Page 1 of 1

v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 11:57 am
by emils
RouterOS version 6.42.12 has been released in public "long-term" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.42.12 (2019-Feb-12 08:23):

MAJOR CHANGES IN v6.42.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------

Changes in this release:

*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this specific RouterOS release.

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 2:17 pm
by easyspot
Why dont u make auto reboot after firmware upgrade???? Every new update also update firmware, and u put an option to auto upgrade firmware. But why do we have to reboot manually???

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 2:21 pm
by emils
There are no firmware related changes in this release. Why do you feel it is necessary to upgrade it?

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 2:40 pm
by skylark
Why dont u make auto reboot after firmware upgrade???? Every new update also update firmware, and u put an option to auto upgrade firmware. But why do we have to reboot manually???
Such auto-upgrade reboot you can create with very basic scripting.

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 2:50 pm
by Jotne
There are no firmware related changes in this release. Why do you feel it is necessary to upgrade it?
How do we know that?
Number has increased, so alt least that has changed.

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 2:52 pm
by easyspot
How do we know if there is no firmware change, since it changed from 6.42.11 to 6.42.12, and auto upgrade setting really did firmware upgrade?

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 2:58 pm
by emils
Usually it is indicated by "("/system routerboard upgrade" required)" added to the specific change log entry. Automatic reboot would just pointlessly increase the total upgrade time necessary for really no benefit.

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 3:00 pm
by Paternot
There are no firmware related changes in this release. Why do you feel it is necessary to upgrade it?
Because there is no indication otherwise. Before the firmware number changed only when some upgrade was made to it. Now it is locked with the ROS version. How can we know when to upgrade?

That was a terrible idea: destroyed any sane way we had to keep track of when we should upgrade the firmware.

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 3:02 pm
by Paternot
Usually it is indicated by "("/system routerboard upgrade" required)" added to the specific change log entry. Automatic reboot would just pointlessly increase the total upgrade time necessary for really no benefit.
No one can be expected to go through the logs, just to find it out. Why don't we get a nice warning, at the same line of firmware version?

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 3:07 pm
by easyspot
I managed over 400 routerboards, almost all architecture, so how do I know if this or that routerboard got no firmware changes? U want me to watch every routerboard tiny firmware notification during update?

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 3:09 pm
by easyspot
U wanna match firmware version with ros version is ok, u wanna make it auto upgrade is cool, just add a little tiny feature: auto reboot after firmware upgrade. So when we do package update, rebooting, firmware auto upgrade, auto reboot, then all done.

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 3:12 pm
by emils
Thank you for your feedback. Now please keep the discussion related to this specific RouterOS version.

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 3:31 pm
by nickshore
What does this mean ?

*) wireless - improved antenna gain setting for devices with built in antennas;

It would be nice if it knew the antenna gain of the device, just tested on a 4011 with wireless, and nothing obvious in winbox.

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 4:11 pm
by normis
For devices with antenna, it does know the gain.
Open Wireless -> Wlan2 -> Advanced -> Antenna gain will show 3 in the RB4011

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 7:30 pm
by nest
By default, the value is left at zero on upgrade.

Changing to Regulatory Domain mode, selecting a country, leaving the value at zero and clicking on 'Apply' generates a pop up error message. I've not been able to make it show me "3" by default.

Plus... Since when is the antenna gain dependent on the country the device is located in? Therefore why check it when selecting a country? The antenna is 3dBi (or whatever is physically installed in the RB) and always will be, regardless of where it is physically (OK - unless someone opens it up and makes some serious modifications!)

Lastly - what's with the (6) at the end of the error message? That is suggesting that the antenna gain is 3 or it might also be 6?
Screen Shot 2019-02-12 at 17.04.19.png
Screen Shot 2019-02-12 at 17.12.09.png

Re: v6.42.12 [long-term] is released!

Posted: Tue Feb 12, 2019 11:10 pm
by whitbread
This is the end Mikrotik! Regulation got u by the balls.
With antenna gain and TX limitation there is no way to use Mikrotik wireless devices anymore unless u stick to a version prior to these awful changes. Even if I would tend to see the root of these changes outside of Mikrotik the devices are crippled practically.
You should think about a way to run those devices with regulatory channels but without brakes for those who dont even have neighbors they could jam with a little bit more power while allowing reasonable range for ur devices.

Re: v6.42.12 [long-term] is released!

Posted: Wed Feb 13, 2019 12:34 am
by zajadacz
This is the end Mikrotik! Regulation got u by the balls.
Superchannel is still available and it has no limitations.

Re: v6.42.12 [long-term] is released!

Posted: Wed Feb 13, 2019 10:31 am
by honzam
Regulation is the EU law.
But how to read "current tx power" values? On AC hardware is not displayed :-( :-(

Re: v6.42.12 [long-term] is released!

Posted: Wed Feb 13, 2019 7:35 pm
by Caci99
This is the end Mikrotik! Regulation got u by the balls.
With antenna gain and TX limitation there is no way to use Mikrotik wireless devices anymore unless u stick to a version prior to these awful changes. Even if I would tend to see the root of these changes outside of Mikrotik the devices are crippled practically.
You should think about a way to run those devices with regulatory channels but without brakes for those who dont even have neighbors they could jam with a little bit more power while allowing reasonable range for ur devices.
It has been mentioned a thousand times by now. Chose no country, and there you have your freedom to do what ever you like in braking the regulations. Do you really believe MikroTik is to be held responsible for the regulations enforced by local Laws?

