V7.19.3 [stable] is released!

RouterOS version 7.19 have been released in the “v7 stable” channel!

Before an upgrade:

  1. Remember to make backup/export files before an upgrade and save them on another storage device;
  2. Make sure the device will not lose power during upgrade process;
  3. Device has enough free storage space for all RouterOS packages to be downloaded.

What’s new in 7.19.3 (2025-Jul-03 14:23):

  • bridge - allow IPv6 FastPath when dhcp-snooping is enabled;
  • iot - LoRa LNS stability improvement;
  • lte - AT modems, fixed typos in commands sent to modem when APN with authentication is used (AT+CGAUTH; AT$QCPDPP);
  • lte - R11e-LTE and R11e-LTE6, fixed possible crash on device unexpected removal or during RouterOS shutdown;
  • mpls - improved stability when handling VPLS packets;
  • radius - fixed RADIUS client section becoming unresponsive when RadSec is configured, but server is not responding;
  • radius - fixed wrong RadSec port number in logs;
  • radius - properly verify certificate when RadSec is used;
  • sfp - added sfp-power-class and sfp-max-power monitor values for QSFP;
  • supout - added IPv6 NAT section;
  • switch - fixed ACL rules with “redirect-to-cpu” (introduced in v7.19.2);
  • switch - fixed bonding issues after switch reset (introduced in v7.18);
  • switch - fixed port blocking with spanning tree on EN7523 switch (introduced in v7.19);
  • swos - changed firmware file location (URL) for software update checks;
  • system - reduced RouterOS ARM package size;
  • winbox - show/hide corresponding fields when switching RADIUS client mode between RadSec and UDP;

What’s new in 7.19.2 (2025-Jun-20 10:55):

  • bfd - fixed socket leak;
  • bgp - fixed withdraw when input.accept-nlri is non-existent;
  • btest - properly close unsuccessful TCP test sockets;
  • console - added prompt to /disk/format command;
  • disk - do not allow to start Btrfs replace command when a Btrfs replace process is already running;
  • disk - improve disk file system detection;
  • hotspot - allow only “http:” and “https:” schemas in dst field;
  • iot - added LoRa interface recovery mechanism;
  • iot - LoRa stability improvement;
  • iot - LR8G/9G firmware update;
  • ip-service - fixed “print count-only interval” when dynamic entries are added (introduced in v7.19);
  • ip-service - fixed setting services by name (introduced in v7.19);
  • ipsec - fixed responder on key exchange compute failure (introduced in v7.19);
  • ipv6 - do not show IPv6 FastPath as active when connection tracking or IPsec is used;
  • l2tp-ether - fixed interface creation/removal process;
  • lte - added support for R11e-LTE6 v039 firmware release;
  • lte - do not dial further if modem detects eSIM without profiles;
  • lte - fixed eSIM management function for mmips and mipsbe architecture CPUs;
  • lte - fixed eSIM provisioning for servers that do not send content-length in the HTTP response;
  • route - fixed destination ordering for SNMP;
  • route - fixed SNMP probing of IPv6 routes;
  • route - make routing table print faster with hw-offload, gateway and blackhole queries;
  • switch - fixed ACL rules when ports are not specified (fixes dynamic rules for RoMON);
  • switch - fixed advertise and speed settings for ether1 on RB5009 (introduced in v7.19.1);
  • webfig - improved screen reader support for WiFi fields in Quickset;
  • webfig - make combobox accessible to screen readers;
  • webfig - more space to branding logo;
  • wifi-qcom - fixed beacon loss issues and improved stability for IPQ-6018;
  • wifi-qcom - improved regulatory compliance;
  • winbox - fixed “Last Topology Change” for bridge port monitor;

What’s new in 7.19.1 (2025-May-23 17:27):

