To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download
If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device
What’s new in 6.38.7 (2017-Jun-20 10:55):
!) bridge - fixed BPDU rx/tx when “protocol-mode=none”
!) bridge - reverted bridge BPDU processing back to pre-v6.38 behaviour (v6.40 will have another separate VLAN-aware bridge implementation);
*) 6to4 - fixed wrong IPv6 “link-local” address generation;
*) arp - fixed “make-static”;
*) bonding - do not add bonding interface if “could not set MTU” error is received;
*) console - fixed “/ip neighbor discovery” export;
*) console - fixed unexpected console crash when using variables as functions;
*) console - instead of true/false report yes/no as LCD enabled state;
*) defconf - discard default configuration startup query with configuration change from Webfig;
*) defconf - discard default configuration startup query with RouterOS upgrade;
*) defconf - fixed default configuration generation when wireless package is disabled;
*) defconf - fixed Groove 52 ac band settings;
*) dns - made loading thousands of static entries faster;
*) ethernet - fixed “loop-protect” on “master-port”;
*) ethernet - fixed rare switch chip hang (could cause port flapping);
*) fetch - fixed download issue over HTTPS;
*) firewall - do not allow to set “rate” value to 0 for “limit” parameter;
*) firewall - fixed “address-list” entry “creation-time” adjustment to timezone;
*) firewall - fixed “address-list” entry changing from IP to DNS and vice versa;
*) firewall - fixed cosmetic “invalid” flag when item was disabled;
*) ike1 - fixed crash on xauth message;
*) ike2 - allow multiple child SA traffic selectors on re-key;
*) ike2 - fixed last EAP authentication payload type;
*) ike2 - fixed policy release during SA negotiation;
*) ike2 - fixed RSA authentication without EAP;
*) ike2 - fixed situation when traffic selector prefix was parsed incorrectly;
*) ipsec - do not deduct policy src/dst address for tunnel policies;
*) ipsec - fixed generated policy priority;
*) ipsec - fixed peer “my-id” address reset;
*) ipv6 - fixed address becoming invalid when interface was removed from bridge/mesh;
*) led - fixed turning off LED when interface is lost;
*) log - added missing “license limit exceeded” log entry;
*) log - work on false CPU/RAM overclocked alarms;
*) netinstall - fixed typos in Netinstall status messages;
*) ntp - restart NTP client when it is stuck in error state;
*) ppp - fixed IPv6 address receiving on PPP interface;
*) pppoe - added warning on PPPoE client/server, if it is configured on slave interface;
*) pppoe-server - fixed “one-session-per-host” issue where 2 simultaneous sessions were possible from the same host;
*) queue - fixed queuing when at least one child queue has “default-small” and other/s is/are different (introduced in 6.35);
*) quickset - fixed LTE “signal-strength” graphs;
*) smb - fixed share path on devices with “/flash” directory;
*) sniffer - fixed VLAN tags when sniffing all interfaces;
*) snmp - added fan-speed OIDs in “/system health print oid”;
*) snmp - fixed limited walk;
*) switch - fixed disabling of MAC learning on CRS1xx/CRS2xx;
*) tile - fixed EoIP keepalive when tunnel is made over VLAN interface;
*) traffic-flow - fixed IPFIX IPv6 data reporting;
*) upnp - fixed firewall NAT rule update when external IP address changes;
*) userman - allow “name-for-user” to be empty and not unique;
*) userman - fixed rare GUI crash when User Manager files are not accessible;
*) webfig - allow to enter frequency ranges in wireless “scan-list”
*) webfig - allow to select “default-encryption” profile on PPP tunnels;
*) webfig - correctly specify routing filter prefix;
*) webfig - do not allow to reorder items if table is sorted by some column;
*) webfig - fixed “last-link-up” & “last-link-down” time information;
*) webfig - fixed Bridge Filter properties display when there are more than one Filter available;
*) webfig - show all available options under “Advanced Mode” for wireless interfaces;
*) winbox - added “Flush” button under “unicast-fdb” menu;
