Community discussions

MikroTik App
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 274
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

v6.49.8 [long-term] is released!

Tue May 23, 2023 12:13 pm

RouterOS version 6.49.8 has been released in the "v6 long-term" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.49.8 (2023-Jul-19 13:40):

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) console - updated copyright notice;
*) defconf - fixed invalid default password setting after configuration reset for 60GHz interface (introduced in v6.49.5);
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.
 
cdemers
Member Candidate
Member Candidate
Posts: 224
Joined: Sun Feb 26, 2006 3:32 pm
Location: Canada
Contact:

Re: v6.49.8 [stable] is released!

Tue May 23, 2023 6:11 pm

So far so good on roll out on test devices/networks, no issues so far, after some more testing will start slowly rolling out to main network. Glad there was an update, I have many mipsbe devices that really can't run V7 in production.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: v6.49.8 [stable] is released!

Tue May 23, 2023 9:14 pm

Updated a RB750r2 (was 6.49.6) and RB750Gr3 (was 6.49.7) to 6.49.8 without issues noted so far. Neither of those is critical.
I will update my RB4011 (currently 6.49.6) tonight when I'm home. This one is critical to my operation.
 
aTOMico
just joined
Posts: 6
Joined: Sun Jan 16, 2022 5:31 pm

Re: v6.49.8 [stable] is released!

Tue May 23, 2023 10:06 pm

Updated RB4011 from 6.49.7 . No problems so far. Ipv6 is working like before using DHCPV6 client for prefix and adress, ND and DHCPv6 server for transmitting DNS.servers. Router advertisements on in IPV6 settings.

Thank you for the security fix.
 
User avatar
krafg
Forum Guru
Forum Guru
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: v6.49.8 [stable] is released!

Thu May 25, 2023 12:26 am

Thanks for this update.

Upgraded successfully all my devices.

Regards.
 
Cl3an
just joined
Posts: 3
Joined: Wed Dec 01, 2021 12:08 am

Re: v6.49.8 [stable] is released!

Thu May 25, 2023 11:50 am

Anyone else having issue with the date/time settings after upgrade?
My was 12h off. I had to manually set my time.
Then Enabled SNTP and added se.pool.ntp.org as servers.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.49.8 [stable] is released!

Thu May 25, 2023 12:06 pm

MT devices don't have RTC built in, so ROS has to "invent" an approximation to current time when it boots. After initial boot (from factory or after netinstall), ROS doesn't have any better clue so it sets time to 1970-01-01 00:00:00. After a "normal" reboot, ROS takes time stamp of some of recent files and starts from there. Since everybody wants small number of writes to built-in storage, this means that timestamp can be old (from minutes to hours).

So when there's a mechanism which retrieves precise time stamps (either NTP client or cloud time) and ROS has to step time (by more than some margin, with normal NTP client this is when time difference exceeds few tens of seconds), there's a log entry - because stepping time means discontinuity in timestamps (e.g. of log entries). Seeing those in log happening a short time period after device reboot is thus normal. However, if this happens regularly or after longer uptime, this might indicate some kind of problem.

And yes, configuring and enabling (S)NTP client on ROS device is the right thing to do.
 
Cl3an
just joined
Posts: 3
Joined: Wed Dec 01, 2021 12:08 am

Re: v6.49.8 [stable] is released!

Thu May 25, 2023 3:38 pm

MT devices don't have RTC built in, so ROS has to "invent" an approximation to current time when it boots. After initial boot (from factory or after netinstall), ROS doesn't have any better clue so it sets time to 1970-01-01 00:00:00. After a "normal" reboot, ROS takes time stamp of some of recent files and starts from there. Since everybody wants small number of writes to built-in storage, this means that timestamp can be old (from minutes to hours).

So when there's a mechanism which retrieves precise time stamps (either NTP client or cloud time) and ROS has to step time (by more than some margin, with normal NTP client this is when time difference exceeds few tens of seconds), there's a log entry - because stepping time means discontinuity in timestamps (e.g. of log entries). Seeing those in log happening a short time period after device reboot is thus normal. However, if this happens regularly or after longer uptime, this might indicate some kind of problem.

And yes, configuring and enabling (S)NTP client on ROS device is the right thing to do.
Thank you!
 
User avatar
krafg
Forum Guru
Forum Guru
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: v6.49.8 [stable] is released!

Thu May 25, 2023 4:12 pm

Anyone else having issue with the date/time settings after upgrade?
My was 12h off. I had to manually set my time.
Then Enabled SNTP and added se.pool.ntp.org as servers.
I not noticed that. All is working fine.

