask set to Chateau 5G R17 ax LTE interface;
• mac-server - fixed interface-list change behavior;
• poe-out - added "poe-in" detection for 802.3at poe-out capable ports;
• poe-out - firmware update for 802.3at capable boards (the update will cause brief power interruption to poe-out interfaces);
• poe-out - fixed "low-voltage" LLDP deny for RB5009 and RB960 in specific voltage/power-source combinations;
• poe-out - fixed missing error status report in rare cases for 802.3at;
• routerboot - fixed load of other kernels (e.g. OpenWrt) on NAND-less boards with MT762x, IPQ40xx, QCA955x and QCA953x CPUs ("/system routerboard upgrade" required);
• sfp - fixed the I2C clock frequency for the hEX S (2025) to prevent EEPROM read issues with GPON modules;
• switch - fixed switch name for CRS418;
• switch - improved system stability after switch reset while bonding interfaces are active (introduced in v7.18);
• traffic-flow - added support for IPv6 packet sampling;
• traffic-flow - fixed flow reports when using IPv6 and packet sampling (introduced in v7.18);
• w60g - fixed disconnect issue (introduced in v7.19.4);
• winbox - allow selecting bonding interface under "Switch/Rule" menu;
• winbox - use "auto" as default value for VXLAN "Don't Fragment" property.

MikroTik RouterOS 7.19.5 Stable

Дата выхода: 22 августа 2025.

(factory only release)

MikroTik RouterOS 7.19.4 Stable

Дата выхода: 28 июля 2025.

Изменения:

• arm - improved system stability when processing encrypted traffic;
• arm64 - increased maximum number of CPU cores to 128;
• ethernet - improved ethernet stability when handling invalid packets on Alpine CPUs;
• iot - fixed incorrectly set LoRa channel plan behavior;
• ipv6 - fixed policy routing;
• leds - fixed issues after changing "dark-mode" configuration (introduced in v7.19);
• license - updated URL for "libcroco" package in the license notice;
• log - output PoE-Out LLDP negotiation to poe,info topic;
• net - ensure packet sockets from containers do not disable RouterOS fastpath/fasttrack;
• netinstall-cli - recognize RouterOS v6 system package;
• port - give "gps" prefix for R11e-LR8G and R11e-LR9G GPS ports;
• ptp - allow priority1 value of 0 (improves stability when receiving announce messages with priority1 set to 0);
• routing-filter - fixed route origin matcher;
• system - improved system stability for CCR2216 device;
• system - improved system stability when using fasttrack.

MikroTik RouterOS 7.19.3 Stable

Дата выхода: 03 июля 2025.

Изменения:

• bridge - allow IPv6 FastPath when dhcp-snooping is enabled;
• iot - LoRa LNS stability improvement;
• lte - AT modems, fixed typos in commands sent to modem when APN with authentication is used (AT+CGAUTH; AT$QCPDPP);
• lte - R11e-LTE and R11e-LTE6, fixed possible crash on device unexpected removal or during RouterOS shutdown;
• mpls - improved stability when handling VPLS packets;
• radius - fixed RADIUS client section becoming unresponsive when RadSec is configured, but server is not responding;
• radius - fixed wrong RadSec port number in logs;
• radius - properly verify certificate when RadSec is used;
• sfp - added sfp-power-class and sfp-max-power monitor values for QSFP;
• supout - added IPv6 NAT section;
• switch - fixed ACL rules with "redirect-to-cpu" (introduced in v7.19.2);
• switch - fixed bonding issues after switch reset (introduced in v7.18);
• switch - fixed port blocking with spanning tree on EN7523 switch (introduced in v7.19);
• swos - changed firmware file location (URL) for software update checks;
• system - reduced RouterOS ARM package size;
• winbox - show/hide corresponding fields when switching RADIUS client mode between RadSec and UDP.

MikroTik RouterOS 7.19.2 Stable

Дата выхода: 20 июня 2025.