  • certificate – fixed support for certificates imported or added in RouterOS v7.4 or earlier (introduced in v7.19);
  • console - improved stability when a running script is removed;
  • container - stability improvements;
  • disk - fixed RAID component size to match the value in the superblock;
  • disk - improved handling of RAID spare disks;
  • disk - improved stability when using RAID;
  • ethernet - fixed flow-control for RB5009;
  • iot - fixed incorrectly shown LoRa payload RSSI values;
  • poe-out - fixed PoE-out reset when inserting specific SFP modules on RB5009;
  • poe-out - upgraded firmware for 802.3at PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
  • routing-filter - use zero as default as-path length (allows matching empty as path);
  • sfp - correctly classify 100Mbps modules as “100M-baseFX”;

What’s new in 7.19 (2025-May-22 10:53):

  • arm64 - fixed possible transmit queue timeout on CCR2216, CCR2116, RDS2216;
  • arp - added warning, when “Published” ARP entry used on an interface with “reply-only” ARP mode enabled;
  • bgp - added input.filter-community;
  • bgp - fixed excessive CPU usage;
  • bgp - fixed input.accept-community;
  • bgp - fixed memory leak on receiving notify and closing session;
  • bgp - improved performance on BGP input;
  • bonding - added setting for LACP active/passive modes;
  • bridge - added new STP monitoring fields for bridge and ports (Tx/Rx BPDU, Tx/Rx TC, forward/discard transitions, last topology change, message-age, max-age, remaining-hops, bridge-id);
  • bridge - fixed bridge port hang when using invalid port IDs;
  • bridge - fixed dhcp-snooping in QinQ setups;
  • bridge - fixed issue when local MACs were removed unnecessarily;
  • bridge - fixed minor memory leak on link down;
  • bridge - fixed multicast packet flow on hardware offloaded bridge which acts as “multicast-router”;
  • bridge - improved default bridge and port layout on console and GUI;
  • bridge - improved stability in case of configuration error (introduced in v7.15);
  • bridge - moved “TCHANGE” logs from bridge,stp to bridge,stp,debug;
  • bridge - offload VXLAN only if another HW offloaded port exists in the bridge;
  • bridge - properly flush bridge hosts when bonding is used as bridge port and loses hw-offloading status;
  • bridge - rename “ports” to “interface” under MDB table for configuration consistency with other menus;
  • bridge - renamed STP monitor fields (port-number to port-id, designated-port-number to designated-port-id, designated-bridge to designated-bridge-id);
  • bridge - show designated-* monitor field for all port roles;
  • bridge - show warning instead of causing error when using multicast MAC as admin-mac (introduced in v7.17);
  • bth - properly specify “in-interface” when adding dynamic firewall NAT rule;
  • capsman - fixed “undo” command for cap interfaces;
  • certificate - added built-in root certificate authorities store;
  • certificate - do not include CA identity in SCEP POST requests;
  • certificate - fixed cloud-dns challenge validation for sn.mynetname.net (CLI only);
  • certificate - improve error message when trying to use certificate;
  • certificate - optimize trust store;
  • cloud - fixed issues when BTH is toggled fast between enable/disable;
  • cloud - improved “BTH Files” web page design;
  • conntrack - improved stability on busy systems;
  • console - added on-error to “for” and “foreach” loops;
  • console - added proplist to monitor command;
  • console - disallow incomplete double-quoted arguments (allows multiline string pasting);
  • console - do not treat return values as errors in scripts run from scheduler;
  • console - enabled verbose error logging for non-scripted/non-verbose imports;
  • console - fixed issue with file-name completion (introduced in v7.18);
  • console - fixed issue with files when using scripts (introduced in v7.18);
  • console - fixed misaligned multiline in brief print mode;
  • console - improve time value handling;
  • console - improved file add/remove process stability;
  • console - print large number argument values in proper format in export output;
  • console - set “/system/note show-at-login=yes” the default value after configuration reset;
  • console - validate script arguments (do, on-error, etc.) and reject invalid values;
  • container - allow changing container name;
  • container - fixed repository name handling to prevent redirect issues when basic authentication is used;
  • container - try to derive a user readable container name from remote image or file;
  • defconf - added DHCP Client on RDS2216 MGMT interface;
  • defconf - increased PPP interface wait time;
  • device-mode - added new “rose” mode where “container” feature is enabled by default;
  • dhcpv4 - improved outgoing packet logging;
  • dhcpv4-client/server - added support for DHCPv4 reconfigure messages;
