Излязла е нова версия на RouterOS v7.23

[News]

What's new in 7.23 (2026-May-25 12:05):

!) upgrade - use HTTPS by default when connecting to MikroTik upgrade servers;
*) app - added "network-outgoing-access=yes/no" setting to prevent containers from initiating outbound traffic;
*) app - added birdnet-go, cryptpad, diagrams-net, lorawan-stack, metube, mikrodash, nextcloud-whiteboard, paperless-ngx, wbo, zulip apps;
*) app - added docker-with-dockge, docker-with-komodo, docker-with-portainer, HA-otbr-matter, odoo, otbr, stalwart, trip apps;
*) app - added possibility to set app command-line parameter from CLI;
*) app - added restart command;
*) app - allow apps on XFS file systems;
*) app - allow filtering by installed apps;
*) app - allow overriding default stop signal;
*) app - allow parsing DNS in YAML;
*) app - allow passing stop signal from YAML and passing it to container as default;
*) app - allow picking app category from drop-down;
*) app - allow updating name parameter from YAML for custom apps;
*) app - allow updating YAML for existing custom app, forces cleanup;
*) app - apps now check for port availability, apps will not start on "internal" if app masks existing service;
*) app - automatically pass any required devices to container, such as otbr;
*) app - automatically restart app when required hardware device is changed;
*) app - bundled ollama with openwebui;
*) app - check if certificate already exists before creating a new one;
*) app - disabled PiHole syncing NTP to host;
*) app - fixed issue where XFS disks did not appear in the app disk drop-down;
*) app - fixed saving custom apps;
*) app - fixed showing ui-url for apps;
*) app - fixed some apps not containing the full repository URL;
*) app - fixed stability issue when running cleanup on many apps;
*) app - fixed store issue when adding a custom app;
*) app - fixed YAML not exported for custom apps;
*) app - improved app network and port behavior;
*) app - improved automatic hardware device passing to container;
*) app - improved YAML error message;
*) app - make sure all layer .tar.gz files are deleted after extraction finishes;
*) app - on file-based devices, swap is enabled on the file itself instead of creating another and enabling it on that;
*) app - stability fixes for the "/app" menu;
*) app - swap file is now created based on the mount-point it is attached to;
*) app - updated uptime-kuma image;
*) arm64,x86 - updated Broadcom bnxt Ethernet driver for 200G support;
*) bfd - fixed source address selection for IPv6 multihop sessions;
*) bridge - added ability to set custom Option 82 with dhcp-agent-circuit-id, dhcp-agent-remote-id settings (replaces add-dhcp-option82 setting; configuration is automatically updated after upgrade);
*) bridge - added DHCPv6 snooping feature with ability to set custom Option 18 and Option 37;
*) bridge - fixed dynamic VLAN update for WiFi interfaces;
*) bridge - improved MAC synchronization for MLAG;
*) bridge - recognize more DHCP message types when dhcp-snooping is enabled;
*) bth - fixed WireGuard client config IP address netmask;
*) certificate - added "ISRG Root X1" and "DigiCert Global Root G2" to SMIPS built-in root certificate authorities store;
*) certificate - allow deleting ACME certificate that failed to generate;
*) certificate - improved ACME logging;
*) certificate - improved ACME status reporting;
*) certificate - set Let's Encrypt as default ACME directory;
*) chr - improved guest tool config for arm64 CHR;
*) cloud - cloud backup file management now requires "policy" policy;
*) cloud - show error if cloud services are not supported on the device;
*) console - added comment in "/ip/dhcp-server/option/sets" and "/ipv6/dhcp-server/option/sets" menus;
*) console - added path parameter to export;
*) console - added syntax highlight for script properties in some menus (e.g. dhcp-client, dhcp-server, ppp/profile, interface/vrrp);
*) console - export mentions custom defconf script presence in header;
*) console - fixed "/log/print follow on-event" to work with "where" (introduced in v7.22);
