v6.48.6 [long-term] is released!

Announcements
1

RouterOS version 6.48.6 has been released in public “long-term” channel!

Before an upgrade:

  1. Remember to make backup/export files before an upgrade and save them on another storage device;
  2. Make sure the device will not lose power during upgrade process;
  3. Device has enough free storage space for all RouterOS packages to be downloaded.

**What’s new in 6.48.6 (2021-Dec-03 12:15):

MAJOR CHANGES IN v6.48.6:

!) device-mode - added feature locking mechanism;
----------------------**

Changes since 6.48.5:

*) certificate - improved stability when sending bogus SCEP message;
*) quickset - use 5GHz interface’s country for “Home AP Dual” configuration;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) upgrade - added new “upgrade” channel for upgrades between major versions;
*) winbox - do not allow to add/remove W60G interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;

For a full changelog please visit https://mikrotik.com/download/changelogs

To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this specific RouterOS release.

2

I always thought that long-term does only receive bugfixes - and no new features.

3

security related stuff is an exception.

4

What’s the recommend way of using device-mode if it’s for security?

e.g. Is there some security bulletin/notice that describes the vulnerability this addresses?

5

https://help.mikrotik.com/docs/display/ROS/Device-mode

6

True, but why would some need to ENABLE it. What security problem does it address?

Are there known vulnerabilities this addresses? It must being back ported to long-term as for “security” for some reason.

7

You’re just trolling right now, right?

8

Device mode does not target any explicit vulnerability. It is a security measure. Just read the wiki article about what device mode does and look for meris botnet here in the forum. It may answer your questions.

9

If a vendor says something is “for security” in nearly all cases there is some notice about vulnerabilities a security feature address. If it’s just a feature, then don’t mention security.

I worry Mikrotik knows about new vulnerability and device-lock is some fix for it. And, they don’t want to say what the vulnerability is yet.

10

And the Meris article doesn’t say “we recommend using device-lock” to address this. If so, they should say explicitly.

11

Ah, so you’re just a californian rextended. Got it.
What is the issue that you encountered after upgrading to this version that you’re trying to report in this topic?

12

IF (and that’s a big IF) this would be the case, don’t you think they FIRST would make sure to have the fix in place BEFORE making public what the problem is ?
Logical sequence of communicating.

Not saying there IS a vulnerability at play here. But it does make perfect sense to provide the fix first.

13

Upgrade from 6.42.10 to 6.48.6 on RB953GS-5HnT-RP went smoothly compared to 6.48.5 which required netinstall

14

So what is the over/under now ?
Do we not upgrade the hardware firmware when doing package/os upgrades ?

15

6.48.6 broke all PPP only for me? Сyclic PPP reconnections (client or server - it doesn’t matter).
downgrade to 6.48.5 - fixed problem

16

i was using accept in dst address in NAT for local ip tv to make ip tv see all users ip address after update to 6.48.6 i cant open ip tv downgade fix it or remove accept rule and use !dst address in Masquerade rule, what makes this happen ?

17

Something strange with multicast

18

No issues after upgrade from 6.47.10 on my RB4011. :slight_smile:
MT… Keep up the good work.

19

And by all PPP you mean L2TP, SSTP, OVPN, PPTP, PPPoE or actually PPP that runs over serial connection?

20

ovpn server + l2tp server + l2tp client in my case. after update to 6.48.6 - just didn’t work.. (tested on rb3011)