Regards.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.49.8 [stable] is released!

Thu May 25, 2023 4:23 pm

On my ROS 7.9.1 driven RB951G I got single

may/22 12:48:52 system,critical,info ntp change time May/22/2023 12:48:52 => May/22/2023 19:21:20

about 16 seconds after booting. Seems like the log entry timestamp is the unstepped value ... The time step of 6,5 hours is substantial. Another device had time step of almost 16 hours.

I think it's much better to see such a time step early after boot than to have time offset dragging for days (or forever if device doesn't get any time update from any source).

[edit]
I'm looking at one of ROS 6.49.8 driven devices. There I don't see similar message. However I'm suspecting that time step does happen as well, there's a timestamp discontinuity during later stages of boot procedure, amounting to "only" 1,5 minutes ...
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v6.49.8 [stable] is released!

Wed Jun 21, 2023 6:34 am

Hi Mikrotik,

in v6.48.9

/ipv6 route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
DST-ADDRESS GATEWAY DISTANCE
0 ADb 2001:4:112::/48 fe80::a05:e2ff:fe07:7... 20
1 Db 2001:4:112::/48 fe80::a05:e2ff:fe07:7... 20
2 ADb 2001:500:3::/48 fe80::6e3b:6bff:feec:... 20
3 Db 2001:500:3::/48 fe80::6e3b:6bff:feec:... 20

in v7.10rc
MikroTik-BGP] > /ipv6/route/print
Flags: D - dynamic; X - disabled, I - inactive, A - active;
c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, g - slaac, y - bgp-mpls-vpn; H - hw-offloaded; + - ecmp
DST-ADDRESS GATEWAY DISTANCE
DAb 2001::/32 2001:f20:f000:3815:4:... 20
DAb 2001:4:112::/48 2001:f20:f000:3815:4:... 20
DAb 2001:200::/32 2001:f20:f000:3815:4:... 20
DAb 2001:200:900::/40 2001:f20:f000:3815:4:... 20
DAb 2001:200:e00::/40 2001:f20:f000:3815:4:... 20
[Q quit|D dump|down]


i have reply from support regarding this issue, with v6 i have to filter it to make global as preferred.

Can u make v6 also choose global as preference please,
because it's not common way with other routers, it's make our partners with other router asking why?
please make it standard/ common way without adding any additional filter

thx
 
Guntis
MikroTik Support
MikroTik Support
Posts: 153
Joined: Fri Jul 20, 2018 1:40 pm

Re: v6.49.8 [stable] is released!

Wed Jun 21, 2023 1:14 pm

Version 6 will only receive critical and security fixes. There are no plans to add general behavior adjustments or new features to it.
 
AdHocCZ1
just joined
Posts: 5
Joined: Fri Jan 20, 2023 6:28 pm

Re: v6.49.8 [stable] is released!

Sun Jul 09, 2023 3:43 am

INFO ONLY:

MS Win 10.0.19045.3086
sigcheck -s -e -u -c .

Sigcheck v2.90 - File version and signature viewer
Copyright (C) 2004-2022 Mark Russinovich
Sysinternals - www.sysinternals.com

EXPIRED = A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file

Publisher, Date, Verified, Path
Mikrotikls SIA, 22.05.2023 15:44, EXPIRED, .\routeros\6.49.8\btest.exe
Mikrotikls SIA, 05.01.2012 20:21, EXPIRED, .\routeros\6.49.8\dude-install-6.49.8.exe
Mikrotikls SIA, 22.05.2023 15:45, EXPIRED, .\routeros\6.49.8\flashfig.exe
Mikrotikls SIA, 22.05.2023 15:44, EXPIRED, .\routeros\6.49.8\unpacked\netinstall.exe
Mikrotikls SIA, 01.01.1970 02:00, EXPIRED, .\routeros\6.49.8\unpacked\netinstall64.exe

Mikrotikls SIA, 23.05.2023 07:57, EXPIRED, .\routeros\6.48.7\btest.exe
Mikrotikls SIA, 05.01.2012 20:21, EXPIRED, .\routeros\6.48.7\dude-install-6.48.7.exe
Mikrotikls SIA, 23.05.2023 07:57, EXPIRED, .\routeros\6.48.7\flashfig.exe
Mikrotikls SIA, 23.05.2023 07:56, EXPIRED, .\routeros\6.48.7\unpacked\netinstall.exe
Mikrotikls SIA, 01.01.1970 02:00, EXPIRED, .\routeros\6.48.7\unpacked\netinstall64.exe

EDIT: formatting changed to not appear as an alert and appear more as an info
Last edited by AdHocCZ1 on Mon Jul 10, 2023 6:18 am, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.49.8 [stable] is released!

