Hello,
I happened to look at the changelog in detail and was alarmed to find this.
It appears you are going from a challenge-based login authentication to a plaintext one? Why are you doing this?
Thanks!
James
Challenge-Response requires the device to have your password available in plain text, which is the reason why the latest winbox bug was able to leak your passwords, no matter how strong they were.
The new login mechanisms allows the device to save only password hashes, even if an attacker manages to retrieve them he still has to brute force the corresponding passwords. Remember to disable any non-encrypted management protocols (http, telnet, etc) in order to protect your credentials on the wire.