What would be the difference between itens beginning with “!)” and beginning “*)” on the release notes?
The list of changes might be overwhelming, but some of them are more important than others in our opinion. The “!)” are emphasized changes.
Thanks for fixing this so quickly! it’s working! (http://forum.mikrotik.com/t/delete-communities/169453/10)
Some devices at home upgraded:
RB5009 / AX3 / AX2 / Ax Lite
No immediate issues seen so far.
RB5009, AX3, AX2, cAP AX, AX Lite LTE, RB4011, hAP AC3, Hex S no problems so far.
Oh! 
So I can not access sensitive data, use
/tool/fetch
, and more? I guess that will break some of my scripts. 
Is there a way to opt-out and have the full permissions back?
Ah,
/tool/fetch
is granted by test policy. Will have to check for sensitive data…
A user with no “sensitive” could write one of these “on-action” scripts to do “/log [/user/get XXX password]”.
So /tool/fetch should work, but it too be blocked from retrieving the various sensitive/“password attributes”.
But this begs the question, does a user with only “write,read” need to have “reboot,ftp,romon,test” to be able to save one of the “on-action” scripts?
I think CVE-2023-30799 is unrelated, as stated in the linked blog post:
This issue is fixed in all RouterOS releases available on our download page (v7.7 and v6.49.7 and newer).
Perhaps not exactly, but same family of “policy escalation”.
*) wifiwave2 - limit L2MTU to 1560 until a fix is available for a bug causing interfaces to fail transmitting larger frames than that;
Is this present in 7.11.2 and previous or is it isolated to 7.12 versions?
If it helps I had 2290 on my wifi which reset to 1560 when I updated from 7.12.beta7.
It’s now 1560 on 7.12beta9
Dear Mikrotik,
Please reply our TIket SUP-128175
regarding failing when upgrading production router with many bgp peering from v6.49.8 to v7.11.2 above (7.12.beta.x)
router got freeze
thx
After updating my CCR2004-1G-12S+2XS from 7.12Beta7 to Beta9 my SFP module S-RJ01, which is connected to my cable modem, fails to initiate a LINK via RJ45 copper.
(yes, it IS supported by the CCR 
)
Nothing worked, even disabling Auto Negotiation changed nothing.
It worked with Beta7 (LINK up with 1GBit/s).
After switching back to a S+RJ10 module the LINK came back.
@MT: please check all of YOUR SFP(+) models on compatibility with a new ROS version!
I have S-RJ01 in RB5009 at home, works just fine using latest beta.
It seems that SFP support is the “rocket science” of today. Unlike in their early days, rockets today often work on the first try and failures are quite rare. SFP changes usually fail every time (something is fixed, another problem is introduced).
For how many years now has this not been working? It was years before the end of v6 that passwords were no longer retrievable (only stored encrypted)…
Mayor/Importante changes vs normal/minor changes
Awesome job on 7.12beta9. Works perfectly fine on my CCR2216. I realized the DHCP issue I was having on 7.12beta7 was actually due to the FEC91 issue with 25GB links on SFP, as I had my WAN lease coming from that affected link. Everything else seems to be running very smoothly, out of curisoity are the RX/TX counters at the top of webfig supposed to represent the traffic being sent to/from the router generated from you accessing the webpages or what are they supposed to be for?
RB4011 AX2 and a J1900 box upgrade to beta9 sucessfully .
Wait for ED25519 private key