What's new in 7.17 (2025-Jan-16 10:19):

!) device-mode - after upgrade, mode "enterprise" is renamed to "advanced" and traffic-gen, partition (command "repartition"), routerboard and install-any-version features will be disabled;
!) webfig - redesigned HTML, styling and functionality;
*) 6to4 - fixed issue where 6to4 relay would not forward traffic unless destination address is set;
*) adlist - improved logging;
*) adlist - improved system stability;
*) adlist - optimized import on system with low disk space;
*) api - fixed REST API serialization of binary data;
*) arm64 - fixed for bare-metal servers to be able to access more than 2GB RAM;
*) arm64 - show CPU frequency on bare-metal installations;
*) arm64/x86 - added missing PCI id for mlx4 driver;
*) bonding - hide mlag-id property on non-compatible devices;
*) bridge - add HW offload support for active-backup bonds on 98DXxxxx, 88E6393X, 88E6191X and88E6190 switches;
*) bridge - added interface-list support for VLANs;
*) bridge - added message for inactive port reason;
*) bridge - added priority setting to manually elect primary MLAG peer;
*) bridge - correctly display PPP interfaces in VLAN menu;
*) bridge - disallow duplicate static VLAN entries;
*) bridge - disallow multicast MAC address as admin-mac;
*) bridge - enable faster HW offloading when detect-internet is disabled;
*) bridge - fixed first host table response for SNMP;
*) bridge - fixed incorrect HW offloaded port state in certain cases on MSTI add; 
*) bridge - fixed missing slave flag on port in certain cases;
*) bridge - fixed MVRP registrar and applicant port options;
*) bridge - fixed port monitor with interface-lists;
*) bridge - fixed port move command;
*) bridge - fixed setting bridge MTU to L2MTU value;
*) bridge - fixed VLAN overlap check;
*) bridge - ignore disabled interfaces when calculating bridge L2MTU;
*) bridge - improved port handling;
*) bridge - improved stability;
*) bridge - prioritize MAC selection from Ethernet interfaces when using auto-mac feature;
*) bridge - re-synchronize MLAG system-id when bridge MAC changes;
*) bridge - removed support for master port config conversion (used before version 6.41);
*) bridge - update dynamic MSTI priority value when changing configuration;
*) bth - improved stability on system time change;
*) certificate - do not download CRL if there is not enough free RAM;
*) certificate - do not show not relevant values for certificate template (CLI only);
*) certificate - fixed handling of capsman-cap certificates (introduced in v7.16);
*) certificate - removed unstructured address field support;
*) chr - added Chelsio VF driver for PCIID 5803;
*) chr/arm64 - fixed kernel crypto use without crypto extensions for RPi CM4;
*) cloud - changed ddns-enabled setting from "no" to "auto" (service is enabled when BTH is enabled);
*) cloud - improved DDNS and VPN state stability;
*) console - added :range command;
*) console - added group-by property for print command;
*) console - added json.no-string-conversion to :serialize;
*) console - added lf/crlf options to :convert transform;
*) console - added more argument definitions for mac-protocol property;
*) console - added password property to "/system/ssh-exec" command;
*) console - added to/from=num option for :convert command;
*) console - allow clearing history for a specific user;
*) console - allow setting width to supout.rif output;
*) console - clear history when removing user;
*) console - disallow autocomplete hints for user without read policy;
*) console - execute :return command without error;
*) console - fixed endless loop when closing input prompt;
*) console - fixed missing arguments in wifi menu in certain cases;
*) console - force print paging when output does not fit terminal width;
*) console - improved printing output in some menus;
*) console - improved scripting system stability;
*) console - increased w60g scan-list size to 6;
*) console - print warning in CLI after enabling protected bootloader;
*) console - removed "chain" names from print parameter list and show all print parameters in "/ipv6/firewall/filter" directory;
*) console - show system-id in export for CHR;
*) console - updated copyright notice;
*) container - allow import from .tar.gz file;
*) container - do not log start, end events unless logging is enabled;