Sun Jul 09, 2023 7:53 pm

A file signed in the past, with a certificate that was valid at the time, but has now expired, does not mean that the file is corrupted or that the signature is forged...

You are creating Alerts for nothing...
 
prawira
Trainer
Trainer
Posts: 357
Joined: Fri Feb 10, 2006 5:11 am

Re: v6.49.8 [stable] is released!

Tue Jul 18, 2023 10:43 am

is this version include the fix of #[SUP-92244] regarding max active session of the dude ?

thank you

P
 
DenisPDA
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Tue Sep 04, 2018 5:42 pm

Re: v6.49.8 [stable] is released!

Thu Jul 20, 2023 10:52 am

ROS 6 CVE-2023-30799
https://nvd.nist.gov/vuln/detail/CVE-2023-30799
Actual ???
 
p3rad0x
Long time Member
Long time Member
Posts: 637
Joined: Fri Sep 18, 2015 5:42 pm
Location: South Africa
Contact:

Re: v6.49.8 [stable] is released!

Thu Jul 20, 2023 11:10 am

ROS 6 CVE-2023-30799
https://nvd.nist.gov/vuln/detail/CVE-2023-30799
Actual ???
I see 6.49.8 is showing longterm, and 6.49.7 stable. Strange
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.49.8 [stable] is released!

Thu Jul 20, 2023 11:16 am

6.49.8 has been promoted to the long-term channel. At the moment, for v6, the long-term and stable releases are both the same - 6.49.8. There is a little mixup with the download page which will be fixed as soon as possible.

The only difference between stable and long-term releases is the name under, for example, the "/system resources" menu.
 
DenisPDA
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Tue Sep 04, 2018 5:42 pm

Re: v6.49.8 [stable] is released!

Thu Jul 20, 2023 12:02 pm

ROS 6 CVE-2023-30799
https://nvd.nist.gov/vuln/detail/CVE-2023-30799
Actual ???
So the vulnerability is relevant in v6.49.8 ????
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.49.8 [long-term] is released!

Thu Jul 20, 2023 12:21 pm

If its the case, it needs to be fixed. It seems that you need a user that do have right to log inn to the router to use this vulnerability.
But I do not feel any pity for user leaving Winbox or HTTP admin gui open to the pubic.
 
DenisPDA
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Tue Sep 04, 2018 5:42 pm

Re: v6.49.8 [long-term] is released!

Thu Jul 20, 2023 12:24 pm

If its the case, it needs to be fixed. It seems that you need a user that do have right to log inn to the router to use this vulnerability.
But I do not feel any pity for user leaving Winbox or HTTP admin gui open to the pubic.
Sometimes you have to give limited access to contractors,
and I don't want them to be able to elevate permissions
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.49.8 [long-term] is released!

Thu Jul 20, 2023 12:35 pm

As stated in the CVE - "MikroTik RouterOS stable before 6.49.7...". Yes, 6.49.8 is built on 6.49.7. Thus it includes the same fix.
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 559
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v6.49.8 [long-term] is released!

Sat Jul 22, 2023 5:01 pm

On CRS2xx, do you suggest keeping v6 ? We use them as plain switch to aggregate fibers... no use to put v7 on them?
 
davidalain
just joined
Posts: 16
Joined: Thu Aug 03, 2017 3:24 am
Location: Brazil

Re: v6.49.8 [long-term] is released!

Sat Jul 22, 2023 7:03 pm

Remote SSH login using a private key is not working on this release.
I have automated backup scripts via SSH that are broken after this upgrade :(
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: v6.49.8 [long-term] is released!

Sun Jul 23, 2023 3:41 pm

So is this just a recompilation/rerelease of 6.49.8 (stable) with no code changes? The original release has a different timestamp - "What's new in 6.49.8 (2023-May-22 16:07)"
 
martinclaro
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Sat Sep 28, 2013 6:08 am
Location: Buenos Aires, Argentina
Contact:

Re: v6.49.8 [long-term] is released!

Sun Jul 23, 2023 11:19 pm

Upgraded many RB760iGS, cAP-ac, RB4011, and CHR and everything looks good.

