RouterOS version 7.11, 7.11.1 and 7.11.2 have been released in the “v7 stable” channel!
Before an upgrade:
- Remember to make backup/export files before an upgrade and save them on another storage device;
- Make sure the device will not lose power during upgrade process;
- Device has enough free storage space for all RouterOS packages to be downloaded.
What’s new in 7.11.2 (2023-Aug-31 16:55):
*) dhcp - fixed DHCP server “authoritative” and “delay-threshold” settings (introduced in v7.11.1);
What’s new in 7.11.1 (2023-Aug-30 13:41):
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) console - improved stability and responsiveness;
*) dhcp - fixed DHCP server and relay related response delays;
*) ipsec - fixed IPSec policy when using modp3072;
*) lte - fixed startup race condition when SIM card is in “up” slot for LtAP mini;
What’s new in 7.11 (2023-Aug-15 09:33):
*) api - disallow executing commands without required parameters;
*) bfd - fixed “actual-tx-interval” value and added “remote-min-tx” (CLI only);
*) bfd - improved system stability;
*) bluetooth - added “decode-ad” command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added “Peripheral devices” section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type “service-data” for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on “switch-cpu” port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for “passphrase” property on import;
*) certificate - require CRL presence when using “crl-use=yes” setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed “active-ipv4” property;
*) console - added “:convert” command;
*) console - added default value for “rndstr” command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing “value-list” with multiple entries;
*) console - fixed minor typos;
*) console - fixed missing “parent” for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS “cisco-id” argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container’s UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with “keep-users=yes”;
*) dhcp-server - fixed setting “bootp-lease-time=lease-time”;
*) discovery - fixed “lldp-med-net-policy-vlan” (introduced in v7.8 );
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle “mark-connection” with “passthrough=yes” rule for TCP RST packets;
*) firewall - improved system stability when using “endpoint-independent-nat”;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for “/system/health/settings” menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log “reply ignored” as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for “neigh-discovery-interval” and “neigh-keepalive-interval” properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for “GSM EGPRS” RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added “at-chat” support for Dell DW5821e-eSIM modem;
*) lte - added “at-chat” support for Dell DW5829 modem;
*) lte - added “at-chat” support for Fibocom L850-GL modem;
*) lte - added “at-chat” support for SIMCom 8202G modem;
*) lte - added “band” info to the “monitor” command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5821e “at-chat” support;
*) lte - fixed LtAP mini default SIM slot “down” changeover to “up” after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed Telit LE910C4 “at-chat” support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the “radio” state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender’s last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added “src-address” property;
*) netwatch - changed “thr-tcp-conn-time” argument to time interval;
*) ovpn - do not try to use the “bridge” setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include “connect-retry 1” and “reneg-sec” parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added “container” process classifier;
*) profile - properly classify “console” related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using “DHCP Server Range” property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added “scsi-scan” command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed “gpio-function” setting on RBM33G (“/system routerboard upgrade” required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs (“/system routerboard upgrade” required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices (“/system routerboard upgrade” required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices (“/system routerboard upgrade” required);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed “reset-counters” for “switch-cpu”;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added “sensitive” policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed “Connect To” configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added “steering” parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed “reg-info” information for several countries;
*) wifiwave2 - fixed “security.sae-max-failure” rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling “lock-to-caps-man”;
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename “reg-info” country argument from “Macedonia” to “North Macedonia”;
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to “startup-delay”;
*) winbox - fixed “Storm Rate” property under “Switch/Port” menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default “Ingress Filtering” value under “Bridge” menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename “Group Master” property to “Group Authority” under “Interface/VRRP” menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 “allowed-address” usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download
If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while a router is not working as suspected or after some problem has appeared on the device
Please keep this forum topic strictly related to this particular RouterOS release.