*) container - fixed user and group ID range;
*) container - improved "start-on-boot" stability;
*) container - improved container shell;
*) crypto - improve crypto speeds;
*) crypto - use hardware accelerator for GCM cipher in TLS connection on Alpine CPUs;
*) defconf - changed wireless installation from "indoor" to "any";
*) defconf - disable 5GHz secondary channel on RB4011;
*) defconf - do not add default password for CAP mode configuration on older Audience devices without a password;
*) defconf - fixed new port name recognition;
*) detnet - remove dynamic DHCP client creation;
*) device-mode - added "allowed-versions" list which are allowed to be installed without "install-any-version" mode enabled;
*) device-mode - added "basic" mode;
*) device-mode - added routerboard, install-any-version and partitions features;
*) device-mode - allow feature and mode update on x86 via power button and reboot/shutdown from AWS;
*) device-mode - fixed feature and mode update on ARM64 Hetzner;
*) device-mode - fixed feature and mode update via power-reset on MIPSBE devices;
*) device-mode - limit "/tool/ping-speed" and "/tool/flood-ping" under "traffic-gen" feature;
*) device-mode - limit device-mode update maximum allowed attempt count which can be reset only with reboot or button press;
*) device-mode - provide more precise device-mode update action printout;
*) device-mode - show all features and active restrictions with "print" command; 
*) dhcp-relay - added "local-address-as-src-ip" property;
*) dhcp-server - use interface ID for NAS-Port and added interface name to NAS-Port-ID attribute in RADIUS requests;
*) dhcp-server - use single RADIUS accounting session for IPv4 and IPv6 when dual stack is used;
*) dhcpv4-client - correctly handle adding/setting emtpy dhcp-options;
*) dhcpv4-client - fixed crash when releasing disabled DHCP client;
*) dhcpv4-client - respect Renewal-Time (58) and Rebinding-Time (59) options;
*) dhcpv4-server - do not remove options set config when DHCP network is changed;
*) dhcpv4-server - properly detect DHCP server address when underlying interface has multiple IP addresses configured;
*) dhcpv4-server/relay - added additional error messages for DHCP servers and relays;
*) dhcpv4/v6-server - added address-list parameter to which address will be added if the lease is bound;
*) dhcpv6-client - added prefix-address-list parameter;
*) dhcpv6-client - improved system stability when DHCPv6 client is enabled on non-existing interface;
*) dhcpv6-client - log message when response with invalid transaction-id received;
*) dhcpv6-client/server - added support for DHCPv6 reconfigure messages;
*) dhcpv6-server - added IPv6 address delegation support;
*) dhcpv6-server - do not require "prefix-pool" to be specified;
*) dhcpv6-server - fixed DHCPv6 server "address-pool" property showing in command line as "unknown" when real value is "static-only";
*) dhcpv6-server - improved system stability when removing actively used DHCPv6 server;
*) dhcpv6-server - include all existing prefixes (with lifetime 0) in renew reply and new prefix if RADIUS returns different prefix;
*) dhcpv6-server - properly display "static-pool" value in server print output for "prefix-pool" argument; 
*) discovery - added support for LLDP DCBX;
*) discovery - use LLDP description field to populate platform, version and board-name;
*) disk - added "type=file" for file-based block devices, useful for using file as a swap, or when having file-based filesystem images (CLI only);
*) disk - added btrfs filesystems list (CLI only);
*) disk - added mount-read-only and mount-filesystem options to allow read-only mounts and prevent mounting device at all (CLI only);
*) disk - added sshfs client to "/disk" menu (CLI only);
*) disk - added support for SWAP, currently allowed on any block device with "set x swap=yes" when container package is installed (CLI only);
*) disk - allow to configure global and per disk mountpoint template - [slot],[model],[serial],[fw-version],[fs-label],[fs-uuid],[fs] variables supported;
*) disk - auto mount iso and squashfs images;
*) disk - fixed managing and cleaning up mount points;
*) disk - fixed raid role auto selection for up to 64 drives;
*) disk - improve slot naming and improvements for visualizing complex hardware topology;
*) disk - improve test to report zero byte iops;