*) console - fixed output when oversized completion present;
*) console - removed redundant keepalive for the serial-terminal, ensure that the device no longer periodically outputs /0 while using "/system/serial-terminal";
*) console - show "/system/resource/hardware/usb-power-reset" only on x86;
*) console - show warning in print header when terminal is too narrow to show any columns;
*) console - treat non-existent command parameters as runtime errors;
*) container - added restart-policy=no/always/on-failure, stop-on-unhealthy, restart-count, restart-interval, restart-max-count properties;
*) container - added support for noexec option to mounts;
*) container - added support for USB audio devices for containers;
*) container - allow disabling individual container environment variables without deleting them;
*) container - allow picking mount source directories with the file picker in WinBox;
*) container - allow setting memory-max globally and per container;
*) container - allow user-defined mounts overriding /sys and /dev;
*) container - check if root-dir does not exist before adding a container;
*) container - clean up layers of non-existing containers;
*) container - detect and show containers killed by out-of-memory killer;
*) container - do not allow starting container/shell with non-existing user or group;
*) container - draw graphs in container stats;
*) container - fixed container entrypoint and shell override by user;
*) container - fixed container layer size calculation;
*) container - fixed container shell not working with multi-arg commands;
*) container - fixed repull if root-dir of container was in tmpfs;
*) container - fixed running "/container shell" with the correct user, if container user is set or overridden;
*) container - improved errors at container start;
*) container - improved running container instance memory usage;
*) container - layers are now accessible under "Layers" tab;
*) container - pass any container startup error message back to "run" and make it exit immediately;
*) container - remove container backup directory if import fails;
*) container - removed "Layers" button;
*) container - show container size and container data size;
*) container - show default DNS servers;
*) container - show layer size calculation status;
*) container - updated /dev/net/tun permissions;
*) crypto - fixed fallback flag loss in qcrypto;
*) crypto - fixed stability issue;
*) crypto - improved safexcel driver with upstream changes and patches;
*) dhcpv4-server - added "add-dns-entries" and "add-dns-entries-suffix" properties for creating local DNS entries;
*) dhcpv4-server - changed lease agent-circuit-id and agent-remote-id format to hex;
*) dhcpv4-server - do not raise an alert when receiving a packet originating from the same device;
*) dhcpv4-server - do not suggest bogus pools when using setup command (e.g. when address is /31 or /32);
*) dhcpv4-server - fixed an issue where renew packets without giaddr were sometimes not processed;
*) discovery - added "add-dns-entries" and "add-dns-entries-suffix" properties for creating local DNS entries;
*) discovery - added option to disable/enable LLDP MED;
*) discovery - added separate read-only menu "/ip/neighbor/lldp" for neighbors discovered by LLDP (CLI only);
*) discovery - dynamically update advertised "interface-name";
*) discovery - fixed LLDP MAC/PHY TLV;
*) disk - added "/disk" smart-info;
*) disk - added disk check and repair for ext4, Btrfs and XFS file systems;
*) disk - improved device name tracking in "/system/resource/hardware" menu;
*) disk - show disk io errors in "/disk" menu;
*) dns - added HTTP/2 support to DoH on ARM64 and x86/CHR devices;
*) ethernet - improved system stability for RB3011, L009, NetMetal ax, hAP ax lite devices;
*) ethernet - improved system stability on devices with Alpine CPUs;
*) fetch - fixed non-working idle-timeout in some cases;
*) file - added copy, tail, head commands (CLI only);
*) firewall - added "action=drop" to mangle;
*) firewall - improved stability for SIP helper;
*) firewall - matcher "in-bridge-port" does not require "use-ip-firewall=yes";
*) graphing - improved service stability when storing data;
*) hardware - report the correct state of PCI devices in "/system/resource/hardware" menu;
*) health - hide health menu for RB951ui-2nD;
*) ike2 - fixed child SA cleanup during flush operation;
*) ike2 - fixed pending responder connection cleanup after peer removal;
*) ike2 - fixed SA delete handling on initiator during rekey;
*) ike2 - improved HMAC size validation checks;
*) interface - show warning when same MAC address is used on more than one virtual interface;
*) iot - added LoRa Tx delay setting;
*) iot - added MQTT subscribe message real-time monitoring option;
*) iot - added Wiliot support;
*) iot - fixed LoRa LBT issues, which caused Tx packets not getting delivered;
*) iot - fixed LoRa lockpack preventing lock from applying;
*) iot - improved LoRa stability;
*) iot - improved LoRa Tx handling;
*) iot - improved LoRa Tx scheduling;
*) ip - added IPv6 and VRF support for reverse-proxy;
*) ip - added SNI logging for reverse-proxy;
*) ip - fixed hanging connections for reverse-proxy;
*) ip-settings - added ipv4-fragment-time and ipv4-high-fragment-thresh settings, use default values based on total device memory;
*) ipip - disabled IPv6 link-local address generation;
*) ippool - fixed issue when changing pool with already used addresses;
*) ippool6 - allow variable length pool;
*) ippool6 - properly follow pool changes for already used prefixes;
*) ipsec - added netlink-based SA and policy handling;
*) ipsec - fixed SA proto parameter conversion and policy "none" type handling;
*) ipsec - improved NAT encapsulation parameter forwarding;
*) ipsec – fixed expired SA handling to prevent “no such item” errors during listing;
*) ipv6 - added from-pool-policy address property that controls how address is acquired from the pool;
*) ipv6 - added without-acquire address property;
*) ipv6 - always ensure that prefix length matches the one given by the pool even if address was set to 0;
*) ipv6,ra - added option to ignore MTU and DNS servers;
*) ipv6,ra - added router-advertisement-route-distance setting;
*) ipv6,ra - allow receiving DNS servers over multiple interfaces;
*) ipv6,ra - clamp valid-lifetime to minimum of 2h on deprecation;
*) ipv6,ra - extend processed RA logging;
*) ipv6,ra - fixed advertised DNS parameter logging;
*) ipv6,ra - fixed changing default "all" interface configuration;
*) ipv6,ra - fixed DNS and pref64 property unset;
*) ipv6,ra - fixed sending only DNS or MTU when prefix is set to "none";
*) ipv6,ra - improved service stability;
*) ipv6,ra - warn when interface is under the bridge;
*) isis - allow to configure metric-type;
*) l3hw - added HW offloaded VRF support on CRS8xx switches;
*) l3hw - added VRF assignment via switch ACL rules on CRS8xx switches (CLI only);
*) l3hw - fixed VXLAN packet matching by local IP;
*) leds - added new PoE fault LED cases (bad fw, PoE card power cable disconnected, PoE card not inserted);
*) leds - fixed power LED turning off while LTE interface is inactive (introduced in v7.22);
*) log - added "discover" topic and log events for discovered local DNS entries;
*) log - added CC option for e-mail action;
*) log - added ssld error logging;
*) log - added TLS support;
*) lte - added fast SIM switchover support using AT channel for MBIM modems without MBIM_CID_MS_UICC_RESET firmware support;
*) lte - configure IP address for AT modems even if no DNS is received from the network;
*) lte - delete CID profiles one by one instead of "delete all" for QMI modems, as command does not work for all modems;
*) lte - do not duplicate primary-band also in ca-band for QMI modems in 5G SA network;
*) lte - do not reconfigure modem in passthrough mode if passthrough cannot be activated because of slave interface;
*) lte - emit RS every 60s on LTE interface;
*) lte - filter packets by MAC in multi-apn setup for EC200A-EU modem;
*) lte - fixed automatic modeswitch for "Chateau 5G R16" and "Chateau 5G";
*) lte - fixed broken network scan after being interrupted by reconfiguration;
*) lte - fixed operator setting for QMI modems;
*) lte - fixed rare cases where the Tx queue could stop and never wake up on multi-core CPU devices;
*) lte - fixed RSSI signal monitor for 3rd party modems where AT+CSQ responses are not parsed;
*) lte - fixed user set MTU not applied to LTE interface;
*) lte - improved system stability for devices with QMI modems;
*) lte - improved system stability when modem configured in passthrough mode with VLANs for "Chateau 5G R16" and "Chateau 5G";
*) lte - improved system stability;
*) lte - improvements for passthrough mode in IPv6 only setup;
*) lte - keep MAC persistent across reboots for QMI modems;
*) lte - read subscriber number also for QMI modems;
*) lte - removed LTE external-antenna scan;
*) lte - set SMS send timeout to 180s;
*) lte - show external-antenna as "none" before actual scan is done instead of empty value;
*) lte - show MTU as "auto" also on interface level if "auto" used;
*) lte - SIMCom modems, skip error state when modem sends improperly formatted CREG response/URC;
*) lte - stop network scan on interruption for QMI modems;
*) lte - unify "modem-init" for all driver types;
*) macsec - added aes-gcm-xpn-128 cipher support;
*) netwatch - fixed memory leak when using HTTP/HTTPS GET probe with invalid src-address;
*) ospf - allow adding interface configuration manually, bypassing interface-template;
*) ospf - change virtual link configuration to use OSPF interface directly;
*) ospf - fixed missing interface-template configuration which previously was converted by upgrading from RouterOS v6;
*) ospf - fixed nssa bit check;
*) ospf - fixed routes not being installed on ABRs;
*) pimsm - do not ignore priority when selecting RP from BSR;
*) pimsm - fixed possible BSR loop;
*) pimsm - improved stability;
*) ping - resolve domain name to IPv6 if src-address is IPv6 address;
*) ping - show time in microseconds for flood-ping;
*) poe-out - firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces);
*) port - added support for "tcp-client" and "udp" modes for "remote-access";
*) port - expose RG650E-EU diagnostics channel;
*) port - remove unused serial port on RB1100AHx4;
*) pppoe - do not reset pppoe-client interface when adding a comment;
*) ptp - added support for CRS812, CRS804;
*) ptp - fixed crash during initialization on some devices;
*) qos-hw - added automap setting to QoS Profiles (enabled by default);
*) qos-hw - added ECN and PFC support on CRS8xx;
*) qos-hw - added new default "auto" value to mirror-buffers, multicast-buffers, shared-buffers QoS Settings (old defaults are shown in export after upgrade);
*) qos-hw - added queueX-byte-max stats to port usage on CRS8xx;
*) qos-hw - fixed CPU traffic mapping to queues on CRS8xx switches;
*) qos-hw - introduced lossless-traffic-class and lossless-buffers settings;
*) qos-hw - removed shared-pool-index setting;
*) route - fixed link-local interface check when resolving IPv6 nexthops;
*) route - revert to old routing rule priorities for containers (introduced in v7.22);
*) routerboot - fixed Netinstall failure when using multiple partitions on AL73400, AL52400, AL32400 CPUs ("/system routerboard upgrade" required);
*) sftp - fixed path canonicalization request;
*) smb - do not start /ip smb server on container interfaces;
*) sniffer - added IP ECN field;
*) sniffer - fixed missing VLAN tag in the TZSP packets;
*) snmp - added missing BRIDGE-MIB OIDs (dot1dBaseNumPorts, dot1dBaseType, dot1dStpDesignatedRoot, dot1dStpPortDesignatedBridge, dot1dStpRootCost, dot1dStpRootPort, dot1dStpHoldTime, dot1dStpBridgeMaxAge, dot1dStpBridgeHelloTime, dot1dStpBridgeForwardDelay, dot1dStpPortForwardTransitions, dot1dTpAgingTime);
*) snmp - added missing LLDP-MIB OIDs (lldpMessageTxInterval, lldpMessageTxHoldMultiplier, lldpLocManAddrTable);
*) snmp - enforce minimum password length;
*) snmp - fixed compliance of LLDP-MIB lldpRemManAddrTable;
*) snmp - fixed connection tracking counter OID;
*) snmp - fixed dot1dStpPortDesignatedPort, dot1dStpPortDesignatedRoot OIDs;
*) snmp - fixed ifSpeed and ifHighSpeed OIDs for 802.3ad and balance-xor bonding interfaces;
*) snmp - fixed lldpLocSysDesc OID;
*) snmp - implemented LTE firmware upgrade option;
*) snmp - use "/ip/neighbor/lldp" for lldpRemTable and lldpRemManAddrTable (fixes lldpRemTable showing neighbors discovered by MNCP or CDP);
*) ssh - do not advertise password login method when it is disabled;
*) ssh - improved host resolve error logging;
*) switch - fixed issue with MAC table for RB2011 (introduced in v7.21);
*) switch - fixed missing ethernet counters for non-running interfaces on CRS8xx switches (introduced in v7.22);
*) switch - improved FDB operations on QCA8337, Atheros8327;
*) switch - rework how IEEE reserved MAC addresses are handled on QCA8337, Atheros8327;
*) switch - updated switch-marvell.npk driver;
*) switch - use names instead of numbers in switch menu configuration export;
*) system - improved handling of HTTP/2 connection closure;
*) system - improved RouterOS package download over slow connection;
*) system - improved switching to HTTP/1 if HTTP/2 is not supported by remote host;
*) system - keep HTTP/2 connection open if it is not closed by system or server;
*) system - make default identity based on board name;
*) timezone - updated timezone information from "tzdata2026b" release;
*) upgrade - added the option to configure HTTP/HTTPS modes when connecting to MikroTik upgrade servers;
*) upgrade - changed status message for scheduled installs;
*) upgrade - check for available packages when opening System/Packages in GUI;
*) usb - added ax88179_178a driver;
*) usb - improved USB Ethernet adapter recognition;
*) usb - show USB device reported maximum power;
*) user-manager - improved stability when removing user-profile while session updates counters;
*) veth - fixed link-local address not being configurable as a gateway;
*) vxlan - fixed fast-path when using "checksum=no" (introduced in v7.20);
*) vxlan - improved system stability;
*) webfig - added postfix byte value support (e.g. "/ip/settings/ipv4-high-fragment-thresh");
*) webfig - added support for filter in tables;
*) wifi - improved interface provisioning for WiFi 7 access points;
*) wifi - improved on-capsman traffic processing;
*) wifi-mediatek - fixed multicast-enhance functionality;
*) wifi-mediatek - fixed stability issue getting regulatory information and during initialization;
*) wifi-qcom-be - fixed incorrect channel info for punctured channels;
*) wifi-qcom-be - fixed stability issue during initialization;
*) wifi-qcom-be,mediatek - correctly advertise RRM capabilities when 802.11k neighbor reports are enabled;
*) winbox - added "MLD Static" and "MLD Datapath" properties under the "WiFi/CAP" menu;
*) winbox - added "Multipath" property under the "Routing/BGP/Instance" menu;
*) winbox - added “Remove” action under "System/Certificates/Requests" menu;
*) winbox - added comment for DHCPv6 relay;
*) winbox - added group numbers for DH and PFS groups for IPsec;
*) winbox - allow setting "CAPsMAN address" for CAP as domain name;
*) winbox - do not accept interface without specifying IP or MAC in "Ping To" field;
*) winbox - improved "External Antenna" property display;
*) winbox - improved Routing/PIM SM menu;
*) winbox - move bridge IGMP Snooping checkbox to IGMP tab;
*) winbox - rename DHCPv6 server binding "Peer Address" to "Client Address";
*) winbox - show "Directory URL" field for ACME certificates in Certificate view;
*) winbox - show "IPv6 Address" property by default under the "IP/Neighbors" menu;
*) winbox - show accepted connections in tree view under "IP/Services" menu;
*) winbox - updated socksify icon for firewall NAT rules;
*) wireguard - improved system stability;
*) www - added partial content (HTTP 206) support;
*) www - improved REST API user cache processing;
*) www - improved system stability;
*) zerotier - switch to 1.14.2 version;

Свали от тук