RouterOS 6.39.3 [bugfix] が公開になってた

Blog

RouterOSの、基本的にバグ修正が主な内容になるbugfixブランチがアップデートしました。今回から6.39系列に移行しました。

主な更新内容は以下の通り。

What's new in 6.39.3 (2017-Oct-12 11:24):

*) arp - properly update dynamic ARP entries after interface related changes;
*) bonding - fixed 802.3ad mode on RB1100AHx4;
*) bonding - improved reliability on bonding interface removal;
*) console - fixed different command auto complete;
*) crs1xx/2xx - fixed 1 Gbps forced mode for several SFP modules;
*) crs317 - added L2MTU support;
*) crs3xx - improved packet processing in slowpath;
*) dhcp - fixed downgrade from RouterOS v6.41 or higher;
*) dhcpv4-server - fixed lease renew for DHCP clients that sends renewal with "ciaddr = 0.0.0.0";
*) dhcpv6-client - do not run DHCPv6 client when IPv6 package is disabled;
*) dhcpv6-client - fixed IA evaluation order;
*) dhcpv6-client - require pool name to be unique;
*) dhcpv6-server - do not release address of static binding from pool after server removal;
*) discovery - fixed timeouts for LLDP neighbours;
*) ethernet - fixed occasional broken interface order after reset/first boot;
*) ethernet - fixed rare linking problem with forced 10Mbps full-duplex mode;
*) export - fixed export for PoE-OUT related settings;
*) export - fixed wireless "ssid" and "supplicant-identity" compact export;
*) fasttrack - fixed fasttrack over interfaces with dynamic MAC address;
*) firewall - fixed bridge "action=log" rules;
*) firewall - fixed crash on fasttrack dummy rule manual change attempt;
*) firewall - properly remove "address-list" entry after timeout ends;
*) firewall - removed unique address list name limit;
*) hAP ac lite - removed nonexistent "wlan-led";
*) hotspot - improved user statistics collection process;
*) hotspot - require "dns-name" to contain "." symbol under Hotspot Server Profile configuration;
*) ike1 - fixed initiator ID comparison to NAT-OA;
*) interface - improved interface state change handling when multiple interfaces are affected at the same time;
*) ipsec - do not deduct "dst-address" from "sa-dst-address" for "/0" policies;
*) ipv6 - fixed IPv6 address request from pool;
*) metarouter - fixed display of bogus error message on startup;
*) ntp-client - properly start NTP client after reboot if manual server IP is not configured;
*) ovpn - added support for "push-continuation";
*) ovpn - added support for topology subnet for IP mode;
*) ovpn - fixed duplicate default gateway presence when receiving extra routes;
*) ovpn - improved performance when receiving too many options;
*) ping - fixed ping getting stuck (after several thousands of ping attempts);
*) ppp - fixed non-standart PAP or CHAP packet handling;
*) pppoe-client - fixed incorrectly formed PADT packet;
*) pppoe-client - fixed wrong MRU detection over VLAN interfaces;
*) proxy - fixed rare program crash after closing client connection;
*) quickset - fixed incorrect VPN address value on arm and tilera;
*) rb1100ahx4 - fixed HW acceleration fragmented packet decryption when fragment is smaller than 64 bytes;
*) rb1100ahx4 - fixed startup problems (requires additional reboot after upgrade);
*) rb2011 - fixed possible LCD blinking along with ethernet LED;
*) rb3011 - fixed packet passthrough on switch2 while booting;
*) rb922 - restored missing wireless interface on some boards;
*) safe-mode - fixed session handling when Safe Mode is used on multiple sessions at the same time;
*) sfp - fixed invalid temperature readings when ambient temperature is below 0C;
*) sfp - fixed OPTON module DDM information readings;
*) sfp - fixed temperature readings for various SFP modules;
*) sniffer - do not skip L2 packets when "all" interface mode was used;
*) snmp - fixed "/caps-man registration-table" uptime values;
*) snmp - fixed "/system license" parameters for CHR;
*) snmp - fixed "/system resource cpu print oid";
*) snmp - fixed crash on interface table get;
*) ssh - do not execute command if it starts with "-" symbol;
*) supout - fixed IPv6 firewall section;
*) switch - fixed multicast forwarding on CRS326;
*) tile - fixed copying large amount of text over serial console;
*) tile - improved reliability on MPLS package processing;
*) traffic-flow - fixed reboots when IPv6 address has been set as target address without active IPv6 package;
*) trafficgen - fixed "lost-ratio" showing incorrect statistics after multiple sequences;
*) userman - do not send disconnect request for user when "simultaneous session limit reached";
*) userman - fixed "limitation" and "profile-limitation" update;
*) userman - fixed CoA packet processing after changes in "/tool user-manager router" configuration;
*) userman - lookup language files also in "/flash" directory;
*) vlan - do not allow VLAN MTU to be higher than L2MTU;
*) vlan - do not delete existing VLAN interface on "failure: already have such vlan";
*) webfig - allow to unset "rate-limit" for DHCP leases;
*) webfig - fixed wireless "scan-list" parameter not being saved after applying changes;
*) webfig - improved reliability of login process;
*) winbox - added possibility to define "comment" for "/routing bgp network" entries;
*) winbox - added support for certificate CRL list;
*) winbox - do not show LCD menu for devices which does not have it;
*) winbox - fixed ARP table update after entry changes state to incomplete;
*) winbox - hide "level" and "tunnel" parameters for IPSec policy templates;
*) winbox - hide FAN speed if it is 0RPM;
*) winbox - make IPSec policies table an ordered list;
*) winbox - properly show "dhcp-server" warnings;
*) winbox - show "/interface wireless cap print" warnings;
*) winbox - show "/system health" only on boards that have health monitoring;
*) winbox - show "D" flag under "/interface mesh port" menu;
*) wireless - added "etsi1" and "russia3" regulatory domain information;
*) wireless - fixed compatibility with "AR5212" wireless chips;
*) wireless - improved WPA2 key exchange reliability;
*) wireless - updated "china", "norway" and "new-zealand" regulatory domain information;

(1) v6.39.3 [bugfix] is released! – MikroTik RouterOS /
https://forum.mikrotik.com/viewtopic.php?f=21&t=126694

主にDHCPv4/v6周りの修正やfirewallへの幾つかの機能追加修正、OpenVPNやRB1100AHx4への修正などがあります。

snmpなどについては、幾つかの値が取れるようになっていたりするので、監視していたりする人はチェックしてみてください。

また運用にあたってはWebfigやWinboxなどの修正も入っています。基本的には見え方の修正だったりするので、アレっと思ったところがあったらアップデートしてみるのが良いかもしれません。

また、別記事にしようかと思っていますが、以下の件が修正されています。

RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities – MikroTik RouterOS /
https://forum.mikrotik.com/viewtopic.php?f=21&t=126695

*) wireless - improved WPA2 key exchange reliability;

今のところは大きな問題などについては、フォーラムなどでは発見できていませんが、適用しても大丈夫だと思います。少なくとも筆者の環境のmipsbeなRBに適用した限りでは問題は発生していません。