*) disk - improved system stability;
*) disk - read/show exfat filesystem label;
*) disk - recognize virtual sd* interfaces;
*) disk - remove 32 character slot name limit;
*) disk - save raid superblock and raid bitmap superblock on member devices in 1.2 format/location;
*) disk - show detailed mountpoint users when unable to unmount;
*) disk - show usage as percentage (CLI only);
*) disk - try all NFS versions (4.2,4.1,4.0,3,2) when mounting NFS in that order;
*) disk,nvme - show nvme namespaces if configured more than one on a nvme drive;
*) dns - added option to create named DNS servers that can be used as forward-to servers;
*) dns - do not look up local cache when executing ":resolve" command with specified "server" parameter (introduced in v7.16);
*) dns - DoH whitelist support for adlist using static FWD entries;
*) dns - refactored DNS service internal processes;
*) dns - whitelist support for adlist using static FWD entries;
*) ethernet - improved interface stability for RB4011 devices;
*) ethernet - improved linking after reboot for hAP ax lite devices ("/system routerboard upgrade" required);
*) ethernet - improved stability after reboot for Chateau PRO ax;
*) ethernet - improved system stability for CCR2004-1G-2XS-PCIe device;
*) ethernet - log warning only about excessive broadcast (do not include multicast) and reduced log count;
*) fetch - fixed certificate check when provided hostname is IP address;
*) fetch - fixed large file (over 4GB) fetch in HTTP/HTTPS mode;
*) file - correctly identify mounted disks;
*) file - do not needlessly scan large filesystems, could prevent unmounting;
*) file - improved handling of changes to the file system;
*) file - improved service stability when accessing files list from other system services;
*) file - support files over 4GB size;
*) file - update file size before trying to request content;
*) firewall - added none-dynamic and none-static arguments for IPv6 address-list-timout settings;  
*) firewall - added support for random external port allocation;
*) firewall - added warning log for TCP SYN flood;
*) firewall - fixed "dst-limit" and "limit" mathers when using zero value for burst argument;
*) firewall - improved matching from deeply nested interface-lists;
*) firewall - removed default mangle passthrough=yes configuration from export;
*) ftp - added VRF support;
*) gps - changed default GPS antenna setting for LtAP mini with internal LTE/GPS combo antenna;
*) graphing - fixed graphing rule removal;
*) graphing - fixed queue graph storing on disk;
*) health - added cpu-overtemp-check on ARM, ARM64 devices (CLI only);
*) health - changed PSU state from "no-ac" to "no-input";
*) health - hide settings in CLI if there is nothing to show;
*) health - removed board-temperature on RB5009UPr+S+IN device;
*) igmp-proxy - refactored IGMP querier;
*) ike2 - improved performance by balancing multicore CPU usage for key exchange calculation also for initiator;
*) iot - added additional debug for LoRa logging;
*) iot - added an option to print out LoRa traffic in CLI (not GUI-only option anymore);
*) iot - added new LoRa traffic FCnt packet counter parameter;
*) iot - added support for USB Bluetooth dongles (LE 4.0+) which enables Bluetooth functionality;
*) iot - bluetooth peripheral device menu now displays correct iBeacon major/minor values;
*) iot - fixed duplicate LoRa payloads in the traffic tab;
*) iot - fixed incorrect LoRa joineui filter export behavior;
*) iot - fixed LoRa behavior, where join eui or dev eui could be incorrectly converted during forwarding;
*) iot - improved system stability for LoRa;
*) iot - improvements to LoRa device's stats tab;
*) iot - LoRa LNS improvement;
*) iot - LoRa traffic tab RSSI now shows proper values for ARM architecture;
*) iot - modbus rework which improves Tx Rx switching behavior;
*) iot - mqtt improvement to support large payloads and gracefully discard payloads above size limit;
*) iot - removed crc-disabled and crc-error options from the LoRa forwarding;
*) iot - removed LoRa pause traffic option/setting;
*) iot - removed some LoRa radio related parameters (e.g. RSSI-OFF and Tx-enabled) that were not meant to be changed;
*) ippool - removed maximum "63 bit" prefix length limitation;
*) ipsec - ike2 improved process for policies; 
*) ipv6 - added comment property to "/ipv6/nd/prefix" menu;
