はじめに
基本的なアップデートはバグフィックスが中心になるlong-termチャンネルですが、約4ヶ月ぶりのアップデートになりました。
更新内容
MAJOR CHANGES IN v6.47.10: ---------------------- !) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147); ---------------------- *) bonding - improved system stability when disabling/enabling bonding ports; *) branding - added option to upload custom files (newly generated branding package required); *) capsman - use proper units for "ap-tx-limit" and "client-tx-limit" parameters; *) console - do not clear environment values if any global variable is set; *) console - require "write+ftp" permissions for exporting configuration to file; *) console - updated copyright notice; *) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release; *) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices; *) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices; *) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices; *) defconf - fixed default configuration loading on LHG R; *) defconf - fixed default configuration loading on RBOmniTikPG-5HacD; *) dhcp - fixed link state checking for DHCP client; *) dude - fixed configuration menu presence on ARM64 devices; *) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices; *) ipsec - fixed SA address parameter exporting; *) lte - fixed "earfcn" to band translation for "cell-monitor"; *) ovpn - fixed route cache entry leak when establishing a new session; *) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out; *) ppp - do not fail "at-chat" command when issued on disabled PPP interface; *) ptp - improved management service stability when receiving bogus packets; *) quickset - prefer 5GHz interface for WiFi scan in CPE mode; *) rb4011 - fixed SFP+ port MTU setting after link state change; *) rb4011 - improved SFP+ port stability after boot-up; *) route - improved stability when connected route is modified; *) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636; *) supout - fixed "topic" column presence in "Log" section; *) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device; *) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN); *) telnet - do not send options if connecting to non standard port; *) telnet - fixed server when run on non standard port; *) tile - fixed bridge performance degradation (introduced in v6.47); *) tr069-client - improved management service stability when receiving bogus packets; *) upgrade - improved "long-term" upgrade procedure on SMIPS devices; *) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu; *) webfig - do not corrupt settings when starting "Wireless Sniffer"; *) webfig - do not move top right menu in opposite direction when scrolling horizontally; *) webfig - show "network-mode" for LTE modems that support it; *) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it; *) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu; *) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu; *) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu; *) winbox - fixed health reporting on RB960, hEX and hEX S devices; *) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it; *) winbox - increased "target" field limit to 128 under "Queues" menu; *) winbox - show "LCD" only on boards that have LCD; *) winbox - show "System/Health" only on boards that have health monitoring; *) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu; *) wireless - fixed issue with multicast traffic delivery to client devices using power-save; *) wireless - improved iOS compatibility with HotSpot 2.0 networks; *) www - added "X-Frame-Options" header information to disallow website embedding in other pages; Download the new 'RouterOS 6.47.10' version here: https://mikrotik.com/download
コメント
stableでも対象になっていますが、FragAttacksの対応が大きな内容になるかと思います。あとはCRS3xxについての動作安定性についても同様かと思います。
公式フォーラムを覗くと、不具合報告としては16MBFlashしか搭載していないRouterboard製品にて、空き容量がなくアップデートできない、という現象が再発しています。ただこれについては手動でパッケージのアップデートを実施することで回避出来る可能性があります。