Изменения:

• bfd - fixed socket leak;
• bgp - fixed withdraw when input.accept-nlri is non-existent;
• btest - properly close unsuccessful TCP test sockets;
• console - added prompt to /disk/format command;
• disk - do not allow to start Btrfs replace command when a Btrfs replace process is already running;
• disk - improve disk file system detection;
• hotspot - allow only "http:" and "https:" schemas in dst field;
• iot - added LoRa interface recovery mechanism;
• iot - LoRa stability improvement;
• iot - LR8G/9G firmware update;
• ip-service - fixed "print count-only interval" when dynamic entries are added (introduced in v7.19);
• ip-service - fixed setting services by name (introduced in v7.19);
• ipsec - fixed responder on key exchange compute failure (introduced in v7.19);
• ipv6 - do not show IPv6 FastPath as active when connection tracking or IPsec is used;
• l2tp-ether - fixed interface creation/removal process;
• lte - added support for R11e-LTE6 v039 firmware release;
• lte - do not dial further if modem detects eSIM without profiles;
• lte - fixed eSIM management function for mmips and mipsbe architecture CPUs;
• lte - fixed eSIM provisioning for servers that do not send content-length in the HTTP response;
• route - fixed destination ordering for SNMP;
• route - fixed SNMP probing of IPv6 routes;
• route - make routing table print faster with hw-offload, gateway and blackhole queries;
• switch - fixed ACL rules when ports are not specified (fixes dynamic rules for RoMON);
• switch - fixed advertise and speed settings for ether1 on RB5009 (introduced in v7.19.1);
• webfig - improved screen reader support for WiFi fields in Quickset;
• webfig - make combobox accessible to screen readers;
• webfig - more space to branding logo;
• wifi-qcom - fixed beacon loss issues and improved stability for IPQ-6018;
• wifi-qcom - improved regulatory compliance;
• winbox - fixed "Last Topology Change" for bridge port monitor.

MikroTik RouterOS 7.19.1 Stable

Дата выхода: 23 мая 2025.

Изменения:

• certificate – fixed support for certificates imported or added in RouterOS v7.4 or earlier (introduced in v7.19);
• console - improved stability when a running script is removed;
• container - stability improvements;
• disk - fixed RAID component size to match the value in the superblock;
• disk - improved handling of RAID spare disks;
• disk - improved stability when using RAID;
• ethernet - fixed flow-control for RB5009;
• iot - fixed incorrectly shown LoRa payload RSSI values;
• poe-out - fixed PoE-out reset when inserting specific SFP modules on RB5009;
• poe-out - upgraded firmware for 802.3at PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
• routing-filter - use zero as default as-path length (allows matching empty as path);
• sfp - correctly classify 100Mbps modules as "100M-baseFX";

MikroTik RouterOS 7.19 Stable

Дата выхода: 22 мая 2025.

Изменения:

• arm64 - fixed possible transmit queue timeout on CCR2216, CCR2116, RDS2216;
• arp - added warning, when "Published" ARP entry used on an interface with "reply-only" ARP mode enabled;
• bgp - added input.filter-community;
• bgp - fixed excessive CPU usage;
• bgp - fixed input.accept-community;
• bgp - fixed memory leak on receiving notify and closing session;
• bgp - improved performance on BGP input;
• bonding - added setting for LACP active/passive modes;
• bridge - added new STP monitoring fields for bridge and ports (Tx/Rx BPDU, Tx/Rx TC, forward/discard transitions, last topology change, message-age, max-age, remaining-hops, bridge-id);
• bridge - fixed bridge port hang when using invalid port IDs;
• bridge - fixed dhcp-snooping in QinQ setups;
• bridge - fixed issue when local MACs were removed unnecessarily;
• bridge - fixed minor memory leak on link down;
• bridge - fixed multicast packet flow on hardware offloaded bridge which acts as "multicast-router";
• bridge - improved default bridge and port layout on console and GUI;
• bridge - improved stability in case of configuration error (introduced in v7.15);
• bridge - moved "TCHANGE" logs from bridge,stp to bridge,stp,debug;
• bridge - offload VXLAN only if another HW offloaded port exists in the bridge;
• bridge - properly flush bridge hosts when bonding is used as bridge port and loses hw-offloading status;
• bridge - rename "ports" to "interface" under MDB table for configuration consistency with other menus;
• bridge - renamed STP monitor fields (port-number to port-id, designated-port-number to designated-port-id, designated-bridge to designated-bridge-id);
• bridge - show designated-* monitor field for all port roles;
• bridge - show warning instead of causing error when using multicast MAC as admin-mac (introduced in v7.17);
• bth - properly specify "in-interface" when adding dynamic firewall NAT rule;
• capsman - fixed "undo" command for cap interfaces;
• certificate - added built-in root certificate authorities store;
• certificate - do not include CA identity in SCEP POST requests;
• certificate - fixed cloud-dns challenge validation for sn.mynetname.net (CLI only);
• certificate - improve error message when trying to use certificate;
• certificate - optimize trust store;
• cloud - fixed issues when BTH is toggled fast between enable/disable;
• cloud - improved "BTH Files" web page design;
• conntrack - improved stability on busy systems;
• console - added on-error to "for" and "foreach" loops;
• console - added proplist to monitor command;
• console - disallow incomplete double-quoted arguments (allows multiline string pasting);
• console - do not treat return values as errors in scripts run from scheduler;
• console - enabled verbose error logging for non-scripted/non-verbose imports;
• console - fixed issue with file-name completion (introduced in v7.18);
• console - fixed issue with files when using scripts (introduced in v7.18);
• console - fixed misaligned multiline in brief print mode;
• console - improve time value handling;
• console - improved file add/remove process stability;
• console - print large number argument values in proper format in export output;
• console - set "/system/note show-at-login=yes" the default value after configuration reset;
• console - validate script arguments (do, on-error, etc.) and reject invalid values;
• container - allow changing container name;
• container - fixed repository name handling to prevent redirect issues when basic authentication is used;
• container - try to derive a user readable container name from remote image or file;
• defconf - added DHCP Client on RDS2216 MGMT interface;
• defconf - increased PPP interface wait time;
• device-mode - added new "rose" mode where "container" feature is enabled by default;
• dhcpv4 - improved outgoing packet logging;
• dhcpv4-client/server - added support for DHCPv4 reconfigure messages;
• dhcpv4-server - "Relay-Agent-Information" (82) option moved at the end of option list in response packets;
• dhcpv4-server - accept packets with htype 6;
• dhcpv4/v6-client - added check-gateway parameter;
• dhcpv4/v6-client - fixed default route when DHCP client interface is in VRF;
• dhcpv6-client - allow selecting to which routing tables add default route;
• dhcpv6-relay - clear saved routes on DHCP release;
• dhcpv6-relay - show client address;
• dhcpv6-server - allow unsetting prefix-pool for static bindings and show warning if prefix is not in selected prefix-pool;
• dhcpv6-server - change bound status to waiting on binding disable;
