MikroTik hEX PoE
Routers · MikroTik
0 subscribers
Latest Firmware
Version 7.22 (stable)
Released
Get Firmware Update Notifications
Get notified when new firmware is released for this device.
Firmware History
7.22 (stable)
!) certificate - added support for multiple ACME certificates (services that use a previously generated certificate need to be reconfigured after the certificate expires); !) device-mode - added option to configure device-mode via Netinstall or FlashFig using a “mode script”; *) app - added configurable app-store URL for custom apps; *) app - added health check for apps, which automatically rewrites the composed YAML; *) app - added jupyter-notebook, livebook, myip, and rustfs apps; *) app - added support for custom apps; *) app - allow configuring bridge port pvid for app; *) app - changed ui-url parameter for Smokeping and Nextcloud; *) app - clean the backup directory after container repull; *) app - do not show duplicate entries of required-mounts; *) app - enable swap on all devices that use apps to help with performance; *) app - fixed /app/export; *) app - fixed apps constantly polling the cloud; *) app - fixed elasticsearch, element, pmacct-netflow apps failing to start; *) app - fixed issue with Cinny not being able to create a root-dir; *) app - fixed missing reverse-proxy URL; *) app - fixed potential port collisions between apps; *) app - show app URL only when it is running; *) app - show DNS URL for app only if it has a reverse-proxy; *) bgp - added BGP unnumbered support; *) bgp - changed multipath to number argument; *) bgp - fixed BGP output sometimes not being cleaned after session restart; *) bgp - fixed early-cut not working properly; *) bgp - fixed ignore-as-path-len not being used; *) bgp - fixed update messages not being sent on default-prepend value change; *) bgp - implemented add-path; *) bgp - implemented multipath (ability for BGP best path to select ECMP routes); *) bgp - make remote.address parameter optional; *) bgp-vpn - allow modifying scopes with routing filters; *) bgp-vpn - use target scope for imported route; *) bridge - added local and static MAC synchronization for MLAG; *) bridge - added MLAG support per bridge interface (/interface/bridge/mlag menu is moved to /interface/bridge; configuration is automatically updated after upgrade; downgrading to an older version will result in MLAG configuration loss); *) bridge - added MLAG-specific aged and aged-peer flags to host table; *) bridge - added RA guard feature; *) bridge - fixed MAC moving between regular ports and bonds for MLAG; *) bridge - fixed MLAG state being permanently disabled when changing bridge interface settings; *) bridge - fixed performance regression in complex setups with vlan-filtering (introduced in v7.20); *) bridge - improved logic for interface remove; *) bridge - improved MAC synchronization for MLAG; *) bridge - improved VRRP MAC address handling; *) bridge - removed vlan-filtering check when changing the MVRP setting (allows disabling MVRP through WinBox); *) bth - use separate Let's Encrypt certificate for file-share; *) certificate - improved certificate export process; *) certificate - improved logging; *) chr - improved fast-path stability when using vmxnet3 driver; *) console - added :continue and :break commands for various loops; *) console - added :exit command to terminate scripts; *) console - added "comments" parameter to print command to control comment and error output; *) console - added comparison operators for ID values; *) console - added Ctrl+Left/Right word navigation; *) console - added Ctrl+w word deletion; *) console - added hint for dry-run import parameter; *) console - added left shift (<<) and right shift (>>) support for IPv6 addresses; *) console - added on-event script runner support to print follow/follow-only; *) console - added timestamp support to print follow/follow-only; *) console - allow undefined variables in dry-run import; *) console - changed autocomplete expansion criteria; *) console - disable follow command in /ip/firewall/connection menu; *) console - fixed brief print for entries with multiple comments; *) console - fixed setting of /interface/wireless/scan-list; *) console - fixed time drift for interface last-link-down-time and last-link-up-time; *) console - fixed value type