*) ipv6 - added IPv6 settings related to stale IPv6 neighbor cleanup;
*) ipv6 - added support for manual link-local address configuration;
*) isis - do not disable fast-path when isis is enabled on an interface;
*) isis - fixed console flags;
*) isis - fixed invalid L2 LSP type;
*) isis - make it work when MTU is larger than 1500;
*) isis - update interface MAC address on change (caused neighbor to stuck in init state);
*) kid-control - use time format according to ISO standard;
*) l3hw - improved system stability;
*) l3hw - rate limit error logging;
*) leds - fixed issue where interface LEDs might not properly disable in some cases;
*) log - added basic validation for "disk-file-name" property;
*) log - added hostname support to remote logging action;
*) log - added regex parameter for log filtering in rules;
*) log - fixed e-mail logging (introduced in v7.16);
*) log - use time format according to ISO standard;
*) lte - added option to check/install modem firmware from early-access/testing channel (CLI only);
*) lte - added provider specific firmware update (FOTA) for Cosmote GR networks on Chateau 5G;
*) lte - disabled ims service for Chateau 5G on operator "3 AT" network (PLMN ID 23205);
*) lte - drop operator selection support for R11e-4G modem as it is unreliable;
*) lte - fixed "default-name" property in export when multiple LTE interfaces are used; 
*) lte - fixed "lte monitor" signal reporting for RG520F-EU modem when connected to 5G SA network;
*) lte - fixed "operator" setting for EC200A-EU modem;
*) lte - fixed long "PLMN search in progress" for SXT 3-7;
*) lte - fixed LTE band setting for SXT LTE 3-7;
*) lte - fixed roaming barring (allow-roaming=no) for EC200A-EU modem;
*) lte - fixed signal info reporting for FG621-EA modem in UMTS network;
*) lte - fixed SMS sender parsing;
*) lte - improved modem FW upgrade for Chateau 5G;
*) lte - improved R11eL-EC200A-EU modem firmware upgrade procedure;
*) lte - improved recovery after unexpected modem reboot for Chateau's 5G and 5G R16 series devices;
*) lte - improvements to modem "firmware-upgrade" command;
*) lte - MBIM increased assignable APN profile count up to 8 then modem firmware allows it;
*) lte - modem firmware update (FOTA), added support to install provider specific version;
*) lte - removed trailing "F" symbol from uicc;
*) lte - set "sms-read=no" and "sms-protocol=auto" as default values;
*) lte - set IPv6 address reporting format in modem init for AT modems and MBIM modems with AT channel;
*) mac-server - allow MAC-Telnet access through any bridged port when bridge interface is allowed;
*) mac-telnet - use ASCII DEL as erase/backspace char instead of BS (fixes mac-telnet backspace for WinBox4);
*) macvlan - improved error when trying to create new interface on already busy parent interface;
*) macvlan - updated driver;
*) modem - KNOT BG77 modem, improved handling of modem unexpected restarts;
*) mpls - added fast-path support for VPLS;
*) mpls - added MPLS mangle support;
*) mpls - added support for "ICMP Fragmentation needed";
*) mpls - do no drop LDP peering session on PW deactivation;
*) mpls - do not reconnect VPLS on name or comment changes;
*) netinstall - removed unused "Get key" button;
*) netinstall - save and restore device-mode configuration on format;
*) netinstall-cli - added "-o" option to install devices only once per netinstall run; 
*) netinstall-cli - fixed x86 detection;
*) netwatch - added "ignore-initial-up" and "ignore-initial-down" properties;
*) netwatch - fixed multiple variables;
*) netwatch - fixed probe toggle when adding a comment; 
*) ospf - fixed memory corruption;
*) ospf - improved stability on configuration update;
*) ovpn - added VRF support to OVPN server (server menu now supports multiple entries and previous server configuration is automatically imported);
*) ovpn - improved system stability;
*) ovpn-client - added tls-crypt, tls-crypt-v2 support;
*) ovpn-server - added "user-auth-method" property and allow mschap2 for RADIUS authentication;
*) pimsm - improved system stability after interface disable;
*) poe-out - added low-voltage-too-low status;
*) poe-out - improved PoE-out configuration handling when doing reset-configuration command;
*) poe-out - upgraded firmware for CRS354-48P-4S+2Q+ device (the update will cause brief power interruption to PoE-out interfaces);