  • dhcpv4-server - “Relay-Agent-Information” (82) option moved at the end of option list in response packets;
  • dhcpv4-server - accept packets with htype 6;
  • dhcpv4/v6-client - added check-gateway parameter;
  • dhcpv4/v6-client - fixed default route when DHCP client interface is in VRF;
  • dhcpv6-client - allow selecting to which routing tables add default route;
  • dhcpv6-relay - clear saved routes on DHCP release;
  • dhcpv6-relay - show client address;
  • dhcpv6-server - allow unsetting prefix-pool for static bindings and show warning if prefix is not in selected prefix-pool;
  • dhcpv6-server - change bound status to waiting on binding disable;
  • dhcpv6-server - change static binding bound status to waiting on server disable;
  • dhcpv6-server - fix when expired static binding is declined with false “binding belongs to another server” reason;
  • dhcpv6-server - improved stability when disabled server have static bindings;
  • dhcpv6-server - improved stability when disabling server with active bindings;
  • disk - add “sector-size” property in print detail;
  • disk - add reset-counters to /disk btrfs filesystem;
  • disk - renamed “eject-drive” command to “eject” (CLI only);
  • disk - renamed “format-drive” command to “format” (CLI only);
  • dlna - improved folder indexing behavior;
  • dns - improved DNS server service stability;
  • dot1x - fixed dynamic switch ACL rules on boards with a lot of ports (e.g. CRS520);
  • ethernet - improved Ethernet and PoE port mapping to ensure a consistent and reliable interface order;
  • fetch - fixed false successful messages in FTP mode;
  • file - added show-hidden parameter to /file/print, allowing referencing and deleting hidden files;
  • file - fixed missing files from The Dude (introduced in v7.18);
  • file - improved responsiveness on slow filesystems;
  • firewall - always show “passthrough” when exporting mangle table;
  • firewall - detect VRF addresses as local;
  • firewall - fixed IP/Settings “ipv4-fasttrack-active” status showing as inactive when it is active;
  • health - hide settings in CLI if there is nothing to show;
  • health - improved performance on devices with simple voltage sensors;
  • hotspot - improvements to memory usage;
  • igmp-proxy - do not try to send leave message for multicast groups that the device itself has joined on the upstream interface (cosmetic fix for proxy error logs);
  • ike2 - improved initial key exchange process on slow or unreliable connections;
  • iot - improvement to LoRa dev-addr-validation behavior;
  • iot - improvement to LoRa join eui/net id filtering behavior;
  • iot - improvement to LoRa stability and functionality;
  • iot - improvement to LoRa whitelist/blacklist support;
  • iot - iot-bt-extra package stability improvement;
  • ip-service - show all TCP/UDP connections on the system;
  • ip-service - show all TCP/UDP ports on system, including ports in containers;
  • ip-service - show error message when service enable fails;
  • ippool6 - properly free IPv6 pool used prefix when it is not used any more;
  • ipsec - fixed system failure on MMIPS devices when using IPsec services;
  • ipsec - lower standalone cipher, hash priority when using ctr aead;
  • ipv6 - avoid watchdog reboot due to link-local IPv6 address reconfiguration on thousand of interfaces at once;
  • ipv6 - fixed EUI-64 false error message on address update when “from-pool” option is used;
  • isis - properly validate 3-way hello handshake;
  • l2tp-ether - improved stability when trying to connect to disabled L2TP server with IPsec;
  • l3hw - remove VLAN tag before VXLAN encapsulation (fixes pvid behavior for bridged VXLAN);
  • log - added additional CEF fields from firewall and login logs;
  • log - fixed remote logging after reboot when hostname is forwarded to a DNS server;
  • log - populate in/out fields in firewall CEF logs with correct data;
  • lte - added UICC parameter in LTE monitor for R11e-4G modem;
  • lte - additional fixes for eSIM management support;
  • lte - AT modems, improved redialing when modem lost connectivity without notifying host about APN status change;
  • lte - automatically enable roaming for known roaming only SIM/eSIM profiles;
  • lte - Chateau 5G R16 fix DHCP relay packet forwarding using LTE interface;
  • lte - deactivate current eSIM profile before activating new profile;
  • lte - fixed default APN for configless modems;
  • lte - fixed EC200A-EU APN authentication;
  • lte - fixed initialization for Neoway N75 modem;
  • lte - fixed initialization for R11e-LTE6 modem;
  • lte - fixed LTE passthrough activation issue when IPv6 APN is used;
  • lte - fixed LTE status update or possible crash when modem is unexpectedly removed from system;
  • lte - fixed MBIM modem recovery after modem unexpected restart;