• dhcpv6-server - change static binding bound status to waiting on server disable;
• dhcpv6-server - fix when expired static binding is declined with false "binding belongs to another server" reason;
• dhcpv6-server - improved stability when disabled server have static bindings;
• dhcpv6-server - improved stability when disabling server with active bindings;
• disk - add "sector-size" property in print detail;
• disk - add reset-counters to /disk btrfs filesystem;
• disk - renamed "eject-drive" command to "eject" (CLI only);
• disk - renamed "format-drive" command to "format" (CLI only);
• dlna - improved folder indexing behavior;
• dns - improved DNS server service stability;
• dot1x - fixed dynamic switch ACL rules on boards with a lot of ports (e.g. CRS520);
• ethernet - improved Ethernet and PoE port mapping to ensure a consistent and reliable interface order;
• fetch - fixed false successful messages in FTP mode;
• file - added show-hidden parameter to /file/print, allowing referencing and deleting hidden files;
• file - fixed missing files from The Dude (introduced in v7.18);
• file - improved responsiveness on slow filesystems;
• firewall - always show "passthrough" when exporting mangle table;
• firewall - detect VRF addresses as local;
• firewall - fixed IP/Settings "ipv4-fasttrack-active" status showing as inactive when it is active;
• health - hide settings in CLI if there is nothing to show;
• health - improved performance on devices with simple voltage sensors;
• hotspot - improvements to memory usage;
• igmp-proxy - do not try to send leave message for multicast groups that the device itself has joined on the upstream interface (cosmetic fix for proxy error logs);
• ike2 - improved initial key exchange process on slow or unreliable connections;
• iot - improvement to LoRa dev-addr-validation behavior;
• iot - improvement to LoRa join eui/net id filtering behavior;
• iot - improvement to LoRa stability and functionality;
• iot - improvement to LoRa whitelist/blacklist support;
• iot - iot-bt-extra package stability improvement;
• ip-service - show all TCP/UDP connections on the system;
• ip-service - show all TCP/UDP ports on system, including ports in containers;
• ip-service - show error message when service enable fails;
• ippool6 - properly free IPv6 pool used prefix when it is not used any more;
• ipsec - fixed system failure on MMIPS devices when using IPsec services;
• ipsec - lower standalone cipher, hash priority when using ctr aead;
• ipv6 - avoid watchdog reboot due to link-local IPv6 address reconfiguration on thousand of interfaces at once;
• ipv6 - fixed EUI-64 false error message on address update when "from-pool" option is used;
• isis - properly validate 3-way hello handshake;
• l2tp-ether - improved stability when trying to connect to disabled L2TP server with IPsec;
• l3hw - remove VLAN tag before VXLAN encapsulation (fixes pvid behavior for bridged VXLAN);
• log - added additional CEF fields from firewall and login logs;
• log - fixed remote logging after reboot when hostname is forwarded to a DNS server;
• log - populate in/out fields in firewall CEF logs with correct data;
• lte - added UICC parameter in LTE monitor for R11e-4G modem;
• lte - additional fixes for eSIM management support;
• lte - AT modems, improved redialing when modem lost connectivity without notifying host about APN status change;
• lte - automatically enable roaming for known roaming only SIM/eSIM profiles;
• lte - Chateau 5G R16 fix DHCP relay packet forwarding using LTE interface;
• lte - deactivate current eSIM profile before activating new profile;
• lte - fixed default APN for configless modems;
• lte - fixed EC200A-EU APN authentication;
• lte - fixed initialization for Neoway N75 modem;
• lte - fixed initialization for R11e-LTE6 modem;
• lte - fixed LTE passthrough activation issue when IPv6 APN is used;
• lte - fixed LTE status update or possible crash when modem is unexpectedly removed from system;
• lte - fixed MBIM modem recovery after modem unexpected restart;
• lte - fixed modem recovery after firmware upgrade for R11e-LTE modem;
• lte - fixed possible crash or missing IPv6 address on first APN activation when IPv6 capable APN is used;
• lte - fixed Router Advertisement processing issue for AT modems when an APN with "ip-type=ipv6" was configured;
• lte - improved dialer for EC200A-EU modem;
• lte - improved R11e-LTE6 link recovery delay time after unexpected modem registration status changes;
• lte - initial support for user settable modem redial timer;