*) winbox - added “memory-scroll”, “filter-cpu”, “filter-ipv6-address”, “filter-operation-between-entries” Sniffer parameters;
*) winbox - added “protected-routerboard” parameters under RouterBOARD settings menu;
*) winbox - allow shorten bytes to k,M,G in firewall “connection-bytes” and “connection-rates”;
*) winbox - do not allow Packet Sniffer “memory-limit” and “file-limit” lower than 10KiB;
*) winbox - do not allow to open multiple same sub-menus at the same time;
*) winbox - do not show “dpd-max-failures” on IKEv2;
*) winbox - do not start Traffic Generator automatically when opening “Quick Start”;
*) winbox - fixed “Montly” typo to “Monthly” in Graphing menu;
*) winbox - fixed firewall port selection with Winbox v2;
*) winbox - fixed IPSec “mode-config” DNS settings;
*) winbox - fixed issue when working IPSec policies were shown as invalid;
*) winbox - fixed switch ACL Policer statistics;
*) winbox - fixed typo in BGP advertisements menu Aggragator->Aggregator;
*) winbox - hide “wps-mode” & “security-profile” in wireless nv2 mode;
*) winbox - properly show “dhcp-server” warnings;
*) winbox - removed spare values from “loop-protect” setting for EoIPv6 tunnels;
*) winbox - removed unnecessary “/system health” menu on “hAP ac lite” and “RB450”
*) winbox - show “A” flag for IPSec policies;
*) wireless - reduced load on CPU for high speed wireless links;.
Great to see a change log for the RouterOS versions
Any chance the RouterBoot changelog wiki page could also be updated? Latest version is “What’s new in 3.33” but I assume we’ve gone past that now. At least we have a few hap ac lite units reporting “Firmware: 3.36” and that’s from the bugfix branch.
BUG on RB751U-2HnD with latest firmware (auto-upgraded before auto-upgrade RouterOS - without problem).
After auto-upgrade RouterOS 6.38.7 (Bugfix only) - 100% CPU and can’t connect via Winbox/Web interface/SSH/Telnet - nothing.
The Internet passes through, the web interface works but can not log in - please HELP!
I do’nt want to reset to the factory settings and re-configure it all - It’s annoying…
How do you know that CPU is at 100% if you cant connect? And if you can somehow see this could you also check what is hogging CPU?
Anyways it may be some DOS attack issue, my advice would be, if you have one spare port, to disconnect router from the network and plug only your PC (to that spare port and by using MAC connection) to check if you can connect, start profile tool and reconnect the interfaces one by one and monitor what is happening …
I upgraded my ccr 1009-8G-1S-1S+ to the new bugfix. all works well expect the dude for some reason since upgrade the database appears mal-formed. dude,critical db failure: database disk image is malformed
I have tried to backup database and restore. does the same thing. I would prefer not to recreate the DB has anyone got a solution.
Thanks
100% CPU I see on graph (“graphs/cpu/” on web-interface). I don’t know what is hogging CPU - maybe approximately 50 simple scheduled tasks (calling external URL - as CRON-tasks)… ?
100% CPU load is still with and without internet connection on WAN port. I do not know what do with it…
Why exactly do you have your own implementation? Has it been reviewed by a cryptographer and gone through a code audit like the reference client? When will it get feature parity like UDP support?
I really dislike the NIH syndrome going on with Mikrotik.
I understand you want to try and keep things proprietary for license reasons, but it’s kind of silly to rewrite the entire program. Why can’t you use the official releases so we get audited code, UDP support, etc? It’s less work for you to to drop in a new binary every release than keep your code up to date with latest OpenVPN changes and features (as evidenced by continued missing UDP support after all these years). And your GPL obligations only require you to release OpenVPN sources.
r1ch: a small, supportable product is only possible, when there are no dependencies. stop arguing, mikrotik will not change this. I am glad, that we as customers have small firmware packages.