  • lte - fixed modem recovery after firmware upgrade for R11e-LTE modem;
  • lte - fixed possible crash or missing IPv6 address on first APN activation when IPv6 capable APN is used;
  • lte - fixed Router Advertisement processing issue for AT modems when an APN with “ip-type=ipv6” was configured;
  • lte - improved dialer for EC200A-EU modem;
  • lte - improved R11e-LTE6 link recovery delay time after unexpected modem registration status changes;
  • lte - initial support for user settable modem redial timer;
  • lte - initialize Quectel modems as soon as they are ready after unexpected restart;
  • lte - reset internal link-recovery-timer on sim slot change;
  • lte - set apn profile name the same as apn if no name specified when creating the profile;
  • lte - show correct value for 5G SA “current-cellid”;
  • net - remove support for automatic multicast tunneling (AMT) interface (introduced in v7.18);
  • netinstall - improved network socket re-opening when NIC status changes while running the server;
  • netinstall - provide warning if memory on installed router is full after installation;
  • netinstall - show warning when network configuration on PC might not be appropriate for installation;
  • netinstall-cli - check for other running Netinstall servers on startup;
  • netinstall-cli - clear old configuration before user script using “-s”;
  • netinstall-cli - fixed issue with applying the branding package;
  • ospf - fixed “mismatch” typo in logs;
  • ospf - make auth-key parameter sensitive;
  • ovpn - properly match GCM hardware acceleration capabilities (introduced in v7.17);
  • ovpn-server - do not reset active connections when changing comment or name;
  • ovpn-server - fixed server start-up after a reboot;
  • ovpn-server - properly show “username” in log when authentication fails;
  • pimsm - fixed issue where own query caused querier detection;
  • poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
  • port - added support for Huawei E3372-325 variant (vendor-id=“0x3566” device-id=“0x2001”);
  • port - added USB mode switch support for “huawei-alt-mode”;
  • port - fixed KNOT BG77 modem port lost after RouterOS upgrade from previous versions;
  • port - improvements to KNOT BG77 modem port channel handling;
  • ppc - fixed VLAN TCP packet transmit on PPC devices;
  • profiler - improved process classification;
  • ptp - added “ptp” logging topic;
  • ptp - allow multiple instances;
  • ptp - fixed PTP on 2.5G links;
  • ptp - fixed PTP on QSFP ports for CRS326, CRS510, CRS520, CCR2216 devices;
  • queue - fixed system failure when CAKE kind queue was configured but queue type definition does not exist anymore (introduced in v7.18);
  • queue - speed-up queue addition/removal process;
  • quickset - improved system stability;
  • rose-storage - added Btrfs disk balance command (CLI only);
  • rose-storage - added degraded Btrfs mount option (CLI only);
  • rose-storage - fixed mounting Btrfs subvolumes using macOS SMB client;
  • rose-storage - fixes for Btrfs;
  • rose-storage - improved system stability when removing NVMe disks;
  • rose-storage - rename default RAID device name from “raid” to “raid-array”;
  • rose-storage - show Btrfs balance and scrub errors if any;
  • route - added options to set dynamic-in and connected-in chains in /routing/settings;
  • route - fixed stuck output when calling prints from multiple routing menus;
  • route - fixed route rule “min-prefix” unset;
  • route - improve stability on BGP reconnect;
  • route - make AFI naming consistent;
  • route - show “routing-table” by default on console print output;
  • route - show BGP session name instead of cache-id;
  • route-filter - fixed the “blackhole” option setting process;
  • route-filter - improved performance;
  • sfp - added sfp-encoding data output from EEPROM;
  • sfp - improved QSFP link stability for CRS354 devices;
  • sniffer - add max-packet-size (2k-64k) setting to be able to sniffer more than 2k data per packet;
  • snmp - fixed v2 getnext noSuchName error when OID with requested key does not exist;
  • ssh - fixed authorization with SSH key when multiple user SSH public keys are imported;
  • ssl/tls - respond with more precise alert error messages;
  • ssl/tls - send certificate authority in Certificate message even if it is not trusted;
  • switch - do not count rx-too-long multiple times on 100Gbps QSFP28;
  • switch - fixed egress mirroring for packets coming from external CPU port (e.g. CRS520, CCR2216, CCR2116);
  • switch - fixed switch name for hEX Refresh;
  • switch - flush CPU port FDB entries on switch disable;
  • switch - improve rate limit accuracy for MT7531, MT7621, EN7562CT;
  • switch - improved boot stability on devices with Alpine CPU and switch chip;
  • switch - improved stability when enabling IGMP snooping with VXLAN (introduced in v7.18);