• lte - initialize Quectel modems as soon as they are ready after unexpected restart;
• lte - reset internal link-recovery-timer on sim slot change;
• lte - set apn profile name the same as apn if no name specified when creating the profile;
• lte - show correct value for 5G SA "current-cellid";
• net - remove support for automatic multicast tunneling (AMT) interface (introduced in v7.18);
• netinstall - improved network socket re-opening when NIC status changes while running the server;
• netinstall - provide warning if memory on installed router is full after installation;
• netinstall - show warning when network configuration on PC might not be appropriate for installation;
• netinstall-cli - check for other running Netinstall servers on startup;
• netinstall-cli - clear old configuration before user script using "-s";
• netinstall-cli - fixed issue with applying the branding package;
• ospf - fixed "mismatch" typo in logs;
• ospf - make auth-key parameter sensitive;
• ovpn - properly match GCM hardware acceleration capabilities (introduced in v7.17);
• ovpn-server - do not reset active connections when changing comment or name;
• ovpn-server - fixed server start-up after a reboot;
• ovpn-server - properly show "username" in log when authentication fails;
• pimsm - fixed issue where own query caused querier detection;
• poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
• port - added support for Huawei E3372-325 variant (vendor-id="0x3566" device-id="0x2001");
• port - added USB mode switch support for "huawei-alt-mode";
• port - fixed KNOT BG77 modem port lost after RouterOS upgrade from previous versions;
• port - improvements to KNOT BG77 modem port channel handling;
• ppc - fixed VLAN TCP packet transmit on PPC devices;
• profiler - improved process classification;
• ptp - added "ptp" logging topic;
• ptp - allow multiple instances;
• ptp - fixed PTP on 2.5G links;
• ptp - fixed PTP on QSFP ports for CRS326, CRS510, CRS520, CCR2216 devices;
• queue - fixed system failure when CAKE kind queue was configured but queue type definition does not exist anymore (introduced in v7.18);
• queue - speed-up queue addition/removal process;
• quickset - improved system stability;
• rose-storage - added Btrfs disk balance command (CLI only);
• rose-storage - added degraded Btrfs mount option (CLI only);
• rose-storage - fixed mounting Btrfs subvolumes using macOS SMB client;
• rose-storage - fixes for Btrfs;
• rose-storage - improved system stability when removing NVMe disks;
• rose-storage - rename default RAID device name from "raid" to "raid-array";
• rose-storage - show Btrfs balance and scrub errors if any;
• route - added options to set dynamic-in and connected-in chains in /routing/settings;
• route - fixed stuck output when calling prints from multiple routing menus;
• route - fixed route rule "min-prefix" unset;
• route - improve stability on BGP reconnect;
• route - make AFI naming consistent;
• route - show "routing-table" by default on console print output;
• route - show BGP session name instead of cache-id;
• route-filter - fixed the "blackhole" option setting process;
• route-filter - improved performance;
• sfp - added sfp-encoding data output from EEPROM;
• sfp - improved QSFP link stability for CRS354 devices;
• sniffer - add max-packet-size (2k-64k) setting to be able to sniffer more than 2k data per packet;
• snmp - fixed v2 getnext noSuchName error when OID with requested key does not exist;
• ssh - fixed authorization with SSH key when multiple user SSH public keys are imported;
• ssl/tls - respond with more precise alert error messages;
• ssl/tls - send certificate authority in Certificate message even if it is not trusted;
• switch - do not count rx-too-long multiple times on 100Gbps QSFP28;
• switch - fixed egress mirroring for packets coming from external CPU port (e.g. CRS520, CCR2216, CCR2116);
• switch - fixed switch name for hEX Refresh;
• switch - flush CPU port FDB entries on switch disable;
• switch - improve rate limit accuracy for MT7531, MT7621, EN7562CT;
• switch - improved boot stability on devices with Alpine CPU and switch chip;
• switch - improved stability when enabling IGMP snooping with VXLAN (introduced in v7.18);
• switch - properly match IPv6 packets with empty ACL rule on CRS3xx, CRS5xx, CCR2004, CCR2116, CCR2216, RDS devices;
• system - fixed "/system reboot" when the system disk is completely full;
• system - improved internal "flash/" prefix handling for different file path related settings;
• system - improved system stability when sending TCP data from the router;
