*) certificate - fixed “add-scep” template existence check when signing certificate;
*) defconf - fixed wAP LTE kit default configuration;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from “/interface vlan” menu;
*) filesystem - fixed NAND memory going into read-only mode;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed interface configuration responsiveness;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ldp - properly load LDP configuration;
*) ppp - fixed “hunged up” grammar to “hung up” within PPP log messages;
*) sfp - hide “sfp-wavelength” parameter for RJ45 transceivers;
*) snmp - added remote CAP count OID for CAPsMAN;
*) supout - added “partitions” section to supout file;
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) userman - improved unique username generation process when adding batch of users;
*) winbox - added missing “dscp” and “clamp-tcp-mss” settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show firmware upgrade message at the bottom of “System/RouterBOARD” menu;
*) winbox - show “scep-url” for certificates;
*) winbox - show “sector-writes” on ARM devices that have such counters;
*) winbox - show “sector-writes” on devices that have such counters;
*) winbox - show “System/Health” only on boards that have health monitoring;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - improved client “channel-width” detection;
*) wireless - improved Nv2 PtMP performance;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) wireless - updated “united-states” regulatory domain information;
To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download
If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device
Please keep this forum topic strictly related to this concrete RouterOS release.
Webfig via SSL seems broken. After multiple logins session, the web server seems down and need to be restarted via disable and enable ip service www-ssl.
What is the point of publishing CVE numbers if the vulnerabilities are still private? Hackers can reverse engineer the changes in this version and figure out what the vulnerabilities are and start exploiting them, so there’s no point keeping it private once you publish the fix - it only benefits hackers since network admins can’t deploy mitigations if they don’t know what to mitigate!
I am with Rich on this one, it would be nice to know what these vulnerabilities are since you have patched them.
It is quite a big undertaking to upgrade all of our Mikrotiks as we have thousands of them and SLA’s that require we notify all our customers. Knowing what the vulnerabilities are would help us place a priority on upgrading them all.
Some of the recent exploits we were already protected from based on our network restrictions on the IP services, it would be nice to know if that is the case with these.
5 x 951G-2HnD updated without any problems … simple sonfiguration.
1 x 1100AHx4 - no problems with update
1 x 1100AHx4 - needed power cycle to start working after “Download&Instal”.
It means that a RouterOS username and password must be known. The user must log in. Then they can cause www server to crash. Basically this applies only to people with open Webfig interface for Read-only viewing, or such
This version is big catastrophe for me.
Upgraded more than 200 clients from 6.40.8 to 6.40.9 and client started disconnecting after couple seconds again and again.
I am not able to connect to them to made downgrade.
Newer devices (DiscLite) are more touched.
What do you recommend me?
Miroslav
When the clients are disconnecting, make a supout.rif file and email it to support. We will see what causes this. I don’t think there are any changes that could cause this, but we will see.
We upgraded all our routers last night. Immediately lost the webserver on one, and today, they lost access to the webserver on another. A reboot brought access back up on them.
Scramble to log back in to all, and turn on SSH to make sure we have a way to get back in them. Looks like there may be a problem hiding in the firmware there?
Suggest that you have additional ways to get into the unit BEFORE you upgrade it.
Ah jeez , time to ring customers and tell them to brace for another set of sec patches.