  • switch - properly match IPv6 packets with empty ACL rule on CRS3xx, CRS5xx, CCR2004, CCR2116, CCR2216, RDS devices;
  • system - fixed “/system reboot” when the system disk is completely full;
  • system - improved internal “flash/” prefix handling for different file path related settings;
  • system - improved system stability when sending TCP data from the router;
  • system – added new “switch-marvell” and “wifi-mediatek” packages to support upcoming products;
  • timezone - updated timezone information from “tzdata2025b” release;
  • torch - improved data reporting;
  • upgrade - improved free disk space calculation;
  • upgrade - improved upgrade procedure reliability;
  • vrrp - fixed detection of connection tracking after reboot (introduced in v7.17);
  • vxlan -improved system stability when using IPv6 VTEP;
  • webfig - allow table column resize over side toolbar;
  • webfig - don’t reorder rows when selecting header cells with Alt+click;
  • webfig - show IPv6 firewall connections;
  • webfig - show missing data in “IP/DNS/Cache” records;
  • wifi - add channel.reselect-time parameter which allows to perform channel re-selection at given time of day (CLI only);
  • wifi - add information on CAP uptime and connection uptime in “Remote CAP” list;
  • wifi - added “eap-identity” to registration table;
  • wifi - added SSID to logs;
  • wifi - display error when trying to run snooper on interface which does not support wireless packet capture (sniffer);
  • wifi - fix authentication of clients which omit some RSN information at association;
  • wifi - fix incorrect info about current channel for station interfaces after AP has switched channel (introduced in v7.17);
  • wifi - fix possible snooper crash when parsing frames with malformed headers;
  • wifi - fixed 5GHz chain enumeration on Chateau PRO ax;
  • wifi - implement WPA2 PSK authentication with key derivation using SHA256 (CLI only);
  • wifi - improve parsing of captured frames which have nested flags in radiotap header;
  • wifi - improved stability for wifi interfaces;
  • wifi - improved stability when doing SNMP query;
  • wifi - improved wifi connection stability when used as a station for “b” mode access point;
  • wifi - re-word log entries about disconnections which are likely caused by peer using a wrong passphrase;
  • wifi - use at least TLS 1.2 for securing connection between CAPsMAN manager and CAPs;
  • wifi-qcom - fix inability of interfaces in station mode to connect if they do not support full bandwidth of AP;
  • wifi-qcom - fix OWE authentication for 802.11ac interfaces in station mode;
  • winbox - added “MAC Telnet” under “Wifi/Registration” menu;
  • winbox - added “Multi Passphrase Group” for wifi;
  • winbox - added “Reset MAC address” for legacy wireless and wifi;
  • winbox - added comment fields for WiFi “Multi Passphrase Group” menu;
  • winbox - added comment under “User Manager/Routers” menu;
  • winbox - added country to wireless setup-repeater;
  • winbox - added missing “Switch” menu for RDS;
  • winbox - added missing file systems for disk formatting;
  • winbox - added missing parameters for BTRFS related action functions;
  • winbox - added mount-point parameter under “Disk/Settings” menu;
  • winbox - added netmask support for switch rule Src/Dst IPv6 Address settings;
  • winbox - allow opening BTRFS menu entries;
  • winbox - changed default wireless wds-cost-range values;
  • winbox - do not show not relevant values for certificate template;
  • winbox - fixed “Multi Passphrase Group” setting for wifi;
  • winbox - fixed “registry-url” field under “Containers” configuration menu;
  • winbox - fixed missing SMB client on non-ROSE devices;
  • winbox - fixed several statistics counters not being read only;
  • winbox - fixed switch menu for Chateau 5G;
  • winbox - fixed time interval type fields precision under “Disks” menu;
  • winbox - hide container File/Remote Image fields only when instance added;
  • winbox - improve graphing efficiency when communicating with WinBox;
  • winbox - make BTRFS “Parent” and “Send Parent” options optional;
  • winbox - properly show/hide OSPF, RIP and BGP tabs for IPv6 routes;
  • winbox - renamed “raid-member” to “raid member” flag for consistency;
  • winbox - show eSIM profiles under eSIM menu without manual refresh;
  • wireguard - add wg-import config-string parameter to import config directly from terminal;
  • wireguard - update peer info on “get” command;
  • wireless - added “eap-identity” to registration table;
  • wireless - implement handling of RADIUS disconnect messages by CAPsMAN;
  • wireless - suggest all legitimate frequencies for interfaces with 20/40mhz-XX channel width in GUI;
  • x86 - added support for Emulex NIC;
  • x86 - i40e updated driver to 2.27.8 version;
  • x86 - remove unnecessary console output on shutdown;