*) poe-out - upgraded firmware for PSE (BT) controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) port - display a warning when using invalid log-file with the "remote-access" feature; 
*) port - more detailed print command output, include in "USED-BY" property channel number(s);
*) ppp - add routes in matching VRF;
*) ppp - added support for bridge-port-pvid configuration via ppp profile;
*) ppp - added support for bridge-port-trusted configuration via ppp profile;
*) ppp - do not print local/remote pool related errors in log when configuration does not require pool usage;
*) ppp - fixed typos in log message;
*) ppp - reuse link-local IPv6 address for static bindings when possible;
*) ppp - set APN/PDN type "IPv4/v6" according assigned PPP profile protocol setting;
*) pppoe - added support for PPPoE server over 802.1Q VLANs;
*) profiler - classify ppp processing;
*) profiler - improved process classification;
*) profiler - renamed radv process to radvd;
*) ptp - added dynamic switch ACL rules in order to trap PTP packets to CPU instead of forwarding;
*) ptp - added option to configure L2 transport with forwardable and non-forwardable MAC destination;
*) ptp - added PTP support for CRS320-8P-8B-4S+ and CRS326-4C+20G+2Q+ devices;
*) ptp - display warning when none of the PTP ports has a link;
*) ptp - fixed DSCP values for IPv4 packets; 
*) ptp - fixed packet receive with enabled igmp-snooping;
*) ptp - fixed packet tx/rx when enabling PTP on 1/2.5/100Gbps links for 98CX8410, 98DX8525, 98DX4310 switches (introduced in v7.16);
*) ptp - fixed synchronization on QSFP28 interfaces;
*) ptp - make PTP process more stable and deterministic when applying configuration;
*) ptp - restrict configuring g8275 profile with IPv4 transport;
*) qos-hw - allow to disable/enable profiles, disabled or removed profile gets replaced with the default;
*) qos-hw - enabling PFC on port also requires setting egress-rate-queueN;
*) qos-hw - fixed export when changing default Tx Manager;
*) qos-hw - fixed incorrect port byte-use counter;
*) qos-hw - improved PFC behavior;
*) qos-hw - improved system stability when enabling QoS;
*) qos-hw - improved WRED and ECN behavior;
*) qos-hw - rename pfcN-pause and pfcN-resume to pfcN-pause-threshold and pfcN-resume-threshold;
*) qos-hw - reworked PCP and DSCP mapping (now supports single, multiple and range values, previous configuration with minimal value mapping is converted to a single value);
*) qos-hw - switch-cpu port trust settings are forced to "keep";
*) queue - improved system stability when too many simple queues are added;
*) quickset - added "LTE AP" quickset profile with one wifi interface;
*) rip - improved stability when changing metric;
*) romon - added dynamic switch rules on devices supporting it when enabling the service;
*) romon - added interface-list support;
*) romon - send uptime in discovery;
*) rose-storage - allow to set iscsi-iqn only when type=iscsi and allow nvme-tcp-name only when type=nvme-tcp;
*) rose-storage - do not allow to format exported disks;
*) rose-storage - enable autocomplete for local-path property in "/file/sync" menu;
*) rose-storage - enable more threads for faster RAID sync;
*) rose-storage - ensure unique nvme-tcp-names for nvme-tcp clients;
*) rose-storage - improved error messages;
*) rose-storage - improved system stability;
*) rose-storage,raid - improved stability of degraded arrays on startup;
*) rose-storage,raid - store superblock in 1.2 format, show raid super block info when detected to help with reassembling arrays;
*) route - fixed discourse attribute print;
*) route - fixed minor typo in failure message;
*) route - fixed possible issue with inactive routes after reboot (introduced in v7.16);
*) route - improved stability;
*) route - improved stability with static route configuration;
*) route - increased interface name length limit in log messages;
*) route - removed possibility for IPv6 routes to specify interface in the dst-address;
*) routerboot - fixed boot MAC for devices with Alpine CPU ("/system routerboard upgrade" required);
*) routerboot - fixed boot MAC for MIPSBE CRS3xx and CRS5xx switches ("/system routerboard upgrade" required);
*) routerboot - improved stability for IPQ8072 and IPQ6010 when flash-boot is used ("/system routerboard upgrade" required);