names in comparison errors; *) console - implemented string casting in :tobool command; *) console - improved command decoding to drop extraneous commands (visible in history logging); *) console - improved error tracing when using find command; *) console - improved export command to avoid empty [find]; *) console - improved history logging when performing object rename with set/reset; *) console - improved set/remove command handling in /file menu; *) console - look up variable in global scope if argument scope lookup failed; *) console - parse width parameter for non-interactive SSH commands; *) console - show smaller QR codes where possible; *) console - use the same flag output format for both print brief and detail; *) container - added support for zstd extraction; *) container - automatically stop/repull/start the container on repull or remote-image change; *) container - fixed issue where the container may not start after upgrading if root-dir was not set; *) container - improved error message if container fails to start; *) container - internal stability improvements; *) container - use the user-defined envs and envlist for container shell command; *) defconf - fixed L009 configuration (introduced in v7.21); *) detnet - added request-interval setting; *) detnet - changed default port from MNDP to a random unused UDP port; *) dhcp-server - improved failure/error logging for both IPv4 and IPv6; *) dhcpv4-client - fixed inability to reference disabled DHCP client by interface name; *) dhcpv4-client - request DOMAINNAME (15) option from the server; *) dhcpv4-server - improved DHCP option handling; *) dhcpv4-server - improved logging; *) dhcpv4-server - send all found lease options in reply to DHCPINFORM; *) dhcpv6-client - allow unsetting "pool-prefix-length" parameter; *) dhcpv6-client - improved log messages; *) dhcpv6-relay - fixed link-layer address inconsistency with the original link-layer address in relay-forward packets; *) dhcpv6-server - swap input and output RADIUS accounting statistics counters; *) disk - added support for file-based swap space; *) disk - added trim command which functions similarly to fstrim; *) disk - fixed issue where iSCSI did not work with ESXi and XEN hypervisors; *) disk - fixed issue with disks not mounting after swapping devices; *) disk - fixed opening a drive in read-only mode if it became locked; *) disk - improved BTRFS stability on TILE devices; *) disk - renamed format file-system=trim and trim-secure to format file-system=discard and discard-secure; *) disk - show if drive is encrypted and locked; *) email - use default port if not specified; *) ethernet - increased Rx buffer size for devices with Alpine CPUs (reduces packet rx-drop in certain cases); *) fetch - added HTTP/2 support on ARM64 and x86/CHR devices; *) fetch - fixed fetch treating relative paths from redirects as hostnames; *) fetch - increased default maximum redirect count to 2; *) fetch - return error code and HTTP headers to :onerror script; *) fetch - treat HTTP 304 return code as success; *) gps - fixed GPS port disappearance after reboot for EC25-EU&KNe; *) health - added CPU temperature monitoring to L009 with ARM64; *) hotspot - allow WireGuard interface type; *) hotspot - check validity of base32 for otp-secret; *) hotspot - do not invalidate static ARP entries; *) hotspot - fixed www response after login by cookie; *) hotspot - set sensitive flag on /ip/hotspot/user otp-secret; *) ike1 - added ChaCha20-Poly1305 ESP encryption support; *) ike1,ike2 - improved netlink update handling; *) iot - added Bluetooth extended scanning and 1M/2M PHY support for the RB924i KNOT devices; *) iot - added Bluetooth extended scanning, advertising, and 1M/2M/CODED PHY support for EC25 KNOT devices; *) iot - added modbus delay using interframe-gap setting; *) iot - improved LoRa FSK modulation downlinking; *) ip - added error messages to reverse-proxy rules; *) ip - added reverse-proxy; *) ip-service - properly disable IP/Service on manual disable; *) ippool6 - allow creating sub-pool by specifying "from-pool"; *) ipsec - added "none" option to IPsec key QKD certificate field; *) ipsec - added IKEv2 DDoS cookie activation setting; *) ipsec - added logging for IPsec policy template group; *) ipsec - added logging of IKEv2 connection SPI and initiator