To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.

3 Likes

Thank you!

Huge changelog. Thanks you so much for your work

I think this line here will make pe1chl a VeryHappyMan™

*) route - improve stability on BGP reconnect;

As a matter of fact, it will probably make me happy too. Let’s see what happens.

Interesting… Now all the extra packages are showing in the system/packages (as uninstalled of course)…
I suppose this would allow us to download directly and install any if those, kind of nice :slight_smile:

@MTStaff, could you please update documentation about channel.reselect-time parameter?
And explain how is working in conjunction with channel.reselect-interval .

Of course I am testing it :slight_smile:
I have not received a notification in my ticket that it is supposed to be fixed, so maybe it is something else than what I see…

For people upgrading from older versions who want to use the built-in CA certificates (for use cases such as Verify DoH Certificate or /tool/fetch check-certificate=yes), don’t forget to set


/certificate/settings/set builtin-trust-anchors=trusted

after the upgrade. In case you previously have the full CA Cert Bundle installed, either from CCADB.org or from CURL with 140+ certificates, you can remove them and save about 1MB internal storage.

Will the internal certs cover DNS Adlist SSL Certify as well from https://raw.githubusercontent.com/ do you know ?

https://raw.githubusercontent.com/ should be covered, because it has USERTrust RSA Certification Authority in the chain, and this one is in the list of RouterOS’ built-in CA