@davidalain do you mean using ROS as SSH client to connect to other devices?
 
davidalain
just joined
Posts: 16
Joined: Thu Aug 03, 2017 3:24 am
Location: Brazil

Re: v6.49.8 [long-term] is released!

Tue Jul 25, 2023 5:30 am

@davidalain do you mean using ROS as SSH client to connect to other devices?
I made a backup script using shell script in a Linux machine.
So Mikrotik devices act as SSH servers and a Linux machine as the SSH client.

CCR1072, CCR1009, RB4011, and hEX S.
 
martinclaro
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Sat Sep 28, 2013 6:08 am
Location: Buenos Aires, Argentina
Contact:

Re: v6.49.8 [long-term] is released!

Tue Jul 25, 2023 6:12 am

I made a backup script using shell script in a Linux machine.
So Mikrotik devices act as SSH servers and a Linux machine as the SSH client.

CCR1072, CCR1009, RB4011, and hEX S.
My case is similar to yours (using a RSA priv/pub key pair) and works perfectly after upgrade, at least on RB4011 and hEX S (RB760iGS) devices.

What was the previous version installed on your devices?
 
bmann
newbie
Posts: 25
Joined: Sat Jan 05, 2013 2:10 pm

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 1:02 pm

So 6.49.8 is now the latest and only version supported with v6,

How is the upgrade supported from v6.49.x to the v7?
Can I upgrade to the latest 7 version or do I need to go with some steps?
Do you have some date when v6 is out of support?

Thanks for info.
 
flapviv
just joined
Posts: 7
Joined: Wed Oct 13, 2021 7:50 am

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 1:07 pm

So 6.49.8 is now the latest and only version supported with v6,

How is the upgrade supported from v6.49.x to the v7?
Can I upgrade to the latest 7 version or do I need to go with some steps?
Do you have some date when v6 is out of support?

Thanks for info.
I have a ccr2004 with many bgp feeds, gre and sit tunnels, that I would like to upgrade too, but I wonder the best way to do that.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 1:08 pm

It depends on your configuration and your model of router whether your upgrade to v7 will be easy or you need to take some preparing steps (or even not want to do it).
 
holvoetn
Forum Guru
Forum Guru
Posts: 5325
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 1:09 pm

Do you NEED to upgrade to ROS7 ?
And for what devices ?

Some devices will not run ROS7 efficiently (e.g. everything with less then 64Mb RAM).
If there are no features in ROS7 which you are currently missing, there is no need to upgrade.

Other then that, depending on your config, an upgrade can be smooth sailing or might need some interventions.
See here:
https://help.mikrotik.com/docs/display/ ... ding+to+v7
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 1:35 pm

Also you need to really study and test the upgrade before you do any upgrades in a production environment. E.G. in the help document it says:

BGP
All known configurations will upgrade from 6.x to 7.x successfully.

Well, that for sure is not correct, I have mentioned several times on the forum that not all configurations upgrade successfully, and you need to prepare.
E.g.:
- routing filters now have an implicit "reject" at the end, that used to be an implicit "accept". You may need to add an "accept" to your filters, depending on what they do and how they are structured
- in the peer configuration, update-source can no longer be the name of an interface, it HAS to be an address.
- in the networks configuration, it is no longer possible to have networks without the "synchronize" option
- route aggregation is no longer supported

So it is advisable to first rework your v6 configuration to adapt to the above, before you attempt an in-place upgrade.
 
flapviv
just joined
Posts: 7
Joined: Wed Oct 13, 2021 7:50 am

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 1:47 pm

Also you need to really study and test the upgrade before you do any upgrades in a production environment. E.G. in the help document it says:

BGP
All known configurations will upgrade from 6.x to 7.x successfully.

Well, that for sure is not correct, I have mentioned several times on the forum that not all configurations upgrade successfully, and you need to prepare.
E.g.:
- routing filters now have an implicit "reject" at the end, that used to be an implicit "accept". You may need to add an "accept" to your filters, depending on what they do and how they are structured
- in the peer configuration, update-source can no longer be the name of an interface, it HAS to be an address.
- in the networks configuration, it is no longer possible to have networks without the "synchronize" option
- route aggregation is no longer supported

So it is advisable to first rework your v6 configuration to adapt to the above, before you attempt an in-place upgrade.
Thank you so much for this helping advice!!!
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 2:03 pm

As stated in the CVE - "MikroTik RouterOS stable before 6.49.7...". Yes, 6.49.8 is built on 6.49.7. Thus it includes the same fix.

