MikroTik RouterOS MIPSBE Firmware 7.9 RC 4

Changes in this release:

- defconf - added CAPs mode script for wifiwave2 devices;
- ovpn - improved system stability for Tile devices;
- snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
- snmp - fixed SNMPv3 "Reportable" flag behavior;
- ssh - fixed SSH host key export (introduced in v7.9beta4);
- switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
- vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
- webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
- wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
- wifiwave2 - improved WPS connection speed;

Other changes since v7.8:

- bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
- bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
- bgp - improved BGP VPN selection;
- bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
- bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
- certificate - fixed bogus log messages;
- chr - fixed public SSH key pulling when running on AWS;
- console - added "/task" submenu (CLI only);
- console - added option to create new files using "/file add" command (CLI only);
- console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
- console - improved stability when doing "/console inspect" in certain menus;
- console - improved stability when editing long strings;
- console - improved system stability;
- console - removed bogus "reset" command from "/system resource usb" menu;
- console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
- console - replaced "fingerprint" with "skid" in "/certificate print";
- console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
- container - fixed invoking "container shell" more than once;
- container - improved "container pull" to support OCI manifest format;
- detnet - fixed interface state detection after reboot;
- dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
- dhcpv4-server - release lease if "check-status" reveals no conflict;
- disk - improved system stability when removing USB while formatting;
- ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
- filesystem - fixed partition "copy-to" function;
- firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
- health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
- health - fixed bogus value reporting for CRS510 device;
- ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
- ike2 - fixed minor logging typo;
- ipsec - added error log message when peer ID does not match certificate;
- ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
- ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
- ipsec - refactor X.509 implementation;
- ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
- ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
- ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
- l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
- leds - disable LEDs after "/system shutdown";
- lte - capped maximum lifetime of SLAAC address to 1 hour;
- lte - fixed CA band clearing on RAT mode change;
- lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
- lte - fixed LTE interface not showing up when resetting RouterOS configuration;
- lte - fixed passthrough mode when used together with another APN for Chateau 5G;
- lte - fixed R11-LTE-US in LTE passthrough mode;
- lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
- lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
- lte - fixed second modem halt on dual R11e-LTE6 setup;
- mpls- fixed LDP "preferred-afi" parameter;
- netinstall-cli - improved device reinstall on failed attempt;
- netwatch - added "startup-delay" setting (CLI only);
- netwatch - improved ICMP status evaluation when no reply was present;
- netwatch - limit "start-delay" range;
- ospf - fixed processing of fragmented LSAs;
- ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
- quickset - fixed displaying of "SINR" when value is 0;
- rose-storage - added option to nvme-discover with hostname (CLI only);
- rose-storage - fixed crash on nvme-tcp disable;
- rose-storage - fixed rsync transfer permissions;
- rose-storage - various stability fixes;
- route - fixed "dynamic-id" for VRF tables;
- route - improved system stability when making routing decision;
- route - show SLAAC routes under the "/routing route" menu;
- route-filter - improved stability when matching blackhole routes;
- routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
- sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
- sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
- sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
- sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
- sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
- sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
- sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
- sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
- snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
- snmp - improved outputting of routes;
- socks - added VRF support;
- ssh - added Ed25519 host key support;
- ssh - added support for Ed25519 key export and import in PKCS8 format;
- ssh - do not allow SHA1 usage with strong crypto enabled;
- ssh - improved service responsiveness when changing SSH service settings;
- ssh - improved SSH key import process;
- ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
- storage - mount RAM drive for devices with 32MB flash;
- supout - added DHCP server network section;
- switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
- switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
- timezone - updated timezone information from "tzdata2023c" release;
- tools - fixed "ip-scan" (introduced in v7.9beta4);
- user-manager - fixed process startup after booting (introduced in v7.9beta4);
- vrrp - added "self" value for "group-master" setting;
- vxlan - added forwarding table;
- vxlan - fixed packet drops when host moves between remote VTEPs;
- webfig - added inline comments;
- webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
- webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
- webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
- webfig - various stability fixes;
- wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
- wifiwave2 - added ability to configure antenna gain;
- wifiwave2 - added ability to configure beacon interval and DTIM period;
- wifiwave2 - added information on additional interface capabilities to radio parameters;
- wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
- wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
- wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
- wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
- wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
- wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
- wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
- wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
- wifiwave2 - improved general interface stability;
- wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
- wifiwave2 - increased maximum value for "channel.frequency" to 7300;
- wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
- winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
- winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
- winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
- winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
- winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
- winbox - added "Username" and "Password" properties under "Container/Config" menu;
- winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
- winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
- winbox - changed route flag name from "invalid" to "inactive";
- winbox - fixed "TLS" property under "Tools/Email" menu;
- winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
- winbox - fixed changing slot name under "System/Disk" menu;
- winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
- winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
- winbox - fixed minor typo in "WifiWave2/Radios" menu;
- winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
- winbox - improved Ethernet advertise, speed and duplex settings;
- winbox - only show permitted countries for wifiwave2 interfaces;
- winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
- www - allow unsecure HTTP access to REST API;
- x86 - fixed changing software-id (introduced in v7.7);
- zerotier - upgraded to version 1.10.3;

About Router Firmware:

Before you consider downloading this firmware, go to the system information page of the router and make sure that the currently installed version isn't either newer or matching this release.

Due to the large variety of router models and different methods for upgrading the device, it is highly recommended that you read and, above all, understand the installation steps before you apply the new firmware, even if you are a power user.

In theory, these steps shouldn't be much of a hassle for anyone, because manufacturers try to make them as easy as possible, even if they don't always succeed. Basically, you must upload the new firmware to the router through its administration page and allow it to upgrade.

If you install a new version, you can expect increased security levels, different vulnerability issues to be resolved, improved overall performance and transfer speeds, enhanced compatibility with other devices, added support for newly developed technologies, as well as several other changes.

If you're looking for certain safety measures, remember that it would be best if you perform the upload using an Ethernet cable rather than a wireless connection, which can be interrupted easily. Also, make sure you don't power off the router or use its buttons during the installation, if you wish avoid any malfunctions.

If this firmware meets your current needs, get the desired version and apply it to your router unit; if not, check with our website as often as possible so that you don't miss the update that will improve your device.