RouterOSの、基本的にバグ修正が主な内容になるbugfixブランチがアップデートしました。今回から6.39系列に移行しました。
主な更新内容は以下の通り。
What's new in 6.39.3 (2017-Oct-12 11:24): *) arp - properly update dynamic ARP entries after interface related changes; *) bonding - fixed 802.3ad mode on RB1100AHx4; *) bonding - improved reliability on bonding interface removal; *) console - fixed different command auto complete; *) crs1xx/2xx - fixed 1 Gbps forced mode for several SFP modules; *) crs317 - added L2MTU support; *) crs3xx - improved packet processing in slowpath; *) dhcp - fixed downgrade from RouterOS v6.41 or higher; *) dhcpv4-server - fixed lease renew for DHCP clients that sends renewal with "ciaddr = 0.0.0.0"; *) dhcpv6-client - do not run DHCPv6 client when IPv6 package is disabled; *) dhcpv6-client - fixed IA evaluation order; *) dhcpv6-client - require pool name to be unique; *) dhcpv6-server - do not release address of static binding from pool after server removal; *) discovery - fixed timeouts for LLDP neighbours; *) ethernet - fixed occasional broken interface order after reset/first boot; *) ethernet - fixed rare linking problem with forced 10Mbps full-duplex mode; *) export - fixed export for PoE-OUT related settings; *) export - fixed wireless "ssid" and "supplicant-identity" compact export; *) fasttrack - fixed fasttrack over interfaces with dynamic MAC address; *) firewall - fixed bridge "action=log" rules; *) firewall - fixed crash on fasttrack dummy rule manual change attempt; *) firewall - properly remove "address-list" entry after timeout ends; *) firewall - removed unique address list name limit; *) hAP ac lite - removed nonexistent "wlan-led"; *) hotspot - improved user statistics collection process; *) hotspot - require "dns-name" to contain "." symbol under Hotspot Server Profile configuration; *) ike1 - fixed initiator ID comparison to NAT-OA; *) interface - improved interface state change handling when multiple interfaces are affected at the same time; *) ipsec - do not deduct "dst-address" from "sa-dst-address" for "/0" policies; *) ipv6 - fixed IPv6 address request from pool; *) metarouter - fixed display of bogus error message on startup; *) ntp-client - properly start NTP client after reboot if manual server IP is not configured; *) ovpn - added support for "push-continuation"; *) ovpn - added support for topology subnet for IP mode; *) ovpn - fixed duplicate default gateway presence when receiving extra routes; *) ovpn - improved performance when receiving too many options; *) ping - fixed ping getting stuck (after several thousands of ping attempts); *) ppp - fixed non-standart PAP or CHAP packet handling; *) pppoe-client - fixed incorrectly formed PADT packet; *) pppoe-client - fixed wrong MRU detection over VLAN interfaces; *) proxy - fixed rare program crash after closing client connection; *) quickset - fixed incorrect VPN address value on arm and tilera; *) rb1100ahx4 - fixed HW acceleration fragmented packet decryption when fragment is smaller than 64 bytes; *) rb1100ahx4 - fixed startup problems (requires additional reboot after upgrade); *) rb2011 - fixed possible LCD blinking along with ethernet LED; *) rb3011 - fixed packet passthrough on switch2 while booting; *) rb922 - restored missing wireless interface on some boards; *) safe-mode - fixed session handling when Safe Mode is used on multiple sessions at the same time; *) sfp - fixed invalid temperature readings when ambient temperature is below 0C; *) sfp - fixed OPTON module DDM information readings; *) sfp - fixed temperature readings for various SFP modules; *) sniffer - do not skip L2 packets when "all" interface mode was used; *) snmp - fixed "/caps-man registration-table" uptime values; *) snmp - fixed "/system license" parameters for CHR; *) snmp - fixed "/system resource cpu print oid"; *) snmp - fixed crash on interface table get; *) ssh - do not execute command if it starts with "-" symbol; *) supout - fixed IPv6 firewall section; *) switch - fixed multicast forwarding on CRS326; *) tile - fixed copying large amount of text over serial console; *) tile - improved reliability on MPLS package processing; *) traffic-flow - fixed reboots when IPv6 address has been set as target address without active IPv6 package; *) trafficgen - fixed "lost-ratio" showing incorrect statistics after multiple sequences; *) userman - do not send disconnect request for user when "simultaneous session limit reached"; *) userman - fixed "limitation" and "profile-limitation" update; *) userman - fixed CoA packet processing after changes in "/tool user-manager router" configuration; *) userman - lookup language files also in "/flash" directory; *) vlan - do not allow VLAN MTU to be higher than L2MTU; *) vlan - do not delete existing VLAN interface on "failure: already have such vlan"; *) webfig - allow to unset "rate-limit" for DHCP leases; *) webfig - fixed wireless "scan-list" parameter not being saved after applying changes; *) webfig - improved reliability of login process; *) winbox - added possibility to define "comment" for "/routing bgp network" entries; *) winbox - added support for certificate CRL list; *) winbox - do not show LCD menu for devices which does not have it; *) winbox - fixed ARP table update after entry changes state to incomplete; *) winbox - hide "level" and "tunnel" parameters for IPSec policy templates; *) winbox - hide FAN speed if it is 0RPM; *) winbox - make IPSec policies table an ordered list; *) winbox - properly show "dhcp-server" warnings; *) winbox - show "/interface wireless cap print" warnings; *) winbox - show "/system health" only on boards that have health monitoring; *) winbox - show "D" flag under "/interface mesh port" menu; *) wireless - added "etsi1" and "russia3" regulatory domain information; *) wireless - fixed compatibility with "AR5212" wireless chips; *) wireless - improved WPA2 key exchange reliability; *) wireless - updated "china", "norway" and "new-zealand" regulatory domain information;
(1) v6.39.3 [bugfix] is released! – MikroTik RouterOS /
https://forum.mikrotik.com/viewtopic.php?f=21&t=126694
主にDHCPv4/v6周りの修正やfirewallへの幾つかの機能追加修正、OpenVPNやRB1100AHx4への修正などがあります。
snmpなどについては、幾つかの値が取れるようになっていたりするので、監視していたりする人はチェックしてみてください。
また運用にあたってはWebfigやWinboxなどの修正も入っています。基本的には見え方の修正だったりするので、アレっと思ったところがあったらアップデートしてみるのが良いかもしれません。
また、別記事にしようかと思っていますが、以下の件が修正されています。
RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities – MikroTik RouterOS /
https://forum.mikrotik.com/viewtopic.php?f=21&t=126695
*) wireless - improved WPA2 key exchange reliability;
今のところは大きな問題などについては、フォーラムなどでは発見できていませんが、適用しても大丈夫だと思います。少なくとも筆者の環境のmipsbeなRBに適用した限りでは問題は発生していません。