I visited a lonely page that feels completely neglected by Mikrotik: https://blog.mikrotik.com/security/ also supplies RSS feed for Mikrotik.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 3:05 pm

I visited a lonely page that feels completely neglected by Mikrotik: https://blog.mikrotik.com/security/ also supplies RSS feed for Mikrotik.
+1 and it isn't clear if that CVE-2023-30799 was only addressed in 6.49.7 onwards, or also in 6.48.7 LTS which was released at a later date - there is nothing in the release notes.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 3:24 pm

... it isn't clear if that CVE-2023-30799 was only addressed in 6.49.7 onwards, or also in 6.48.7 LTS which was released at a later date - there is nothing in the release notes.
No, post #22 above probably sums up the status completely (not mentioning 6.48.7 does mean something). But since 6.49.8 is now LTS, it doesn't matter if the vulnerability is fixed in 6.48.7 or not.
 
bmann
newbie
Posts: 25
Joined: Sat Jan 05, 2013 2:10 pm

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 4:57 pm

Regarding upgrade to v7.
Yes, the preparation is needed in general, that is right.

But my point is the official position of Mikrotik.
There is difference if the migration is supported officially or not. For example v7.10 supports migration, but 7.11 not etc,
For me it seems that migration is supported in general with all versions and probably will be, but looking for some more official information.
The same with v6 lifespan.

For me there is no need no upgrade to v7, but good to know for future planning.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 8:34 pm

... it isn't clear if that CVE-2023-30799 was only addressed in 6.49.7 onwards, or also in 6.48.7 LTS which was released at a later date - there is nothing in the release notes.
No, post #22 above probably sums up the status completely (not mentioning 6.48.7 does mean something). But since 6.49.8 is now LTS, it doesn't matter if the vulnerability is fixed in 6.48.7 or not.
The problem is that the place where Mikrotik could provide clearity is not used. Now we have to go through several posting to have an answer.

It looks to me like that Mikrotik is somekind ashamed of having to admit that CVE are resolved. The blog is burried and can't be found on the Mikrotik site itself...atleast I could not find it there.

Maybe Normis is going to make a catchy YouTube video for each CVE concering Mikrotik, in the future.
 
User avatar
fischerdouglas
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Mar 07, 2019 6:38 pm
Location: Brazil
Contact:

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 8:46 pm

Please adjust the download page.
RouterOS_CHR_6.49.7_not-as-stable_please.png
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.49.8 [long-term] is released!

Wed Jul 26, 2023 9:09 pm

There is difference if the migration is supported officially or not. For example v7.10 supports migration, but 7.11 not etc,
That just doesn't make sense. Even starting from version 7.0 migration was supported officially. Of course there were many problems, and depending on your usage scenario versions below 7.10 may be completely unusable, but with every higher version it generally becomes better.
(of course new bugs are also sometimes introduced)
I advise you to study the material cited above and the experiences posted by users on the forum before trying the upgrade, especially on critical or remotely located devices.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: v6.49.8 [long-term] is released!

Thu Jul 27, 2023 12:42 am

... it isn't clear if that CVE-2023-30799 was only addressed in 6.49.7 onwards, or also in 6.48.7 LTS which was released at a later date - there is nothing in the release notes.
No, post #22 above probably sums up the status completely (not mentioning 6.48.7 does mean something). But since 6.49.8 is now LTS, it doesn't matter if the vulnerability is fixed in 6.48.7 or not.

In my opinion it doesn't, all it states is that 6.49.8 includes the fix which was implemented in 6.49.7. The release notes for neither reference this CVE being fixed, so I don't see how the inclusion or absence in 6.48.7 LTS can be inferred.

Given that 6.48.7 LTS was released 2023-May-23 it should include any critical vulnerability fixes which were included in 6.49.7, released some seven months earlier, otherwise what's the point of having an LTS branch? And why wasn't there an LTS release at that time either?
 
User avatar
fischerdouglas
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Mar 07, 2019 6:38 pm
Location: Brazil
Contact:

Re: v6.49.8 [long-term] is released!

Wed Aug 02, 2023 12:17 pm

Thanks!
RouterOS_CHR_stable_6.49.8_thanks.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.49.8 [long-term] is released!

Sun Aug 06, 2023 6:08 am

Not tested on 6.49.8 but probably applies to this version as well:
⚠️Security Issue: Changing rights / disable / delete the users has no effect on already logged in users. [Tested on 6.48.7 and 7.10.2]
viewtopic.php?t=198410
 
i4ko
newbie
Posts: 39
Joined: Sat Sep 26, 2015 9:23 pm
Location: Arizona/Bulgaria/Sweden/France

Re: v6.49.8 [long-term] is released!

