RouterOS 6.47.10 [Long-term] がリリース

この記事は約10分で読めます。

はじめに

基本的なアップデートはバグフィックスが中心になるlong-termチャンネルですが、約4ヶ月ぶりのアップデートになりました。

更新内容

MAJOR CHANGES IN v6.47.10:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------

*) bonding - improved system stability when disabling/enabling bonding ports;
*) branding - added option to upload custom files (newly generated branding package required);
*) capsman - use proper units for "ap-tx-limit" and "client-tx-limit" parameters;
*) console - do not clear environment values if any global variable is set;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dhcp - fixed link state checking for DHCP client;
*) dude - fixed configuration menu presence on ARM64 devices;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;

Download the new 'RouterOS 6.47.10' version here: https://mikrotik.com/download

コメント

stableでも対象になっていますが、FragAttacksの対応が大きな内容になるかと思います。あとはCRS3xxについての動作安定性についても同様かと思います。

公式フォーラムを覗くと、不具合報告としては16MBFlashしか搭載していないRouterboard製品にて、空き容量がなくアップデートできない、という現象が再発しています。ただこれについては手動でパッケージのアップデートを実施することで回避出来る可能性があります。

MikroTik Remote Firmware Update on a Small Disk Device - Occursus Arca
Remote firmware update of MikroTik device with small disk, when automatic update cannot download update file. Manual update uses selected package file...

I have noticed that if package file was not there during the update, it has been uninstalled. So make sure that you upload:

* Necessary packages that you need for update ( I believe that it is system, security and routing at least )
* Necessary packages that you need for the router to connect back online and become remotely available again ( might be wireless, ppp, and so on ). Otherwise, your remote update might change to the local one.

After the update, packages will have a new version displayed. Also structure of the packages will change from tree to flat. Packages will be no longer under routeros-smips:

https://blog.pessoft.com/2019/03/02/mikrotik-firmware-remote-upgrade-small-disk-device/

公式サイト

タイトルとURLをコピーしました