V7.24beta [development] is released!

Announcements
1

Before an upgrade:

  1. Remember to make backup/export files before an upgrade and save them on another storage device;
  2. Make sure the device will not lose power during upgrade process;
  3. Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.24beta1 (2026-May-26 13:47):

  • adlist - improved service stability when adjusting adlist configuration;
  • app - added inventree, opencloud, opencloud-extended apps;
  • app - changed pmacct-netflow YAML;
  • app - use randomly generated secrets in new apps;
  • bfd - fixed delay on session print;
  • bgp - added option to add BGP VPLS created interfaces in interface-list;
  • bgp - fixed memory leak;
  • bridge - added "querier-uses-bridge-address" setting to use bridge source IP address for IGMP querier;
  • bridge - added DHCPv4 snooping IP binding table;
  • bridge - fixed local static host entries;
  • bridge - fixed stability issue when using DHCPv4 snooping;
  • bridge - improved STP bridge and port priority settings (warn when a non-compliant value is used and allow selecting a value from a list);
  • btest - added VRF support for bandwidth-test and speed-test;
  • certificate - added "acme-renew" command;
  • console - added "days" to scheduler;
  • console - added "in" and "has" operators for Array types;
  • console - added "order-by" parameter to "print" command, allowing sorting by up to three arguments in ascending or descending order;
  • console - added log tracing when scripts fail to start due to permissions;
  • console - do not terminate self-removing scripts;
  • console - fixed "print follow on-event" script runner command not showing all argument values in some cases;
  • console - fixed script import/export with empty "policy" setting;
  • console - fixed stability issue in full-screen editor;
  • console - improved script handling and error logging when running scripts from external sources (e.g. DHCP, SNMP, netwatch, hotspot);
  • console - make "mac-auth-password" sensitive in "/ip/hotspot/profile";
  • console - make "password" sensitive in "/system/package/local-update/mirror";
  • console - produce runtime errors for bad command parameters;
  • console - prompt about and offer to stop already existing serial terminal session when opening new one;
  • console - rename "address" to "available-from" in "/ip/service" (backwards compatible via deprecation);
  • console - restrict editing comments in WiFi registration table;
  • container - added "save" command;
  • container - do not allow starting with empty default DNS list and no DNS override;
  • container - do not print environment variables in log on container startup;
  • container - fixed "start-on-boot" not retrying on certain startup errors;
  • container - improved support for containers;
  • container - reduced writes to flash when running health check;
  • container - use env "TERM=xterm" if no TERM variable provided when running shell;
  • dhcpv4-relay - fixed stability issue when creating duplicate relays;
  • dhcpv4-server - do not reset "class-id" parameter when lease loses "bound" status;
  • dhcpv6-relay - fixed non-working relay when adding from WinBox;
  • dhcpv6-server - fixed invalid flag;
  • discovery - added "address6" column to default "/ip/neighbor" print view;
  • discovery - added "discovery" logging topic;
  • discovery - improved service stability when sending discovery packets on interfaces that have hundreds of IP addresses;
  • disk - added "raid-scrub-cancel" command;
  • disk - do not consider USB drives as self-encryption capable;
  • disk - fixed "smart-info" not showing information on certain storage devices;
  • disk - limited maximum swap size to be no more than 10x of device RAM;
  • ethernet - fixed stability issue with TSO on Alpine CPUs;
  • fetch - added "ip-type" parameter;
  • fetch - fixed false "bad request" response when trying to fetch URL with IPv6 address in it;
  • fetch - hint file list for "src-path" and "dst-path" parameters;
  • hardware - rename "max-power" to "manufacturer-reported-max-power";
  • iot - added LoRa keep alive logic for UDP protocol;
  • iot - added missing LoRa US radio plans;
  • iot - added Wiliot USB dongle support;
  • iot - allow maximum Modbus "timeout" property to 10 seconds;
  • iot - monitor LoRa worker state (watchdog);
  • iot - pass Wiliot certification;
  • ip-service - remove reverse-proxy for SMIPS;
  • ipsec,ike2 - improved KE generation validation during initial setup and child SA creation;
  • ipsec,ike2 - improved logging when remote ID is specified;
  • ipsec,ike2 - improved TSi validation to prevent modecfg address conflicts;
  • ipv6 - added "status" column to default "/ipv6/neighbor" print view;
  • ipv6 - do not disable IPv6 FastPath when Traffic Flow is enabled;
  • ipv6,ra - changed default "router-advertisement-route-distance" to 1;
  • ipv6,ra - use lowest value between IPv6/Pool and IPv6/ND/Prefix/Default as dynamic prefix lifetime;
  • l3hw - added HW offloaded support for VLAN interfaces created directly on Ethernet for CRS8xx series switches;
  • l3hw - added HW offloaded VRF support on 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98CX8410 switches;
  • leds - improved interface stats activity for devices with Marvell Prestera switch chip;
  • lte - fixed EC/IO scale in CLI and GUI;
  • lte - fixed EC25-EU, EG25-G traffic to 67 UDP;
  • lte - fixed third-party modems ICCID decoding for eSIM;
  • lte - improved Cinterion PLS8-E roaming;
  • lte - improved deregistration handling for AT modems;
  • lte - improved system stability when no APN specified;
  • lte - removed extra restart after firmware upgrade for EC200A-EU modem;
  • lte - report short cell ID in 3G network mode also for AT modems;
  • lte - restrict incoming calls for FG621-EU;
  • lte - show "+CME ERROR: 10" as "SIM not present";
  • lte - show "data-class" in LTE monitor instead of "access-technology" also for 5G AT modems;
  • lte - show "primary-band" instead of "earfcn" in LTE monitor also for modems without CA support;
  • lte - show RSCP and EC/IO parameter in 3G network mode for R11e-LTE6, R11l-LTE7 and FG621-EA modems;
  • mesh - fixed missing FDB entries from wireless ports;
  • mpls - added ICMP time exceeded handler for IPv6;
  • mpls - make FastPath work with expl-null;
  • netinstall - added Netinstall package;
  • netinstall - improved architecture detection;
  • netinstall-cli - added "help" parameter;
  • netinstall-cli - added "reboot" and "shutdown" flags to control reboot after installation;
  • netwatch - fixed inaccurate "rtt-stdev" value;
  • ospf - added missing interface parameters;
  • ospf - force passive for VRF interface;
  • pim - added comment for "/routing/gmp" entries;
  • poe-out - firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces);
  • poe-out - firmware update for 802.3bt capable boards (the update will cause a brief power interruption to poe-out interfaces);
  • ppp - added "MT-Address-List" to IPv6 address list when received from RADIUS and using DHCP for IPv6 configuration;
  • ppp - disable/enable modem radio state depending on PPP interface state;
  • ppp - fixed ppp-out stability issue;
  • ppp - improved OVPN underlying SSL connection management;
  • ppp - report actual network data usage statistics instead of "0" for all IPv6 RADIUS accounting parameters on accounting "Stop" packet;
  • queue - fixed "undo" command for simple queues;
  • rip - do not export authentication keys by default;
  • route - fixed potential race condition;
  • route - improved overall stability;
  • route - removed deprecated "/routing/route/rule" menu;
  • route - respect the "interface" property when pinging IPv6 addresses over ECMP;
  • sfp - fixed linking for hAP ax S and hEX S (2025) with "1G-baseX" link-mode;
  • sfp - removed unsupported "2.5G-baseX" speed on CRS312-4C+8XG and CRS326-4C+20G+2Q+;
  • sms - added some GSM7 symbols to SMS tool;
  • ssh - added mlkem768x25519-sha256 key exchange support;
  • ssh - do not attempt automatic empty password login when RADIUS is used;
  • ssh - fixed SSH tunnel with IPv6 link-local address on non-ethernet interfaces;
  • ssh - make SSH packet validation more strict;
  • supout - added interface monitor-traffic;
  • switch - fixed IEEE reserved MAC handling for CRS1xx, CRS2xx switches;
  • switch - fixed rare possibility of tx-timeout or simultaneous flap of all switch ports on devices with Alpine CPUs;
  • system - rename "factory-software" to "minimum-version" and "factory-firmware" to "minimum-firmware";
  • system - restrict RouterOS processes using swap;
  • system - show who is using "/system serial-terminal";
  • vpls - added transmit loop detection;
  • vrrp - added "v3-checksum-as-v2" setting;
  • vxlan - fixed missing L2MTU property when VRF is specified;
  • vxlan - ignore disabled interfaces when checking for configuration conflicts;
  • webfig - fixed issue with increasing keep-alive traffic;
  • webfig - improved underlying encryption and stability processing;
  • webfig - improvements to graphs;
  • wifi - added "Preamble Puncturing" under "WiFi/Channel" menu;
  • wifi - added dash when CAPsMAN generates interface name and prefix ends with digit;
  • wifi - improved regulatory compliance;
  • wifi - improved roaming/steering behavior for WiFi 7 MLO;
  • wifi - improved stability;
  • wifi - improved station-bridge mode;
  • wifi-mediatek - fixed broken interfaces on startup;
  • wifi-mediatek - fixed some channel definitions for certain countries;
  • winbox - added "Preferred Architecture" setting for L009;
  • winbox - added "SIM PIN" under "Tools/SMS";
  • winbox - fixed "Use Ipsec" and "Ipsec Secret" under "Interfaces/L2TP Ether" menu;
  • winbox - fixed sort for "Address List" under "IPv6/Firewall" menu;
  • winbox - make LoRa "Auth key" and MQTT "Password" sensitive;
  • winbox - show "Any. Port" column by default under "IP/Firewall" menu;
  • winbox - show preferred and valid lifetime of IPv6 address also on static IPs;