*) routing-filter - fixed subtract and add for numerical values (+x, -x);
*) rsync - fixed when used over ssh and spaces in directory names;
*) sfp - fixed 1Gbps supported rate for RB960 and RB962 devices;
*) sfp - fixed linking with 1Gbps optical modules with "combo-mode=sfp" configuration for CRS312 device;
*) sfp - improved initialization and linking for some SFP modules;
*) sfp - improved initialization for certain SFP modules on CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) sfp - improved power control configuration for QSFP optical modules according to the EEPROM field;
*) sfp - improved SFP auto-negotiation for L22, L23 devices;
*) sfp - improved SFP28, QSFP28 interface stability using DAC cable for CRS520 switch;
*) smb - stability improvements for client/server;
*) snmp - added wifi fields to MIKROTIK-MIB;
*) socks - fixed comment property for access configuration;
*) ssh - added option to configure SSH ciphers (replaced allow-none-crypto parameter);
*) ssh - do not regenerate host key after update from RouterOS version older than 7.9; 
*) ssh - improved logging;
*) ssh - improved speed;
*) ssh - prefer GCM ciphers for arm64 and x86 devices when ciphers=auto;
*) ssl/tls - improved performance;
*) sstp - added pfs=required option to allow only ECDHE during TLS handshake;
*) storage - preserve permissions,owners,attributes when syncing under "/file/sync";
*) storage,rsync - fixed to work with clients passing "-a" option;
*) supout - added BGP advertisements section;
*) supout - added device-mode section;
*) supout - do not create autosupout.rif for second time after system reboot;
*) supout - print non BGP and OSFP routes if route list is too large;
*) supout - reduce minimal RAM required for export to be included;
*) supout - use separate LTE section;
*) switch - added "all" argument for "new-dst-ports" switch rule property for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
*) switch - added IPv6 flow label matching in switch rules for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
*) switch - allow bond interfaces in switch rules for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
*) switch - allow matching network bitmask for IPv4 and IPv6 dst/src-address properties in switch rule;
*) switch - disallow switch-cpu in "ports" and "new-dst-ports" rule properties for CRS3xx, CRS5xx, CCR2116, CCR2216 and RB5009 devices;
*) switch - fixed a potential issue with packet corruption caused by incorrect switch initialization on CRS3xx/5xx devices;
*) switch - fixed L2MTU for 25Gbps ports; 
*) switch - fixed RSPAN error message when using mirror-target=cpu;
*) switch - fixed rule disable in certain cases for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) switch - fixed storm-rate accuracy on 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) switch - force "mac-protocol" when matching IPv4 or IPv6 specific properties; 
*) switch - improved CPU performance for CRS328-24P-4S+ switch;
*) switch - improved system stability for RB5009 and CCR2004-16G-2S+ devices;
*) switch - make switch rule "ports" property not required and unsettable (allows matching packets on all switch ports);
*) switch - updated dynamic switch rules when using HW bridge with IGMP snooping (224.0.0.0/24 and ff02::/16 destination addresses are forwarded and copied to CPU);
*) system - improved IPv6 maximum routing table size based on total memory;
*) system - make ICMP error source address selection configurable (icmp-errors-use-inbound-interface-address parameter in ip settings);
*) system - make TCP timestamp handling configurable (tcp-timestamps parameter in ip settings);
*) system - moved "/system/upgrade" to "/system/package/local-update";
*) tftp - improved stability;
*) upnp - rename service description file from gateway_description.xml back to gateway.xml;
*) user-manager - improved stability;
*) vpls - added support for bridge-pvid configuration;
*) vrf - fixed packet handling with enabled queues;
*) vxlan - fixed issue causing to loose IPv6 VTEP address setting;
*) webfig - added search option for settings;
*) webfig - allow download from file details;
*) webfig - allow style.css and script.js in branding packages;
*) webfig - fixed uploading files with Windows style newlines;
*) webfig - hide inherited wifi password;
*) webfig - improved keyboard navigation;
*) webfig - improved screen reader support;
*) webfig - improved system stability when used over many simultaneous sessions;
*) webfig - redirect "/help/license.html" to "/license.txt" for backwards compatibility;
*) webfig - reduce flickering when table is sorted by column with duplicate values;
*) webfig - Skin Designer moved to centralized page;
*) webfig - status page is deprecated, old status page config will work, but can't be updated or created;
*) webfig - support unicode strings;
*) wifi - add information to each interface, showing which CAPsMAN manages it or which CAP hosts it when applicable;
*) wifi - added a debug log entry when switching channel;
*) wifi - added ability to set security.owe-transition-interface to "auto";
*) wifi - added access-list stats (CLI only);
*) wifi - added configuration.installation property to limit use of indoor-only channels;
*) wifi - added debug log messages on station authentication mismatch;
*) wifi - added extra info to CAPsMAN about message;
*) wifi - added last-activity property in registration table;
*) wifi - added multi-passphrase (PPSK) support (CLI only);
*) wifi - added option to reset MAC address (CLI only);
*) wifi - added station-roaming support;
*) wifi - allow IPv6 LL address in caps-man-addresses;
*) wifi - disabled 802.11h on 2.4GHz station;
*) wifi - fixed "disabled" property in certain cases;
*) wifi - fixed failure to resume operation after DFS non-occupancy period has elapsed;
*) wifi - fixed failure with "auto" peer update on the OWE interface;
*) wifi - fixed occasional failure to bring up management frame protection and channel switch capabilities;
*) wifi - fixed the "no available channels" message still being displayed after a setting change has made some channels available;
*) wifi - improved FT roaming with WPA3 for some Apple devices;
*) wifi - indicate radios' ability to perform a channel switch in their "hw-caps" attribute;
*) wifi - indicate which channels are subject to DFS, or are indoor-only in output of "monitor" command;
*) wifi - re-word the "SA Query timeout" log message to "not responding";
*) wifi - show authentication type and wireless standard used by each client in registration table;
*) wifi - show regulatory limits on maximum bandwidth in output of radio/reg-info command;
*) wifi - when operating in station mode, log more information when AP switches to an unsupported channel;
*) wifi-qcom - added Superchannel country profile;
*) wifi-qcom - updated regulatory info for Ukraine, Australia and United States;
*) wifi-qcom-ac - allow use of channel 144 under "Japan" regulatory domain;
*) wifi-qcom-ac - fix possible conflict between radio and USB initialization on hAP ac2;
*) wifi-qcom-ac - improved CPU load balancing and system stability;
*) winbox - added "Copy to Access List" option under "WiFi/Registration" menu;
*) winbox - added "Max Entries" and "Total Entries" properties under "IP/Firewall/Connections/Tracking" menu;
*) winbox - added "Scan" and "Test Disks" features under "System/Disks" menu;
*) winbox - added Enable/Disable buttons under "Tools/Graphing" menus;
*) winbox - added MAC address support for "Group" property under "Bridge/MDB" menu;
*) winbox - added missing "bus" option for compatible devices under "System/RouterBOARD/USB Power Reset" menu;
*) winbox - added missing properties under "IP/Neighbors" menu;
*) winbox - allow to edit Ethernet MAC address;
*) winbox - clear "Value" field when unset under "IP/DNS/Static" menu;
*) winbox - fixed duplicate timezone names;
*) winbox - fixed typo in "System/Reset Configuration" menu;
*) winbox - hide LCD menu for devices without display;
*) winbox - hide LTE "External Antenna" menu for devices without switchable antenna option;
*) winbox - improved stability;
*) winbox - minimal required version is v3.41;
*) winbox - refresh values under "Bridge/VLANs/MVRP Attributes" menu;
*) winbox - renamed and moved "System/Auto Upgrade" to "System/Packages" menu;
*) winbox - renamed wrong invalid interface flag to inactive;
*) winbox - show "FEC" property on status tab for interfaces that use it;
*) winbox - show MLAG settings for CRS326-4C+20G+2Q+ device;
*) winbox - updated properties and behavior under "Switch/QoS" menu;
*) wireguard - do not initiate handshake when peer is configured as responder;
*) wireless - added option to reset MAC address (CLI only);