address; *) ipsec - adjusted minimum generated PSK key length; *) ipsec - fixed IKEv2 child policy reqid lost on rekey; *) ipsec - fixed IKEv2 child reqid handling on traffic selector update; *) ipsec - improved aes256-ctr stability on L009; *) ipsec - removed modp8192 proposal on MIPS architectures; *) ipv6 - added dhcp6-pd-preferred to /ipv6/nd/prefix to control P flag in Prefix Info Option RFC 9762; *) ipv6 - delete SLAAC default route if there are no active SLAAC prefixes present and no new RAs received; *) ipv6 - do not generate duplicate dynamic link-local addresses on tunnel type interfaces; *) ipv6 - enable IPv6 fast-path after removing firewall rules; *) ipv6 - improved system stability when manipulating IPv6 configuration that was added while IPv6 was disabled; *) isis - improved stability and fixed a small memory leak; *) l2tp - improved system stability on TILE architecture; *) l3hw - fixed missing VLAN counters on reboot (introduced in v7.21); *) l3hw - improved system stability on device shutdown/reboot; *) l3hw - improved system stability when enabling VLAN offloading under active traffic (introduced in v7.21); *) log - added comment support to rule entries; *) log - added option to clear echo logs; *) log - added option to prepend topics to BSD syslog message; *) log - added script target for log actions; *) log - fixed incorrect log message shown after canceling supout.rif creation; *) log - fixed minor spelling issues; *) log - fixed missing ID in trace logs after removing logging rule; *) log - log "Secret must be set to run scripts from SMS" error only if ":cmd" prefix is used in SMS message; *) log - use uppercase MAC address in firewall logging; *) lte - added "auto" MTU option for LTE interfaces to use network-advertised MTU on supported devices; *) lte - added AT command timeout for EC25-EU&KNe; *) lte - added multi-apn and framed routing support for EC200A-EU modem (requires latest FW version); *) lte - added roaming barring field to LTE "show-capabilities" menu; *) lte - added subscriber number to monitor command for MBIM modems; *) lte - added USB tethering support using iOS devices; *) lte - clear about field status on firmware upgrade; *) lte - do not allow modem firmware-upgrade on "inactive" interface; *) lte - do not allow setting unsupported roaming barring settings for R11e-4G; *) lte - do not flap LTE passthrough assigned interface on modem link state change; *) lte - do not reconfigure LTE interface on configuration change error; *) lte - enable DHCP relay packet forwarding to the cellular network for EG120K-EA and RG650E-AU; *) lte - fixed "allow-roaming" setting to return error for modems that do not support roaming barring; *) lte - fixed cases where AT dialer could get stuck in "modem not ready" state; *) lte - fixed cases where incorrect network modes and bands could be suggested for active interface; *) lte - fixed chained firmware update for Chateau 5G; *) lte - fixed changing eSIM profile nickname; *) lte - fixed changing MAC address for EC200A-EU modem; *) lte - fixed crash on LTE passthrough interface deactivation; *) lte - fixed displaying operator name for Chateau ax R17; *) lte - fixed eSIM errors appearing on devices without eSIM support; *) lte - fixed firmware update and status refresh for R11eL-EC200A-EU modem; *) lte - fixed LTE interface IPv6 address generation to use EUI-64 for EC25-EU&KNe; *) lte - fixed missing notifications to eSIM provider when eSIM provisioning canceled; *) lte - fixed tethering support for Google Pixel Pro 8; *) lte - fixed wrong MTU reading/setting for config-less modems; *) lte - hide external antenna selection menu for the Chateau AX R17; *) lte - improved APN IP type handling by enabling only the IP protocols defined in the assigned APN profile for config-less modems; *) lte - make inactive LTE interface settable, LTE interface settings can be set without waiting for modem initial initialization; *) lte - removed delay before querying modem status for config-less modems with info channel; *) lte - show ICCID and IMSI also when the interface is disabled; *) lte - strip modem reported padding characters for SIM card (ICCID) on Chateau ax R17; *) mac-telnet - added interface property; *) macsec - fixed hardware offload on S53 and C53 devices; *) mesh - fixed missing S flag on interfaces after mesh disable/enable; *) ospf - fixed typos in log messages; *) ping - added IPv6 support for flood-ping; *) poe-out - added LLDP support for dual-signature PDs; *) poe-out - firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces); *) poe-out - firmware update for 802.3bt capable boards (the update will cause a brief power interruption to poe-out interfaces); *) poe-out - firmware update for CRS354-48P-4S+2Q+ (the update will cause a brief power interruption to poe-out interfaces); *) poe-out - fixed controller-error for CRS354-48P-4S+2Q+; *) port - fixed baud rate change for TILE architecture devices; *) ppp - added initial support for BG770A-GL modem firmware update; *) ppp - fixed Framed-Route attribute not being applied to correct VRF; *) profiler - split "management" process into different smaller process groups; *) radius - fixed initialization of incoming UDP socket in some situations; *) radius - fixed RadSec SSL CPU usage increase on closed connections; *) radius - improved incoming RadSec packet processing on busy service; *) radius - improved logging; *) rip,pimsm - separate the interface property from the address in /routing/rip/interface and /routing/pimsm/interface menus; *) rose-storage - added XFS support; *) route - added logs for check-gateway state changes; *) route - added routing/settings policy-rules; *) route - added SLAAC route redistribution for IPv6 capable routing protocols; *) route - do not set blackhole flag for synthetic routes; *) route - fixed route removal after unexpected safe mode termination; *) route - fixed routes when scope was less than 10; *) routerboard - allow changing /system/routerboard/settings via Netinstall or FlashFig using a "mode script"; *) routerboot - allow installing ARM64 on L009 device ("/system routerboard upgrade" required; configure "/system/routerboard/settings set preferred-architecture=arm64 boot-device=try-ethernet-once-then-nand"; start Netinstall with ARM64 image and reboot the device (DO NOT load the backup routerboot with reset button); downgrading to older versions must be avoided); *) routerboot - fixed linking to 1000M-half for KNOT Embedded LTE4 ("/system routerboard upgrade" required); *) routerboot - fixed possible Netinstall failure for KNOT Embedded LTE4 ("/system routerboard upgrade" required); *) routing-filter - added possibility to match SLAAC and bgp-mpls-vpn route types; *) sfp - improved initialization and linking for some QSFP modules; *) smips - reduced package size and removed ip-scan, mac-scan, ping-speed, flood-ping features; *) snmp - added 5G NSA connection signal indications: nr-rsrp, nr-rsrq, nr-sinr; *) snmp - fixed CA band indication; *) snmp - fixed issue where bulk walk might skip the first OID; *) snmp - fixed minor memory leak when changing SNMP authentication/encryption passwords; *) snmp - fixed reply for empty snmpbulkwalk requests; *) snmp - report maximum "ifSpeed" value if out of bounds; *) snmp - report RouterOS version in SNMPv2-MIB::sysDescr; *) ssh - improved logging; *) supout - wait up to 5 minutes for export to complete and show incomplete output in case of timeout; *) switch - fixed missing switch-cpu port counters; *) switch - improved system stability when changing bridge multicast-router property on CRS1xx/2xx (introduced in v7.19); *) switch - updated switch-marvell.npk driver; *) system - added reset-configuration keep-apps=yes; *) system - display serial ports in the /system/resource/hardware menu; *) system - improved upgrade service stability when the server is unreachable; *) undo - show user when configuring DHCP server or hotspot with setup command; *) upgrade - added "password" parameter to "local-upgrade" feature when configuring through CLI; *) upgrade - added IPv6 support for local package source and mirror; *) upgrade - fixed local package mirror check interval; *) upgrade - removed redundant commands from local package menu; *) usb - updated device ids for ax88179_178a driver; *) user - properly apply login delay (introduced in v7.20); *) user-manager - added support for NAS-Identifier attribute; *) user-manager - always respond to accounting requests; *) user-manager - do not send Disconnect-Message for unknown usernames for Accounting-Request; *) user-manager - do not send invalid NAS-Port-Type on CoA/PoD