Hier der aktuelle Changelog des RouterOS – Stand: 15.12.2015
What’s new in 6.33.3 (2015-Dec-03 16:08):*) ethernet – fixed 10/100Mbps autonegotiation fails on RB922UAGS ether1 (introduced in v6.33.2);*) upnp – fixed memory leak;*) ssh – avoid double session cleanup;*) email – make password field sensitive in console.What’s new in 6.33.2 (2015-Nov-27 15:00):*) bridge – fixed power-cycle-ping for bridge ports (was affecting all bridge);*) ethernet – fixed link resetting on power-cycle-ping value change;*) ppp – fixed dynamic filter rule adding on some firewall filter configurations;*) pppoe – improved MTU discovery compatibility with other vendors;*) pppoe – made MTU discovery more robust;*) pppoe – fixed compliance to RFC4638 (MTU larger than 1488) again;*) vrrp – fix arp=reply-only;*) vrrp – do not warn about version mismatch if VRID does not match;*) vrrp – allow VRRP to work behind firewall and NAT rules;*) vrrp – fixed on-backup script;*) dhcpv4 server – fix kernel crash when restoring lease with queue for non-existent server;*) dhcpv4-client – support /32 address assignment;*) ssh – fix key exchange when first kex packet follows.What’s new in 6.33.1 (2015-Nov-17 09:55):*) licensing – fix unneeded connection attempts to 169.254.x.x must be CHR only (introduced in 6.33);*) pppoe – fixed compliance to RFC4638 for MTU larger than 1488 (introduced in 6.33);*) CRS2xx – fixed occasional switchip resets (broken in 6.33);*) fastpath – fixed wireless interface fastpath (broken in 6.33);*) smb – fixed SMB share crash when connection was cancelled;*) lcd – fixed LCD crash on fast disable/enable;*) lcd – refresh LCD after display command is executed;*) vrrp – fix enabling disabled vrrp interface when vrrp program has exited;*) winbox – do not send any changes on OK button press if nothing has been changed;*) www – put correct path to Winbox v3.0 for new installations with branding package;*) webfig – show correctly SFP Tx/Rx;*) winbox – renamed power-cycle-ping-interval to power-cycle-ping-timeout;*) hotspot – fixed missing image at login;*) netinstall – fix branding pack parsing;*) packages – show version tag when no bundle is installed.What’s new in 6.33 (2015-Nov-06 12:49):*) dns – initial fix for situation when dynamic dns servers could disappear;*) winbox – dropped support for winbox v3.0beta and v3.0rc (use winbox v3.0);*) dhcpv6 – various improvement and fixes for dhcp-pd client and ippool6;*) defconf – fixed rare situation where configuration was only partially loaded;*) net – fix possible never ending loop when bad CDP discovery packet is received;*) log – make default disk file name to reside in flash dir if it exists;*) romon – change port list to be not ordered in export;*) capsman – limit number of simultaneous DTLS handshakes;*) capsman – fixed memory leak on CAP joining CAPsMAN when ssld is used;*) winbox – added allow-fast-path to eoip, gre & ipip;*) winbox – do not show power-cycle properties on non poe ports;*) l2tp: implemented PPPoE over L2TP in LNS mode, RFC3817;*) webfig – some of the setting were shifted to the right;*) packages – allow to reinstall from bundle to separate packages & vice versa;*) packages – prefer out of bundle packages when both of them are installed;*) packages – fix a problem of upgrading bundle package to non bundled ones;*) ipsec – force flow cache validation once in 1h;*) winbox – make sure that all setting names get shown in full;*) winbox – added poe power-cycle-ping settings to ethernet interfaces;*) ppp – handle properly case were ppp client is given same address for local & remote end;*) winbox – added vlan-mode & vlan-id to virtual-ap interface;*) winbox – added timeout column to ipv6 address lists;*) winbox – show SFP Tx/Rx Power properly;*) winbox – added min-links to bonding interface;*) winbox – do not show health menu on RB951Ui-2HnD;*) winbox – added support for Login-Timeout & MAC-Auth-Mode in hotspot;*) cerm – added option to disable crl download in ‚/certificate settings‘;*) winbox – make user ssh key import work again;*) webfig – make „Copy to Access List“ work in CAPsMAN Registration Table;*) userman – fix report generation problem which could result in some users being skipped from it;*) winbox – fix to allow cpu-port as mirror-target*) proxy – error.html parsing enhancement to improve performance*) CCR1072 – improve ether1 performance under heavy load*) routerboard – indicate RouterBOOT type in /system routerboard print;*) mpls – properly use mpls mtu for routes;*) cerm – fix key description for signed