• system – added new "switch-marvell" and "wifi-mediatek" packages to support upcoming products;
• timezone - updated timezone information from "tzdata2025b" release;
• torch - improved data reporting;
• upgrade - improved free disk space calculation;
• upgrade - improved upgrade procedure reliability;
• vrrp - fixed detection of connection tracking after reboot (introduced in v7.17);
• vxlan -improved system stability when using IPv6 VTEP;
• webfig - allow table column resize over side toolbar;
• webfig - don't reorder rows when selecting header cells with Alt+click;
• webfig - show IPv6 firewall connections;
• webfig - show missing data in "IP/DNS/Cache" records;
• wifi - add channel.reselect-time parameter which allows to perform channel re-selection at given time of day (CLI only);
• wifi - add information on CAP uptime and connection uptime in "Remote CAP" list;
• wifi - added "eap-identity" to registration table;
• wifi - added SSID to logs;
• wifi - display error when trying to run snooper on interface which does not support wireless packet capture (sniffer);
• wifi - fix authentication of clients which omit some RSN information at association;
• wifi - fix incorrect info about current channel for station interfaces after AP has switched channel (introduced in v7.17);
• wifi - fix possible snooper crash when parsing frames with malformed headers;
• wifi - fixed 5GHz chain enumeration on Chateau PRO ax;
• wifi - implement WPA2 PSK authentication with key derivation using SHA256 (CLI only);
• wifi - improve parsing of captured frames which have nested flags in radiotap header;
• wifi - improved stability for wifi interfaces;
• wifi - improved stability when doing SNMP query;
• wifi - improved wifi connection stability when used as a station for "b" mode access point;
• wifi - re-word log entries about disconnections which are likely caused by peer using a wrong passphrase;
• wifi - use at least TLS 1.2 for securing connection between CAPsMAN manager and CAPs;
• wifi-qcom - fix inability of interfaces in station mode to connect if they do not support full bandwidth of AP;
• wifi-qcom - fix OWE authentication for 802.11ac interfaces in station mode;
• winbox - added "MAC Telnet" under "Wifi/Registration" menu;
• winbox - added "Multi Passphrase Group" for wifi;
• winbox - added "Reset MAC address" for legacy wireless and wifi;
• winbox - added comment fields for WiFi "Multi Passphrase Group" menu;
• winbox - added comment under "User Manager/Routers" menu;
• winbox - added country to wireless setup-repeater;
• winbox - added missing "Switch" menu for RDS;
• winbox - added missing file systems for disk formatting;
• winbox - added missing parameters for BTRFS related action functions;
• winbox - added mount-point parameter under "Disk/Settings" menu;
• winbox - added netmask support for switch rule Src/Dst IPv6 Address settings;
• winbox - allow opening BTRFS menu entries;
• winbox - changed default wireless wds-cost-range values;
• winbox - do not show not relevant values for certificate template;
• winbox - fixed "Multi Passphrase Group" setting for wifi;
• winbox - fixed "registry-url" field under "Containers" configuration menu;
• winbox - fixed missing SMB client on non-ROSE devices;
• winbox - fixed several statistics counters not being read only;
• winbox - fixed switch menu for Chateau 5G;
• winbox - fixed time interval type fields precision under "Disks" menu;
• winbox - hide container File/Remote Image fields only when instance added;
• winbox - improve graphing efficiency when communicating with WinBox;
• winbox - make BTRFS "Parent" and "Send Parent" options optional;
• winbox - properly show/hide OSPF, RIP and BGP tabs for IPv6 routes;
• winbox - renamed "raid-member" to "raid member" flag for consistency;
• winbox - show eSIM profiles under eSIM menu without manual refresh;
• wireguard - add wg-import config-string parameter to import config directly from terminal;
• wireguard - update peer info on "get" command;
• wireless - added "eap-identity" to registration table;
• wireless - implement handling of RADIUS disconnect messages by CAPsMAN;
• wireless - suggest all legitimate frequencies for interfaces with 20/40mhz-XX channel width in GUI;
• x86 - added support for Emulex NIC;
• x86 - i40e updated driver to 2.27.8 version;
• x86 - remove unnecessary console output on shutdown;

Полезные материалы по MikroTik

Секреты настройки MikroTik

Более 17.000 подписчиков самого большого telegram-канала «MikroTik-сэнсэй» первыми узнают секреты настройки MikroTik от автора этой вики.

Подписаться на «MikroTik‑сэнсэй»