Sun Aug 20, 2023 5:49 am

That was a bust. Upgrading from previous long-term did not go well on a 750gr3.
Basically lost all entries in all but one address-lists, and even the one that had entries had been truncated badly after the upgrade (~29000 entries showing only). What is interesting is that the address lists names were showing in Winbox, even though there were zero entries in each (command line showed zero as well). Needless to say that device was borked for service and had to be replaced with another device that was on site (a cold-spare backup of the same device that unfortunately had 2.5 year old configuration). Total number of address-list entries in the pre-upgrade configuration was just shy of 70000, of which about 69000 in one address-list (both static and few dynamic entries) another address list had 846-900 static only entries in it and another 6 address lists had between 3 and 25 static-only entries.
Another lesson learned - always make and download a backup of a device before upgrade.. I didn;t expecting that this was a simple long-term to long-term upgrade with changelog identical to currently running release.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.49.8 [long-term] is released!

Sun Aug 20, 2023 12:08 pm

Another lesson learned - always make and download a backup of a device before upgrade.. I didn;t expecting that this was a simple long-term to long-term upgrade with changelog identical to currently running release.
Maybe you should read the first post in the release topic:
Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;

Probably the storage in your device was full and/or the database had been corrupted. The same problems may have occurred when you simply rebooted the device without upgrade!
I would say 70000 address list entries is too much to ask of this low-end device, but I have no hard numbers for that.
Your problems are 99% sure not related to the upgrade or the new version.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.49.8 [long-term] is released!

Sun Aug 20, 2023 3:40 pm

I would say 70000 address list entries is too much to ask of this low-end device,

My experience: I've had my hAP ac2 running 6.47.x and four lengthy address lists, two were IPv4 address lists (5.4k and 8.8k subnet addresses) and two were IPv6 address lists (1.9k and 2.7k subnet addresses). It was working fine with something like 0.5MB free storage (but I did have it installed with unbundled packages, this might have helped). Then I netinstalled the device to 7.9.1 and it worked just fine until I tried to install those address lists again. At this stage storage space was exhausted (with incomplete address lists installed) and I couldn't even clear the address lists. But otherwise device worked fine. I don't remember if there were any ill effects when rebooting device since I noticed the problem with lack of storage pretty soon.
So it was netinstall again, this time without those address lists (and with 0.8MB storage free).

Yes, I agree with @pe1chl that devices with less than 128MB storage (hEX has 16MB as well) should not be burdened with lengthy address lists ... where "lengthy" is anything larger than 1000 addresses.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.49.8 [long-term] is released!

Sun Aug 20, 2023 5:47 pm

Yes, but hAP ac2 is even worse than hEXr3 because the ARM architecture uses way more space than MMIPS or MIPSBE.
Still, one has to understand that so many config items take space in the config database, and some of that space is not reclaimed when deleting them, so when it in fact is a kind of dynamic list that is regularly changed (downloaded from an external server, for example) it is even worse.
 
i4ko
newbie
Posts: 39
Joined: Sat Sep 26, 2015 9:23 pm
Location: Arizona/Bulgaria/Sweden/France

Re: v6.49.8 [long-term] is released!

Sun Aug 27, 2023 7:08 am

Well, I don't agree fully with you pe1chl. Yes, the HEXr3 only has 16mg flash, which is extremely surprising. It is more expensive to buy 16mb flash chips than 128mb flash chips and has been for the last 4 years at least, but even with that:
a) after copying the lists from another device that had them, the full encrypted backup is 990kb. And a good part of that is PKI certificates.
b) the lists were not the last thing in the configuration, yet they are the only ones that got mangled. the configuration that is after the lists came over just fine
b) free space on the device with the lists back on is 23% - so 3.6mb - that is more than enough to backup the config
d) even if the space was not enough, MTK software should detect the inability to perform the upgrade successfully and abort it with appropriate log entries to ensure that the device remains operational.
It was unusual to have those lists that big, normally they get built by the router due to firewall rules hits, but once a month get pulled back, aggregated (and some other processing), and replaced with the aggregates, which reduce them to about 1200-1400 total entries. The update was done just a few days before this process.
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 274
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v6.49.8 [long-term] is released!

Fri Sep 15, 2023 1:09 pm

New version v6.49.10 has been released:
viewtopic.php?t=198941

Who is online

Users browsing this forum: Bing [Bot], bp0, eworm, grusu, herger, Mahesh and 29 guests