> /certificate/builtin/print 
Columns: ORGANIZATION, COMMON-NAME, INVALID-BEFORE, INVALID-AFTER
 #  ORGANIZATION                      COMMON-NAME                                    INVALID-BEFORE       INVALID-AFTER      
 0  DigiCert Inc                      DigiCert Assured ID Root CA                    2006-11-10 07:00:00  2031-11-10 07:00:00
 1  DigiCert Inc                      DigiCert Assured ID Root G2                    2013-08-01 19:00:00  2038-01-15 19:00:00
 2  DigiCert Inc                      DigiCert Assured ID Root G3                    2013-08-01 19:00:00  2038-01-15 19:00:00
 3  DigiCert Inc                      DigiCert Global Root CA                        2006-11-10 07:00:00  2031-11-10 07:00:00
 4  DigiCert Inc                      DigiCert Global Root G2                        2013-08-01 19:00:00  2038-01-15 19:00:00
 5  DigiCert Inc                      DigiCert Global Root G3                        2013-08-01 19:00:00  2038-01-15 19:00:00
 6  DigiCert Inc                      DigiCert High Assurance EV Root CA             2006-11-10 07:00:00  2031-11-10 07:00:00
 7  DigiCert, Inc.                    DigiCert TLS ECC P384 Root G5                  2021-01-15 07:00:00  2046-01-15 06:59:59
 8  DigiCert, Inc.                    DigiCert TLS RSA4096 Root G5                   2021-01-15 07:00:00  2046-01-15 06:59:59
 9  DigiCert Inc                      DigiCert Trusted Root G4                       2013-08-01 19:00:00  2038-01-15 19:00:00
10  GlobalSign                        GlobalSign                                     2012-11-13 07:00:00  2038-01-19 10:14:07
11  GlobalSign nv-sa                  GlobalSign Root CA                             1998-09-01 19:00:00  2028-01-28 19:00:00
12  GlobalSign                        GlobalSign                                     2009-03-18 17:00:00  2029-03-18 17:00:00
13  GlobalSign                        GlobalSign                                     2014-12-10 07:00:00  2034-12-10 07:00:00
14  GlobalSign nv-sa                  GlobalSign Root E46                            2019-03-20 07:00:00  2046-03-20 07:00:00
15  GlobalSign nv-sa                  GlobalSign Root R46                            2019-03-20 07:00:00  2046-03-20 07:00:00
16  The Go Daddy Group, Inc.                                                         2004-06-30 00:06:20  2034-06-30 00:06:20
17  GoDaddy.com, Inc.                 Go Daddy Root Certificate Authority - G2       2009-09-01 07:00:00  2038-01-01 06:59:59
18  Internet Security Research Group  ISRG Root X1                                   2015-06-04 18:04:38  2035-06-04 18:04:38
19  Internet Security Research Group  ISRG Root X2                                   2020-09-04 07:00:00  2040-09-17 23:00:00
20  Sectigo Limited                   Sectigo Public Server Authentication Root E46  2021-03-22 07:00:00  2046-03-22 06:59:59
21  Sectigo Limited                   Sectigo Public Server Authentication Root R46  2021-03-22 07:00:00  2046-03-22 06:59:59
22  The USERTRUST Network             USERTrust ECC Certification Authority          2010-02-01 07:00:00  2038-01-19 06:59:59
23  The USERTRUST Network             USERTrust RSA Certification Authority          2010-02-01 07:00:00  2038-01-19 06:59:59

So it will work for NextDNS DoH? Good one!

Yes, for NextDNS DoH USERTrust ECC Certification Authority needs to be trusted and it’s also in the built-in list.

That seems to work thanks, I missed the memo!

The ‘/routing/route/print where blackhole’ command is stuck in a full route environment.

1 Like

Perfect! Thanks you

My RB5009 (PoE) just died while upgrading from 7.18.2 to 7.19. The LED on port 2 is on. Nothing else.

Interesting, this was not in the RC or beta versions:


*) system – added new “switch-marvell” and “wifi-mediatek” packages to support upcoming products;

Hopefully MikroTik will also add a leaner version of wifi-qcom-ac, without the RB4011’s driver, for devices such as the hAP ac².

Did you upgrade RouterBOOT with the package from here https://help.mikrotik.com/docs/spaces/ROS/pages/40992878/RouterBOARD#RouterBOARD-Protectedbootloader? If yes, see this thread http://forum.mikrotik.com/t/rb5009-cannot-enter-the-system-after-restart/183645/1

Yes please. ac2 free space is so limited (1%) when using wifi-com-ac package

This has been echo and requested numerous times and MT didn’t moved an inch, I hope their going to change their stance on this, hapac2 is working on this release by the way :slight_smile: