v7.8beta [testing] is released!

RouterOS version 7.8beta2 has been released “v7 testing” channel!

Before an upgrade:

1. Remember to make backup/export files before an upgrade and save them on another storage device;
2. Make sure the device will not lose power during upgrade process;
3. Device has enough free storage space for all RouterOS packages to be downloaded.

What’s new in 7.8beta2 (2023-Jan-20 12:27):

Important note!!!

Version is not recommended on CRS3xx devices.

Changes in this release:

!) storage - added new “rose-storage” package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of “default-prepend” parameter;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed “.type” file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from “:resolve” command with specific server;
*) dns - limited “DoH max concurrent queries reached” logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when “allow-target” is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed “move” command for graphing rules;
*) hotspot - fixed setting of “address” parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for “address”, “key-id” and “dn” for Remote ID matching (CLI only);
*) ipsec - added support for “Framed-Route” RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added “pref64” option configuration for RA;
*) ipv6 - limited “hop-limit” parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of “subscriber-number”;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF’s;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed “ospf-type” parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table’s “count-only” parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded “localhost” address for forwarding requests;
*) sstp - fixed TLS session establishment when “connect-to” is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow “without-paging” parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added “dont-fragment” setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when “Interface” menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with “not” checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added “Match Subdomain” parameter under “IP/DNS/Static” menu;
*) winbox - added missing WifiWave2 related parameters under “WifiWave2” menu;
*) winbox - fixed displaying of “Default Prepend” value under “Routing/BGP/Sessions” menu;
*) winbox - fixed displaying of “Tx/Rx CCQ” values under “Wireless/Registration” menu;
*) winbox - fixed displaying of flags under “System/Console” menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under “IP/Web Proxy/Access” menu;
*) winbox - improved mouseover hint for “local” policy under “System/Users/Groups” menu;
*) winbox - show “Gateway” column by default under “IPv6/Routes” menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;

To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

1 of my AC3 devices upgraded, so far no issues seen (it’s running for a whole 5 minutes ).

Nice changelog, I don’t know how to find that “rose-storage” ..

documentation draft:
https://help.mikrotik.com/docs/display/ROS/ROSE-storage

you need to install rose-storage package first

Still no hardware acceleration for OpenVPN tunnel and IPQ-6010 processor (hAP ax3)

I’ve downloaded the extra packages but somehow I’ve missed it, now I’ve found it thank you!
LE: I see you’re using ksmbd, please be sure to keep it up to date with latest security patches as some nasty flaws were discovered..

What does this mean?
upgrade - show error message when license prohibits upgrade;

For a CHR instance without an active license

may you elaborate little bit further?
*) x86 - fixed SR-IOV support for Intel X710 series NIC;

we use them and the only issue is the fact that we must use only auto about cpu irq interface queue. Is it something about?

What is the reasoning for not allowing new devices being sold now with V7 to be reinstalled with V6? Seems like it’d be reasonable and considerate to remove this limitation until 7 becomes fit for professional use.

Intresting. Mikrotik planning to enter the SAN/NAS business?

Since updating to 7.8beta2 I’m having issues importing remote container image zabbix/zabbix-proxy-sqlite3:alpine-6.0-latest on my RB5009 (arm64). It was working fine on 7.7rc5.

 16:43:05 container,info,debug importing remote image: zabbix/zabbix-proxy-sqlite3, tag: alpine-6.0-latest
 16:43:05 system,info item added by cesar
 16:43:07 container,info,debug error response getting manifests: 404
 16:43:07 container,info,debug was unable to import, container 4a07240c-862b-4861-a16a-68605478ad54

After changing to zabbix/zabbix-proxy-sqlite3:alpine-6.0.12 it works fine again:

 16:45:28 container,info,debug importing remote image: zabbix/zabbix-proxy-sqlite3, tag: alpine-6.0.12
 16:45:28 system,info item added by cesar
 16:45:31 container,info,debug getting layer sha256:6875df1f535433e5affe18ecfde9acb7950ab5f76887980ff06c5cdd48cf98f4
 16:45:32 container,info,debug layer sha256:6875df1f535433e5affe18ecfde9acb7950ab5f76887980ff06c5cdd48cf98f4 downloaded
 16:45:32 container,info,debug getting layer sha256:2068be5b412156c5bc2936aeb988446cb6ac458c4c408ac51b5143e9632073f0
 16:45:33 container,info,debug layer sha256:2068be5b412156c5bc2936aeb988446cb6ac458c4c408ac51b5143e9632073f0 downloaded
 16:45:33 container,info,debug getting layer sha256:35af6ce2b615d78f6617ef90fdbb0aef91a77c766594c28325a8e9e589d0e002
 16:45:33 container,info,debug layer sha256:35af6ce2b615d78f6617ef90fdbb0aef91a77c766594c28325a8e9e589d0e002 downloaded
 16:45:33 container,info,debug getting layer sha256:7becd6903f60f84a63358dbfbf033e34094e07d255085fe0d9a2fe48481e74b6
 16:45:34 container,info,debug layer sha256:7becd6903f60f84a63358dbfbf033e34094e07d255085fe0d9a2fe48481e74b6 downloaded
 16:45:34 container,info,debug getting layer sha256:21bb24f368b7ae4b135a1ef432a6379a54310c37e8a7b8d54d0260d7cd768f9d
 16:45:35 container,info,debug layer sha256:21bb24f368b7ae4b135a1ef432a6379a54310c37e8a7b8d54d0260d7cd768f9d downloaded
 16:45:35 container,info,debug getting layer sha256:9e1e869413aec50921ae70ba3b2098e56ab598bb6a26d2b0d5c697f7c433cb00
 16:45:37 container,info,debug layer sha256:9e1e869413aec50921ae70ba3b2098e56ab598bb6a26d2b0d5c697f7c433cb00 downloaded
 16:45:38 container,info,debug getting layer sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1
 16:45:38 container,info,debug layer sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 downloaded
 16:45:38 container,info,debug getting layer sha256:e4034d2118985bc524c23df0d8c998c604ee97aef464494c39111bf32ebd9335
 16:45:39 container,info,debug layer sha256:e4034d2118985bc524c23df0d8c998c604ee97aef464494c39111bf32ebd9335 downloaded
 16:45:39 container,info,debug import successful, container c3a27c76-186a-47bf-ace4-04fcff0790fd

zabbix/zabbix-proxy-sqlite3:alpine-6.0-latest was updated a few hours ago. Maybe something is wrong on Docker Hub? Or is it a bug in 7.8beta2?

Zero Trust Cloudflare package option missing.

Nice start for this new version but I like to see in the roadmap to get High Availability (HA) in which I can have 2 CRS3xx/CRS5xx in a stack in which all the configurations on the primary and connection states are sync-up constantly in the secondary (including DHCP leases). That will be a killer feature to have

https://www.youtube.com/watch?v=BbDnBxlBTdY

First, one shouldnt feed the troll posts like mine ;-PP
Secondly, accessing it via container is discriminatory and dumb, it should be a package avail on all MT devices.

Bon appetit!

I do like new stuff and new version. But for me this seems to be more like 7.7.1 beta, not 7.8 beta
Mostly fixes and improvements, and new stuff added are just cosmetic.

yessss

after so many v7 iterations …

1. SFP data is back
2. SLAAC address show as expected
3. RA route show as expected
4. SNMP readout of SFP values as expected
   rb760igs
   
   

pls fix BGP-VRF-VPNv4 - working with RR