messages; *) user-manager - fixed unauthenticated access to /PRIVATE/ userman web files; *) user-manager - show empty value for session NAS-IP-Address if empty; *) webfig - added missing icons for Firewall table; *) webfig - added new section "Common names" in skin designer; *) webfig - added support for collapsible tree view for menus like Interfaces, Files, Queues; *) webfig - added support for URL fields; *) webfig - fixed ability to set interworking.realms-raw WiFi interface attribute; *) webfig - fixed skin designer mobile view for QuickSet and Terminal; *) webfig - fixed Torch Filters default values; *) webfig - improved address type field input value validation; *) wifi - added keepalive message in CAPsMAN data channel; *) wifi - added optional show-frame=radiotap parameter value to make sniffer display the radiotap header of captured frames; *) wifi - allow specifying hostname to caps-man-addresses; *) wifi - fixed channel switching for MediaTek access points; *) wifi - fixed FT support with wpa2-psk-sha2; *) wifi - fixed functionality of the wireless-signal-strength LED trigger; *) wifi - fixed possible certificate failure after CAPsMAN disable/enable; *) wifi - improved spectral-history width for console; *) wifi - improved stability and fixed multiple issues; *) wifi - improved stability of interfaces in station mode during roaming; *) wifi - improved support for 802.11be access points; *) wifi - improved system stability when using spectral-scan; *) wifi - introduced /interface/wifi/network menu for higher level network configuration (CLI only); *) wifi - quicker re-connections to APs for interfaces in station mode; *) wifi - updated regulatory information for Malaysia; *) wifi-mediatek - fixed rx chains functionality; *) wifi-mediatek - updated driver and firmware; *) winbox - added "Force Check" for local upgrade; *) winbox - added comment in "System/Ports/Remote Access" menu; *) winbox - added confirmation message to Format Drive; *) winbox - added Container Repull command; *) winbox - added error reporting to CAPsMAN Manager menu; *) winbox - added GUI support for IPsec QDK; *) winbox - added missing LoRa channel fields; *) winbox - added missing route flags; *) winbox - added route ISIS tab; *) winbox - added socsify icon for firewall NAT rules; *) winbox - added SwOS Allow From field; *) winbox - added warning when changing global script variables; *) winbox - allow using specified skin without the sensitive policy; *) winbox - fixed applying a skin to a user authenticated with RADIUS; *) winbox - fixed applying a skin to WinBox if it was uploaded via the branding package; *) winbox - fixed default flag in certain menus; *) winbox - fixed empty "Realm Raw" value processing and value inheritance from configuration template (requires WinBox 4); *) winbox - fixed L3HW default value for VLAN interface (introduced in v7.21); *) winbox - fixed modem firmware-upgrade for the RG650E-EU modem; *) winbox - fixed the "New QoS Profile" field for switch rules; *) winbox - make File Share URL field clickable; *) winbox - move "Default" panel from "IPv6/ND/Proxy" to "IPv6/ND/Prefixes"; *) winbox - rearrange filter wizard parameters in tabs; *) winbox - recognize imported certificate key size; *) winbox - rename "Change Now" to "Change" button in "System/Password" menu; *) winbox - replace "DHCP" with "DHCPv6" in IPv6 menus; *) winbox - set "Mount Filesystem" by default under "System/Disk" menu; *) winbox - show MPLS tab only to relevant routes; *) winbox - show separator after "Protocol" field for IPv6 Firewall rules; *) winbox - show warnings in "MPLS/Traffic Eng/Tunnel" menu; *) winbox - updated some setting and title names; *) winbox - updated various WiFi properties; *) wireguard - fixed private key generation when creating a WireGuard interface; *) wireguard - improved stability; *) wireguard - merged upstream fixes and improvements; *) wireless - avoid joining BSS that previously failed until all other options tried; *) wireless - improved system stability when changing nstreme mode; *) wireless - improved system stability when eap-method=passthrough configured for station; *) x86 - added JME network driver; *) x86 - fixed interface hang on RTL8125 when processing IP-fragmented UDP traffic; *) x86 - improved link establishing on Intel X710 series NIC;