Re: v6.42.12 [long-term] is released!

Posted: Mon Feb 18, 2019 1:58 pm
by nest
Regulation is the EU law.
But how to read "current tx power" values? On AC hardware is not displayed :-( :-(
It’s on Status tab for AC chipsets

Re: v6.42.12 [long-term] is released!

Posted: Fri Feb 22, 2019 12:04 pm
by Deantwo
MAJOR CHANGES IN v6.42.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
Definitely missing some more details about when and how to we are vulnerable to this vulnerability.
I would like to know if WinBox service whitelist is enough to keep a <v6.42.12 router safe.
/ip service
set winbox address=a.b.c.d/32
Since upgrading from v6.40.8 to v6.42.12 will take some time to test if new bridges and changes to netwatch script execitation doesn't break anything in my setup. I need to know how much I need to hurry with this update.
Sad this wasn't mentioned at all in the blog post too.

Re: v6.42.12 [long-term] is released!

Posted: Fri Feb 22, 2019 2:50 pm
by Deantwo
MAJOR CHANGES IN v6.42.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
Definitely missing some more details about when and how to we are vulnerable to this vulnerability.
I would like to know if WinBox service whitelist is enough to keep a <v6.42.12 router safe.
/ip service
set winbox address=a.b.c.d/32
I got an answer from @normis in another thread.
Yes, "service" menu limitation will protect you, the service "winbox" affects winbox/dude/tik-app all at the same time.
So yes, an address whitelist on your WinBox service will protect you from this.

Re: v6.42.12 [long-term] is released!

Posted: Fri Feb 22, 2019 4:00 pm
by Jotne
I would like to know if WinBox service whitelist is enough to keep a <v6.42.12 router safe.
/ip service
set winbox address=a.b.c.d/32
I would say no.
It may be enough for the latest discovered bug, but there may be more.
You should never open Winbox to internet.

Use VPN if you can, if can not do that and still need Winbox open

1. Use an access list,
2. Use another port than default.
3. Use port knocking.
4. Send all log of changes to an external server (syslog)
5. Use a script to open winbox port in a small time frame each week.
6.+++

Re: v6.42.12 [long-term] is released!

Posted: Sat Feb 23, 2019 11:22 am
by meetriks
Hi,

Is seems the RB751 doesn't show the internal gain correctly. The RB951 shows correctly.

Regards,
Harry
[admin@KANTOOR] > /interface wireless info hw-info 
interface: 
      ranges: 2200-2700/0.5/b,g,gn20,gn40
   tx-chains: 0,1
   rx-chains: 0,1
  extra-info: pciinfo:0x0, cid:0, gain:0

[admin@KANTOOR] > /system routerboard print
       routerboard: yes
             model: 751G-2HnD
     serial-number: 3A65025BEA46
     firmware-type: ar7240
  factory-firmware: 3.0
  current-firmware: 6.42.12
  upgrade-firmware: 6.42.12

[admin@WOONKAMER] > /interface wireless info hw-info 
interface: 
      ranges: 2312-2732/5/b,g,gn20,gn40
              2484-2484/5/b,g,gn20,gn40
   tx-chains: 0,1
   rx-chains: 0,1
  extra-info: pciinfo:0x0, cid:0, gain:3

[admin@WOONKAMER] > /system routerboard print        
       routerboard: yes
             model: 951G-2HnD
     serial-number: 4F4504D222E3
     firmware-type: ar9344
  factory-firmware: 3.10
  current-firmware: 6.42.12
  upgrade-firmware: 6.42.12

Re: v6.42.12 [long-term] is released!

Posted: Sat Feb 23, 2019 2:55 pm
by Paternot
Does the hAP AC Lite (952Ui-5ac2nD) really go this high, on the 5GHz radio? I know, I know. Regulations, superchannel, etc. But the question is: does the hardware really go this high?
/interface wireless info hw-info wlan_5GHz 
      ranges: 4920-6100/5/a,an20,an40,ac20,ac40,ac80
   tx-chains: 0
   rx-chains: 0
  extra-info: pciinfo:0x0, cid:0, gain:2

Re: v6.42.12 [long-term] is released!

Posted: Sat Feb 23, 2019 9:19 pm
by meetriks
Does the hAP AC Lite (952Ui-5ac2nD) really go this high, on the 5GHz radio? I know, I know. Regulations, superchannel, etc. But the question is: does the hardware really go this high?
High as in frequentie? Or in channel bandwith? Or db power or what do you mean?

Re: v6.42.12 [long-term] is released!

Posted: Sat Feb 23, 2019 9:56 pm
by Paternot
Does the hAP AC Lite (952Ui-5ac2nD) really go this high, on the 5GHz radio? I know, I know. Regulations, superchannel, etc. But the question is: does the hardware really go this high?
High as in frequentie? Or in channel bandwith? Or db power or what do you mean?
Sorry. Frequency.

Re: v6.42.12 [long-term] is released!

Posted: Wed Mar 20, 2019 2:52 pm
by emils
New version 6.43.13 has been released in long-term RouterOS channel:

viewtopic.php?f=21&t=146778