MikroTik RouterOS 7.19.x (stable)

Подробное описание изменений в MikroTik RouterOS 7.19.x. Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 22 мая 2025, дата выхода последнего набора изменений – неизвестна.

Полезные материалы по MikroTik

Углубленный курс «Администрирование сетевых устройств MikroTik»
Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.

ИП Скоромнов Дмитрий Анатольевич, ИНН 331403723315

На Telegram-канале Mikrotik-сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь

ИП Скоромнов Дмитрий Анатольевич, ИНН 331403723315

MikroTik RouterOS 7.19.1

Дата выхода: 23 мая 2025.

Изменения:

certificate – fixed support for certificates imported or added in RouterOS v7.4 or earlier (introduced in v7.19);
console - improved stability when a running script is removed;
container - stability improvements;
disk - fixed RAID component size to match the value in the superblock;
disk - improved handling of RAID spare disks;
disk - improved stability when using RAID;
ethernet - fixed flow-control for RB5009;
iot - fixed incorrectly shown LoRa payload RSSI values;
poe-out - fixed PoE-out reset when inserting specific SFP modules on RB5009;
poe-out - upgraded firmware for 802.3at PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
routing-filter - use zero as default as-path length (allows matching empty as path);
sfp - correctly classify 100Mbps modules as "100M-baseFX";

MikroTik RouterOS 7.19

Дата выхода: 22 мая 2025.

Изменения:

arm64 - fixed possible transmit queue timeout on CCR2216, CCR2116, RDS2216;
arp - added warning, when "Published" ARP entry used on an interface with "reply-only" ARP mode enabled;
bgp - added input.filter-community;
bgp - fixed excessive CPU usage;
bgp - fixed input.accept-community;
bgp - fixed memory leak on receiving notify and closing session;
bgp - improved performance on BGP input;
bonding - added setting for LACP active/passive modes;
bridge - added new STP monitoring fields for bridge and ports (Tx/Rx BPDU, Tx/Rx TC, forward/discard transitions, last topology change, message-age, max-age, remaining-hops, bridge-id);
bridge - fixed bridge port hang when using invalid port IDs;
bridge - fixed dhcp-snooping in QinQ setups;
bridge - fixed issue when local MACs were removed unnecessarily;
bridge - fixed minor memory leak on link down;
bridge - fixed multicast packet flow on hardware offloaded bridge which acts as "multicast-router";
bridge - improved default bridge and port layout on console and GUI;
bridge - improved stability in case of configuration error (introduced in v7.15);
bridge - moved "TCHANGE" logs from bridge,stp to bridge,stp,debug;
bridge - offload VXLAN only if another HW offloaded port exists in the bridge;
bridge - properly flush bridge hosts when bonding is used as bridge port and loses hw-offloading status;
bridge - rename "ports" to "interface" under MDB table for configuration consistency with other menus;
bridge - renamed STP monitor fields (port-number to port-id, designated-port-number to designated-port-id, designated-bridge to designated-bridge-id);
bridge - show designated-* monitor field for all port roles;
bridge - show warning instead of causing error when using multicast MAC as admin-mac (introduced in v7.17);
bth - properly specify "in-interface" when adding dynamic firewall NAT rule;
capsman - fixed "undo" command for cap interfaces;
certificate - added built-in root certificate authorities store;
certificate - do not include CA identity in SCEP POST requests;
certificate - fixed cloud-dns challenge validation for sn.mynetname.net (CLI only);
certificate - improve error message when trying to use certificate;
certificate - optimize trust store;
cloud - fixed issues when BTH is toggled fast between enable/disable;
cloud - improved "BTH Files" web page design;
conntrack - improved stability on busy systems;
console - added on-error to "for" and "foreach" loops;
console - added proplist to monitor command;
console - disallow incomplete double-quoted arguments (allows multiline string pasting);
console - do not treat return values as errors in scripts run from scheduler;
console - enabled verbose error logging for non-scripted/non-verbose imports;
console - fixed issue with file-name completion (introduced in v7.18);
console - fixed issue with files when using scripts (introduced in v7.18);
console - fixed misaligned multiline in brief print mode;
console - improve time value handling;
console - improved file add/remove process stability;
console - print large number argument values in proper format in export output;
console - set "/system/note show-at-login=yes" the default value after configuration reset;
console - validate script arguments (do, on-error, etc.) and reject invalid values;
container - allow changing container name;
container - fixed repository name handling to prevent redirect issues when basic authentication is used;
container - try to derive a user readable container name from remote image or file;
defconf - added DHCP Client on RDS2216 MGMT interface;
defconf - increased PPP interface wait time;
device-mode - added new "rose" mode where "container" feature is enabled by default;
dhcpv4 - improved outgoing packet logging;
dhcpv4-client/server - added support for DHCPv4 reconfigure messages;
dhcpv4-server - "Relay-Agent-Information" (82) option moved at the end of option list in response packets;
dhcpv4-server - accept packets with htype 6;
dhcpv4/v6-client - added check-gateway parameter;
dhcpv4/v6-client - fixed default route when DHCP client interface is in VRF;
dhcpv6-client - allow selecting to which routing tables add default route;
dhcpv6-relay - clear saved routes on DHCP release;
dhcpv6-relay - show client address;
dhcpv6-server - allow unsetting prefix-pool for static bindings and show warning if prefix is not in selected prefix-pool;
dhcpv6-server - change bound status to waiting on binding disable;
dhcpv6-server - change static binding bound status to waiting on server disable;
dhcpv6-server - fix when expired static binding is declined with false "binding belongs to another server" reason;
dhcpv6-server - improved stability when disabled server have static bindings;
dhcpv6-server - improved stability when disabling server with active bindings;
disk - add "sector-size" property in print detail;
disk - add reset-counters to /disk btrfs filesystem;
disk - renamed "eject-drive" command to "eject" (CLI only);
disk - renamed "format-drive" command to "format" (CLI only);
dlna - improved folder indexing behavior;
dns - improved DNS server service stability;
dot1x - fixed dynamic switch ACL rules on boards with a lot of ports (e.g. CRS520);
ethernet - improved Ethernet and PoE port mapping to ensure a consistent and reliable interface order;
fetch - fixed false successful messages in FTP mode;
file - added show-hidden parameter to /file/print, allowing referencing and deleting hidden files;
file - fixed missing files from The Dude (introduced in v7.18);
file - improved responsiveness on slow filesystems;
firewall - always show "passthrough" when exporting mangle table;
firewall - detect VRF addresses as local;
firewall - fixed IP/Settings "ipv4-fasttrack-active" status showing as inactive when it is active;
health - hide settings in CLI if there is nothing to show;
health - improved performance on devices with simple voltage sensors;
hotspot - improvements to memory usage;
igmp-proxy - do not try to send leave message for multicast groups that the device itself has joined on the upstream interface (cosmetic fix for proxy error logs);
ike2 - improved initial key exchange process on slow or unreliable connections;
iot - improvement to LoRa dev-addr-validation behavior;
iot - improvement to LoRa join eui/net id filtering behavior;
iot - improvement to LoRa stability and functionality;
iot - improvement to LoRa whitelist/blacklist support;
iot - iot-bt-extra package stability improvement;
ip-service - show all TCP/UDP connections on the system;
ip-service - show all TCP/UDP ports on system, including ports in containers;
ip-service - show error message when service enable fails;
ippool6 - properly free IPv6 pool used prefix when it is not used any more;
ipsec - fixed system failure on MMIPS devices when using IPsec services;
ipsec - lower standalone cipher, hash priority when using ctr aead;
ipv6 - avoid watchdog reboot due to link-local IPv6 address reconfiguration on thousand of interfaces at once;
ipv6 - fixed EUI-64 false error message on address update when "from-pool" option is used;
isis - properly validate 3-way hello handshake;
l2tp-ether - improved stability when trying to connect to disabled L2TP server with IPsec;
l3hw - remove VLAN tag before VXLAN encapsulation (fixes pvid behavior for bridged VXLAN);
log - added additional CEF fields from firewall and login logs;
log - fixed remote logging after reboot when hostname is forwarded to a DNS server;
log - populate in/out fields in firewall CEF logs with correct data;
lte - added UICC parameter in LTE monitor for R11e-4G modem;
lte - additional fixes for eSIM management support;
lte - AT modems, improved redialing when modem lost connectivity without notifying host about APN status change;
lte - automatically enable roaming for known roaming only SIM/eSIM profiles;
lte - Chateau 5G R16 fix DHCP relay packet forwarding using LTE interface;
lte - deactivate current eSIM profile before activating new profile;
lte - fixed default APN for configless modems;
lte - fixed EC200A-EU APN authentication;
lte - fixed initialization for Neoway N75 modem;
lte - fixed initialization for R11e-LTE6 modem;
lte - fixed LTE passthrough activation issue when IPv6 APN is used;
lte - fixed LTE status update or possible crash when modem is unexpectedly removed from system;
lte - fixed MBIM modem recovery after modem unexpected restart;
lte - fixed modem recovery after firmware upgrade for R11e-LTE modem;
lte - fixed possible crash or missing IPv6 address on first APN activation when IPv6 capable APN is used;
lte - fixed Router Advertisement processing issue for AT modems when an APN with "ip-type=ipv6" was configured;
lte - improved dialer for EC200A-EU modem;
lte - improved R11e-LTE6 link recovery delay time after unexpected modem registration status changes;
lte - initial support for user settable modem redial timer;
lte - initialize Quectel modems as soon as they are ready after unexpected restart;
lte - reset internal link-recovery-timer on sim slot change;
lte - set apn profile name the same as apn if no name specified when creating the profile;
lte - show correct value for 5G SA "current-cellid";
net - remove support for automatic multicast tunneling (AMT) interface (introduced in v7.18);
netinstall - improved network socket re-opening when NIC status changes while running the server;
netinstall - provide warning if memory on installed router is full after installation;
netinstall - show warning when network configuration on PC might not be appropriate for installation;
netinstall-cli - check for other running Netinstall servers on startup;
netinstall-cli - clear old configuration before user script using "-s";
netinstall-cli - fixed issue with applying the branding package;
ospf - fixed "mismatch" typo in logs;
ospf - make auth-key parameter sensitive;
ovpn - properly match GCM hardware acceleration capabilities (introduced in v7.17);
ovpn-server - do not reset active connections when changing comment or name;
ovpn-server - fixed server start-up after a reboot;
ovpn-server - properly show "username" in log when authentication fails;
pimsm - fixed issue where own query caused querier detection;
poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
port - added support for Huawei E3372-325 variant (vendor-id="0x3566" device-id="0x2001");
port - added USB mode switch support for "huawei-alt-mode";
port - fixed KNOT BG77 modem port lost after RouterOS upgrade from previous versions;
port - improvements to KNOT BG77 modem port channel handling;
ppc - fixed VLAN TCP packet transmit on PPC devices;
profiler - improved process classification;
ptp - added "ptp" logging topic;
ptp - allow multiple instances;
ptp - fixed PTP on 2.5G links;
ptp - fixed PTP on QSFP ports for CRS326, CRS510, CRS520, CCR2216 devices;
queue - fixed system failure when CAKE kind queue was configured but queue type definition does not exist anymore (introduced in v7.18);
queue - speed-up queue addition/removal process;
quickset - improved system stability;
rose-storage - added Btrfs disk balance command (CLI only);
rose-storage - added degraded Btrfs mount option (CLI only);
rose-storage - fixed mounting Btrfs subvolumes using macOS SMB client;
rose-storage - fixes for Btrfs;
rose-storage - improved system stability when removing NVMe disks;
rose-storage - rename default RAID device name from "raid" to "raid-array";
rose-storage - show Btrfs balance and scrub errors if any;
route - added options to set dynamic-in and connected-in chains in /routing/settings;
route - fixed stuck output when calling prints from multiple routing menus;
route - fixed route rule "min-prefix" unset;
route - improve stability on BGP reconnect;
route - make AFI naming consistent;
route - show "routing-table" by default on console print output;
route - show BGP session name instead of cache-id;
route-filter - fixed the "blackhole" option setting process;
route-filter - improved performance;
sfp - added sfp-encoding data output from EEPROM;
sfp - improved QSFP link stability for CRS354 devices;
sniffer - add max-packet-size (2k-64k) setting to be able to sniffer more than 2k data per packet;
snmp - fixed v2 getnext noSuchName error when OID with requested key does not exist;
ssh - fixed authorization with SSH key when multiple user SSH public keys are imported;
ssl/tls - respond with more precise alert error messages;
ssl/tls - send certificate authority in Certificate message even if it is not trusted;
switch - do not count rx-too-long multiple times on 100Gbps QSFP28;
switch - fixed egress mirroring for packets coming from external CPU port (e.g. CRS520, CCR2216, CCR2116);
switch - fixed switch name for hEX Refresh;
switch - flush CPU port FDB entries on switch disable;
switch - improve rate limit accuracy for MT7531, MT7621, EN7562CT;
switch - improved boot stability on devices with Alpine CPU and switch chip;
switch - improved stability when enabling IGMP snooping with VXLAN (introduced in v7.18);
switch - properly match IPv6 packets with empty ACL rule on CRS3xx, CRS5xx, CCR2004, CCR2116, CCR2216, RDS devices;
system - fixed "/system reboot" when the system disk is completely full;
system - improved internal "flash/" prefix handling for different file path related settings;
system - improved system stability when sending TCP data from the router;
system – added new "switch-marvell" and "wifi-mediatek" packages to support upcoming products;
timezone - updated timezone information from "tzdata2025b" release;
torch - improved data reporting;
upgrade - improved free disk space calculation;
upgrade - improved upgrade procedure reliability;
vrrp - fixed detection of connection tracking after reboot (introduced in v7.17);
vxlan -improved system stability when using IPv6 VTEP;
webfig - allow table column resize over side toolbar;
webfig - don't reorder rows when selecting header cells with Alt+click;
webfig - show IPv6 firewall connections;
webfig - show missing data in "IP/DNS/Cache" records;
wifi - add channel.reselect-time parameter which allows to perform channel re-selection at given time of day (CLI only);
wifi - add information on CAP uptime and connection uptime in "Remote CAP" list;
wifi - added "eap-identity" to registration table;
wifi - added SSID to logs;
wifi - display error when trying to run snooper on interface which does not support wireless packet capture (sniffer);
wifi - fix authentication of clients which omit some RSN information at association;
wifi - fix incorrect info about current channel for station interfaces after AP has switched channel (introduced in v7.17);
wifi - fix possible snooper crash when parsing frames with malformed headers;
wifi - fixed 5GHz chain enumeration on Chateau PRO ax;
wifi - implement WPA2 PSK authentication with key derivation using SHA256 (CLI only);
wifi - improve parsing of captured frames which have nested flags in radiotap header;
wifi - improved stability for wifi interfaces;
wifi - improved stability when doing SNMP query;
wifi - improved wifi connection stability when used as a station for "b" mode access point;
wifi - re-word log entries about disconnections which are likely caused by peer using a wrong passphrase;
wifi - use at least TLS 1.2 for securing connection between CAPsMAN manager and CAPs;
wifi-qcom - fix inability of interfaces in station mode to connect if they do not support full bandwidth of AP;
wifi-qcom - fix OWE authentication for 802.11ac interfaces in station mode;
winbox - added "MAC Telnet" under "Wifi/Registration" menu;
winbox - added "Multi Passphrase Group" for wifi;
winbox - added "Reset MAC address" for legacy wireless and wifi;
winbox - added comment fields for WiFi "Multi Passphrase Group" menu;
winbox - added comment under "User Manager/Routers" menu;
winbox - added country to wireless setup-repeater;
winbox - added missing "Switch" menu for RDS;
winbox - added missing file systems for disk formatting;
winbox - added missing parameters for BTRFS related action functions;
winbox - added mount-point parameter under "Disk/Settings" menu;
winbox - added netmask support for switch rule Src/Dst IPv6 Address settings;
winbox - allow opening BTRFS menu entries;
winbox - changed default wireless wds-cost-range values;
winbox - do not show not relevant values for certificate template;
winbox - fixed "Multi Passphrase Group" setting for wifi;
winbox - fixed "registry-url" field under "Containers" configuration menu;
winbox - fixed missing SMB client on non-ROSE devices;
winbox - fixed several statistics counters not being read only;
winbox - fixed switch menu for Chateau 5G;
winbox - fixed time interval type fields precision under "Disks" menu;
winbox - hide container File/Remote Image fields only when instance added;
winbox - improve graphing efficiency when communicating with WinBox;
winbox - make BTRFS "Parent" and "Send Parent" options optional;
winbox - properly show/hide OSPF, RIP and BGP tabs for IPv6 routes;
winbox - renamed "raid-member" to "raid member" flag for consistency;
winbox - show eSIM profiles under eSIM menu without manual refresh;
wireguard - add wg-import config-string parameter to import config directly from terminal;
wireguard - update peer info on "get" command;
wireless - added "eap-identity" to registration table;
wireless - implement handling of RADIUS disconnect messages by CAPsMAN;
wireless - suggest all legitimate frequencies for interfaces with 20/40mhz-XX channel width in GUI;
x86 - added support for Emulex NIC;
x86 - i40e updated driver to 2.27.8 version;
x86 - remove unnecessary console output on shutdown;