certificates;*) trafflow – report flow addresses in v1 and v5 without NAT awareness;*) hotspot – add mac-auth-mode setting for mac-as-passwd option;*) hotspot – add login-timeout setting to force login for unauth hosts;*) auto-upgrade – fixed auto upgrade for smipsbe;*) dns – do not create duplicate entries for same dynamic dns server addresses;*) ipsec – fix set on multiple policies which could result in adding non existent dynamic policies to the list;*) email – allow server to be specified as fqdn which is resolved on each send;*) fastpath – eoip,gre,ipip tunnels support fastpath (new per tunnel setting „allow-fast-path“);*) ppp, pptp, l2tp, pppoe – fix ppp compression related crashes;*) cerm – also accept downloaded CRLs in PEM format;*) userman – added ‚history clear‘ to allow flushing undo history, which may take up significant amount of memory for huge databases with hundreds of users;*) health – fix voltage for CRS109, CRS112 and CRS210 if powered from external adapter;*) userman – added phone number support to signup form;*) ip pool6 – try to acquire the same prefix if info matches recently freed;*) ipsec – fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator;*) ipsec – use local-address for phase 1 matching and initiation;*) route – fixed crash on removing route that was aggregated;*) ipsec – fix replay window, was accidentally disabled since version 6.30;*) ssh – allow host key import/export;*) ssh – use 2048bit RSA host key when strong-crypto enabled;*) ssh – support RSA keys for user authentication;*) wlan – improved WMM-PowerSave support in wireless-cm2 package;*) pptp & l2tp – fixed problem where android client could not connect if both dns names were not provided (was broken since v6.30);*) auto-upgrade – added ability to select which versions to select when upgrading;*) quickset – fixed HomeAP mode;*) lte – improved modem identification to better support multiple identical modems;*) snmp – fix system scripts table;*) tunnels – eoip,eoipv6,gre,gre6,ipip,ipipv6,6to4 tunnels now support dns name as remote address;*) fastpath – active mac-winbox or mac-telnet session no longer suspends fastpath;*) fastpath – added per interface fastpath counters;*) fastpath – added trafflow support in basic ipv4 and fasttrack ipv4 fastpath;*) ppp – added on-up & on-down scripts to ppp profile;*) winbox – allow to specify dns name in all the tunnels;*) pppoe – added support for MTU > 1492 on PPPoE;*) cerm – fix scep server certificate-reply degenerate PKCS#7 signed-data content;*) ppp-client – added default channels for Alcatel OneTouch L100V;*) defconf – fix for boards that had bridge with only wlan ports;*) ovpn: support OpenWRT ovpn clients (or any other with enable-small option enabled);*) cerm – use certificate file name for imported cert name;*) fetch – fixed error message when error code 200 was received;*) cerm – rebuild crl for local ca if crl file does not exist;*) winbox – make directed broadcasts work for neighbor discovery;*) upnp: automatically adjust mappings to new external ip change;*) ppp – added ppp interface to upnp internals/externals if requested;*) ppp – when adding ipv6 default route use user provided distance;*) userman – allow to correctly enable CoA on router;*) cerm – show crl nextupdate time;*) ppp – added CoA support to PPPoE, PPTP & L2TP (Mikrotik-Recv-Limit, Mikrotik-Xmit-Limit, Mikrotik-Rate-Limit, Ascend-Data-Rate, Ascend-XMit-Rate, Session-Timeout);*) ppp – added new option under „ppp aaa“ – „use-circuit-id-in-nas-port-id“;*) userman – refresh active sessions/users view dynamically;*) package – added version tag and show everywhere alongside of version number;*) wlan – improved 802.11 protocol single connection TCP performance for ac chipset with cm2 package.What’s new in 6.32.2 (2015-Sep-17 15:20):*) cerm – guard template from parallel use*) mipsle – fixed missing second level menu in CLI;*) sstp – avoid routing loops on client when adding default route;*) sstp – fixed problem where sometimes sstp ip addresses were invalid;*) switch – fixed bogus log messages about excessive broadcasts/multicasts on master-port;*) tftp – fix request file name reading from packet*) pptp encryption – better handling for out-of-order packets;*) ethernet – added support for new ASIX USB Ethernet dongles;*) CAPsMAN – fix 100% CPU usage when trying to upgrade RouterOS on CAP;*) upgrade – fixed default configuration export;*) ppp – fixed ppp interface stuck in not running state;*) ipsec – fixed kernel failure when packets were not ordered on first call;*) upnp – randomize action urls to fix „filet-o-firewall“ vulnerability;*) RB532/RB564 – fixed no link after ethernet disable/enable;*) romon – fixed default configuration export;*) tile – fixed occasional deadlock on module unload;*) mesh – fix router lock-up when interface is added/removed;*) ipsec – fix sockaddr buf size on id generation for ipv6 address;*) health – show correct voltage for CRS109,CRS112,CRS210 when powered through PSU and show voltage up to 27V when powered through PoE;*) email – resolve server address;*) snmp – show firmware upgrade info;*) upgrade – report status in check-for-updates.What’s new in 6.32.1 (2015-Sep-07 13:03):*) RB911/912 – fixed lock-up;*) RB493G – fixed reboot loop;*) firewall – do not lose firewall mangle rules on start-up;*) defconf – fix default configuration for routers without wireless package.What’s new in 6.32 (2015-Aug-31 14:47):*) trafflow – added support for IPv6 targets;*) switch – fixed port flapping on switch ports of RB750, RB750UP, RB751U-2HnD and RB951-2N (introduced in 6.31)*) ipsec – added compatibility option skip-peer-id-check;*) flash – fix kernel failure (exposed by 6.31);*) bridge firewall – add ipv6 src/dst addr, ip protocol, src/dst port matching to bridge firewall;*) RB911/RB912 – fix SPI bus lock after fast led blink;*) ipsec – fix potential memory leak;*) bridge firewall – vlan matchers support service tag – 0x88a8;*) ippool6 – try to acquire the same prefix if info matches recently freed;*) crs switch – allow to unset port learn-limit, new default is unset to allow more than 1023 hosts per port;*) x86 – fixed 32bit multi-cpu kernel support;*) chr – add hotspot,btest,traffgen support;*) revised change that caused reboot by watchdog problems introduced in v6.31;*) ipsec – use local-address for phase 1 matching and initiation;*) ipsec – fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator;*) certificates -fixed bug where crl stopped working after a while;*) ip accounting – fixed kernel crash;*) snmp – fix system scripts get;*) hotspot – ignore PoD remote requests if no HotSpot configured;*) hotspot – fix kernel failure when www plugin aborts on broken html source;*) torch – add invert filter for src/dst/src6/dst6 addresses ;*) bonding – add min_links property for 802.3ad mode;*) snmp – get vlan speed from master interface;*) hotspot – fix html-directory path on small flash devices;*) mipsbe – make system shutdown work again;*) lcd – fixed parallel port LCD display support on multi-cpu x86;*) bridge – fixed use-ip-firewall-for-vlan in setups with multiple bridges;*) ipv6 – fixed DHCP-PD client skips some steps when renewing lease;*) upnp – fixed protocol port selection for upnp protocol comunications;*) firewall – fixed limit and dst-limit options.*) winbox – fixed wireless interface l2mtu (VirtualAP and WDS interface creation in winbox)*) winbox – fixed multiple firewall rule moving in Winbox 2*) simple queues – restrict all changes in dynamic simple queuesWhat’s new in 6.31 (2015-Aug-14 15:42):*) check-for-update – added ability to select versions channel to check(bugfix, current, RC or development)*) demo mode of Cloud Hosted Router (CHR) added*) chr – added x86_64 image for use in virtual environments*) chr – added support for VMware SCSI virtual disks*) chr – added support for VMware vmxnet3 network card*) chr – added support for HyperV SCSI disks*) chr – added support for HyperV Ethernet interfaces*) chr – added support for virtio disks*) fixed occasional interface resetting on CRS switches*) fixed ethernet stopping on RB NetMetal / SXTG-5HPacD 10Mbit and 100Mbit links*) ipsec – fixed crash in when gcm encryption was used*) ipsec – allow to set peer address as „::/0“*) ipsec – fixed empty sa-src address on acquire in tun mode*) ipsec – show proposal info in export ipsec section*) ipsec – preserve port wildcard when generating policy without port override*) ipsec – fixed replay window, was accidentally disabled since version 6.30;*) certificate manager – fixed memory leak*) ssh – allow host key import/export*) ssh – use 2048bit RSA host key when strong-crypto enabled*) ssh – support RSA keys for user authentication*) conntrack – fixed problem with manual connection removal*) conntrack – added tcp-max-retrans-timeout and tcp-unacked-timeout*) wireless – implemented l2mtu update if wireless-cm2 is enabled*) wireless – improved WMM-PowerSave support in wireless-cm2 package*) mpls – better multicore support for VPLS ingress/egress*) ovpn – better multicore support for interface initialization/authentication/creation.