To upgrade, click Check For Updates under System/Packages menu and select the development Channel in RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

  • Everything went smoothly
  • I encountered an issue after the update (please post about the device, configuration, and unexpected symptoms)
  • I encountered an issue, but solved it (please post the solution)
0 voters

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. The file must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.

3

Please, explain...

Thanks.

C52iG-5HaxD2HaxD [ HDM08KMKBP9 ]
7.23 -> 7.24beta1 [not netinstalled but before upgraded from ??? (not remember) -> 7.23rc1 -> 7.23rc2 -> 7.23 (stable) ]
locked after update
(that is, it is clearly turned on but it does not transmit wifi, nor does it respond IP/MAC on all ethernet ports, it only gives the link)
power unplugged and re-plugged work again normally
I didn't find any notable differences between export 7.23 and 7.24beta1

no errors on log, only "system,error,critical router rebooted without proper shutdown, probably power outage"

Added "Keep apps" on reset? I hadn't noticed...

4

Thank you!
@CGGXANNX will be happy too.

5

And I? :sweat_smile:

6

Oh, good, I was waiting for that one. :rofl:

7

wondering what this is for.

8

*) l3hw - added HW offloaded VRF support on 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98CX8410 switches;

After the release of the CRS8xx I was not expecting to see major new L3HW functionality being released for the CRS3xx switches.

Thanks Mikrotik !

9

Yes... No...

factory-software -> minimum-version -> minimum-ros-version
factory-firmware -> minimum-firmware -> backup-rboot-version
(also because on setting is force-backup-booter "Force Backup Booter", not "Force Minimum Firmware" or "Force Factory Firmware"

Coherence?

I understand the point of the change,
but since most people don't know the difference between software and firmware as understood in RouterBOARD,
it's better to clearly specify RouterOS and RouterBOOT....

10

Is it possible to do the same for ARM, especially for devices with 16MB ROM like the Hap AC2?

11

Couldn't agree more, nicely done Mikrotik!

12

For netinstall from one compatible device to anyother needed?

13

If I’m right, it’s going to obsolete both my Linux VM scheme and the container alternative.

And I’m more than okay with that!

14

Hats off to you MT for the HW Offloaded VRF Support, how about VTI IPSEC support please thanks!

15

immagine
immagine872×675 32.6 KB

16

Thank you for these:

However, with this version, there are 3x-4x more "garbage" content that /export or /app/export produce on a test setup that uses no apps!

image
image1078×657 46.6 KB

Probably due to this change:

But none of the apps have ever been enabled!

17
  • console - added ability to turn automatic TABs replacement off

Still hoping to see this in a changelog...

18

Well, that's pretty vague....

19

I think this could fix my observations.

20

Frankly, I never thought something useful would come from that wild discussion. I'm glad that you're listening!