/ip firewall service-port
set ftp disabled=yes
I can confirm that this now closes the remote code execution bug possible by a MITM. Using winbox auto update should be safe for now .*) improved MikroTik signature checking on WinBox update;
Unfortunately this check still seems insecure.*) on update, Winbox will check that code is signed by MikroTik and not somebody else;
100% agreed.Please put these kind of features in a external packages. Completely unnecessary for the majority of the users and will only end up as an security issue.
Normal people gets an NAS or mini-server to run torrents.
SMTP-only access is unaffected.
Can you elaborate on what was changed here? The last time conntrack was changed with the loose TCP tracking option it introduced a regression, so I'd like to know exactly what changed and what to look out for.conntrack - significant stability and performance improvements;
Show a security error if user tries to open HTTPS website.https-redirect=yes
Show a network error if user tries to open HTTPS website.https-redirect=no
Feb/21/2019 14:46:44 system,error,critical router was rebooted without proper shutdown by watchdog timer
Sounds like you can DoS the service with half-closed connections or something.Yet another security hole, I presume?*) winbox - improvements in connection handling to router with open winbox service;
How severe is it?
I feel like there's been no real progress since the original hAP AC release. I'm still using wAP AC units when I need a small cheap AP and don't care about latency, but for any big deployment I'm going with UBNT / Ruckus depending on budget.Where does this stand now in 2019 after an entire 2018?
After some digging, it turns out this is actually to fix an exploit that enables privilege escalation to root or damage to system files. Why is this not labelled as a security fix?!) telnet - do not allow to set "tracefile" parameter;