*) mesh – performance improvement*) pptp & l2tp – fixed problem where android client could not connect if both dns names were not provided (was broken since v6.30)*) user-manager – fixed username was not shown in /tool user-manager user*) user-manager – fixed zoom for user-manager homepage when mobile devices used*) winbox – restrict change dynamic interface fields*) winbox – also hide passphrase in CAPsMAN with „Hide Password“*) winbox – restrict reversed ranges in dst-port under firewall*) quickset – fixed HomeAP mode*) lcd – added LCD package for all architectures (for serial port LCD modules)*) lcd – fixed crash (and 100% cpu usage) when interface gets removed from „stats-all“ screen*) tool fetch – fixed incomplete ftp download*) tool fetch – don’t trim [t]ftp leading slashes*) proxy – adjust time according to time-zone settings in proxy cache contents.*) bridge fastpath – fixed updating bridge FDB on receive (could cause TX traffic flooding on all bridge ports)*) bonding fastpath – fixed possible crash when bonding master was also a bridge port*) route – fixed crash on removing route that was aggregated*) romon – fixed crash on SACKed tx segments*) lte – improved modem identification to better support multiple identical modems*) snmp – fixed system scripts table*) traffic flow – fixed dynamic input/output interface reporting*) ipv6 dhcp-relay – fixed problem loading configurationknown issue:*) Dynamic DNS servers can disappear when „allow-remote-requests“ are not enabledWhat’s new in 6.30 (2015-Jul-08 09:07):*) wireless – added WMM power save suport for mobile devices;*) firewall – sip helper improved, large packets no longer dropped;*) fixed encryption ‚out of order‘ problem on SMP systems;*) email – fix sending multiple consecutive emails;*) fixed router lockup on leap seconds with installed ntp package;*) ccr – made hardware watchdog work again (was broken since v6.26);*) console – allow users with ‚policy‘ policy to change script owner;*) icmp – use receive interface address when responding with icmp errors;*) ipsec – fail ph2 negitioation when initiator proposed key lengthdoes not match proposal configuration;*) timezone – updated timezone information to 2015e release;*) ssh – added option ‚/ip ssh stong-crypto‘*) wireless – improve ac radio coexistence with other wireless clients, optimizedtransmit times to not interfere with other devices;*) console – values of $“.id“, $“.nextid“ and $“.dead“ are avaliable foruse in ‚print where‘ expressions;*) console – ‚:execute‘ command now accepts script source in „{}“ braces,like ‚/system scripts add source=‘ does;*) console – ‚:execute‘ command now returns internal number of running job,that can be used to check and stop execution. For example::local j [:execute {/interface print follow where [:log info „$name“]}]:delay 10s:do { /system script job remove $j } on-error={}*) console – firewall ‚print‘ commands now show all entries includingdynamic, ‚all‘ argument now has no effect;*) ipsec – increase replay window to 128;*) fixed file transfer on devices with large RAM memory;*) pptp – fixed „encryption got out of sync“ problem;*) ppp – disable vj tcp header compression;*) api – reduce api tcp connection keepalive delay to 30 seconds,will timeout idle connections in about 5 minutes;*) pptp & l2tp & sstp client: support the case were server issues its tunnelip address the same as its public one;*) removed wireless package from routeros bundle package,new wireless-fp is left in place and wireless-cm2 added as option;*) pptp & l2tp client: when adding default route, add special exception route fora tunnel itself (no need to add it manually anymore);*) improved connection list: added connection packet/byte counters,added separate counters for fasttrack, added current rate display,added flag wheather connection is fasttracked/srcnated/dstnated,removed 2048 connection entry limit;*) tunnels – eoip, eoipv6, gre,gre6, ipip, ipipv6, 6to4 tunnelshave new property – ipsec-secret – for easy setup of ipsecencryption and authentication;*) firewall – added ipsec-policy matcher to check wheather packetwas/will be ipsec processed or not;*) possibility to disable route cache – improves DDOS attackhandling performance up to 2x (note that ipv4 fastpath depends on route cache);*) fasttrack – added dummy firewall rule in filter and mangle tablesto show packets/bytes that get processed in fasttrack and bypass firewall;*) fastpath – vlan interfaces support fastpath;*) fastpath – partial support for bonding interfaces (rx only);*) fastpath – vrrp interfaces support fastpath;*) fixed memory leak on CCR devices (introduced in 6.28);*) lte – improved modem identification to better support multiple identical modems;*) snmp – fix system scripts table;What’s new in 6.29 (2015-May-27 11:19):*) ssh server – use custom generated DH primes when possible;*) ipsec – allow to specify custom IP address for my_id parameter;*) ovpn server – use subnet topology in ip mode if netmask is provided (makes android & iosclients work);*) console – allow ‚-‚ characters in unknown command argument names;*) snmp – fix rare bug when some OIDs where skipped;*) ssh – added aes-ctr cipher support;*) mesh – fixed kernel crash;*) ipv4 fasttrack fastpath – accelerates connection tracking and nat for markedconnections (more than 5x performance improvement compared to regular slowpath conntrack/nat) – currently limited to TCP/UDP only;*) added ~fasttrack-connection~ firewall action in filter/mangle tables for markingconnections as fasttrack;*) added fastpath support for bridge interfaces – packets received and transmittedon bridge interface can go fastpath (previously only bridge forwarded packetscould go fastpath);*) packets now can go half-fastpath – if input interface supports fastpath andpacket gets forwarded in fastpath but output interface does not support fastpathor has interface queue other than only-hw-queue packet gets convertedto slow path only at the dst interface transmit time;*) trafflow: add natted addrs/ports to ipv4 flow info;*) tilegx: enable autoneg for sfp ports in netinstall;*) health – fix voltage on some RB4xx;*) romon – fix 100% CPU usage;*) romon – moved under tools menu in console;*) email – store hostname for consistency;*) vrrp – do not reset interface when no interesting config changes;*) fixed async. ppp server;*) sstp – fixed router lockup.*) queue tree: some queues would stop working after some configuration changes;*) fixed CRS226 10G ports could lose link (introduced in 6.28);*) fixed FREAK vulnerability in SSL & TLS;*) firewall – fixed sector writes rising starting since 6.28;*) improved support for new hEX lite;What’s new in 6.28 (2015-Apr-15 15:18):*) email – increase server greeting timeout to 60s;*) lte – ZTE MF823 may loose configuration;*) userman – update paypal root certificate;*) timezone – updated timezone information to 2015b release;*) cm2 – fixed capsman v2 100% CPU and other stability improvements;*) route – using ldp could cause connected routes withinvalid interface nexthop;*) added support for SiS 190/191 PCI Ethernet adapter;*) made metarouter work on boards with 802.11ac support or usb LTE;*) sstp server – allow ADH only when no certificate set;*) make fat32 disk formatting support disks bigger than 134GiB;*) fixed tunnels – could crash when clamp-tcp-mss was enabled;*) added basic counters for ipv4/bridge fast path, also show status wether fastpath is active at all;*) trafflow: – fixed crash on disable;*) pppoe over eoip – fixed crash with large packets;*) tilegx – fixed memory leak when queue settings are changed;*) ar9888 – fixed crash when hw reports invalid rate;*) console – fixed „in“ operator in console;*) console – make „/system package update print“ work again.*) tile – rare situation when CCR devices failed to auto-negotiate ethernet link (introduced in v6.25);*) dhcpv4 client – it is now possible to unset default clientid and hostname options*) initial RoMon (Router Management Overlay Network) support added.What’s new in 6.27 (2015-Feb-11 13:24):*) console – added ‚comment‘ parameter for ‚/system script‘*) api – return sentences can have property „.section“ that groups valuesfrom commands such as „monitor“, „traceroute“,„print“ (with non-zero ‚interval‘ value);*) cloud – add time zone detection feature „/system clock time-zone-autodetect“;*) cloud – rename „/ip cloud enabled“ to „/ip cloud ddns-enabled“;*) cloud – make „/ip cloud update-time“ independent from „/ip cloud ddns-enabled“*) cloud – when setting „/ip cloud ddns-enabled“ to „no“ router will sendmessage to server to disable DNS name for this routerboard;*) cloud – „/ip cloud force-update“ command now will work also when„/ip cloud ddns-enabled = no“. usefull if user wants to disable DDNS;*) RB4xxGL – improved ethernet throughput (less dropped packets);*) RouterBOARD – fixed health reporting;*) check-installation: fixed wrong kernel crc on powerpc boards*) watchdog: fix software watchdog for x86*) ssh – check conn state before sending disconnect message;*) ipsec – fixed crash that happened in specific situation;