*) wireless - added vlan-id to registration-table;
*) wireless - allow to set Canada2 country profile when locked with US lock package for CubeG device;
*) wireless - enable all chains by default for RB911 and RB922 series devices;
*) wireless - fixed antenna gain for SXT5ac device;
*) wireless - preserve configured country while using setup-repeater, added "country" argument (CLI only);
*) x86 - Realtek r8169 updated driver;
*) zerotier - added debug logging;
*) zerotier - do not show default settings in export;
*) zerotier - upgraded to version 1.14.0;

/ip firewall filter
add action=drop chain=input comment="Drop TCP DNS" dst-port=53 in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="Drop UDP DNS" dst-port=53 in-interface-list=WAN protocol=udp

What's new in 7.16 (2024-Sep-20 16:00):

*) 6to4 - fixed 6to4 tunnel LL address generation after system reboot;
*) 6to4 - improved system stability when using 6to4 tunnel without specified remote-address;
*) 6to4 - limit keepalive timeout maximum value;
*) address - added "S" flag for addresses that belong to a slave interface;
*) arm64 - fixed "disable-running-check" for ARM64 UEFI;
*) arm64 - increased reserved storage space for bootloader;
*) arm64/x86 - added rtl8111/8168/8411 firmware;
*) arp - fixed possible issue with invalid entries;
*) bgp - fixed BGP sessions missing vpnv6 afi;
*) bgp - fixed cluster-list and originator-id;
*) bgp - fixed corrupted as-path when received update with empty AS_PATH attribute (introduced in v7.15);
*) bgp - fixed minor logging typo;
*) bgp - fixed vpnv6 safi;
*) bgp - small logging improvements;
*) bridge - added dynamic tagged entry when VLAN interface is created on vlan-filtering bridge;
*) bridge - added forward-reserved-addresses property which controls forwarding of MAC 01:80:C2:00:00:0x range (separated from "protocol-mode=none" functionality, disabled by default after upgrade);
*) bridge - added L2 MDB support for IGMP snooping;
*) bridge - added max-learned-entries property for bridge;
*) bridge - added message about who created a dynamic VLAN entry;
*) bridge - added MVRP support for VLANs assigned to bridge;
*) bridge - do not allow duplicate ports;
*) bridge - fixed BPDU address when using "ether-type=0x88a8" configuration;
*) bridge - fixed MVRP leave;
*) bridge - fixed port "point-to-point" status after first link change; 
*) bridge - fixed typo in filter and NAT error message; 
*) bridge - improved system stability when removing MLAG configuration;
*) bridge - show invalid flag for ports that fails to be added to bridge (e.g. maximum port limit of 1024 is reached);
*) bth - improved stability on system time change;
*) certificate - added no-key-export parameter for import;
*) certificate - added support for cloud-dns challenge validation for sn.mynetname.net (CLI only);
*) certificate - automatically parse uppercase symbols to lowercase when registering domain on Let's Encrypt;
*) certificate - improved DNS challenge error reporting for Let's Encrypt;
*) certificate - improved RSA key signature processing speed;
*) certificate - show validity beyond year 2038; 
*) chr - added support for licensing over IPv6 network; 
*) chr - fixed incorrect disk size for ARM64;
*) console - added "about" filters for "find" and "print where" commands;
*) console - added "verbose=progress" mode for import status updates, and verbose output only on failures;
*) console - added additional byte-array option to :convert command;
*) console - added dry-run parameter to simulate import of files and find syntax errors without making configuration changes (verbose only);
*) console - added limits for dst-start and dst-end clock properties; 
*) console - added lock screen via :lock command;
*) console - added uppercase and lowercase transform modes to :convert command;
*) console - disallow ping command with empty address;
*) console - display hint when requesting specific argument syntax;
*) console - do not show default boot-os setting in export;
*) console - fixed an issue where certain MAC address can be interpreted as time value;
*) console - fixed negative values for gmt-offset clock property; 
*) console - fixed output of ping command in certain cases; 
*) console - fixed typo in firewall error message;
*) console - improved :serialize and :deserialize commands and added support for DSV (delimiter separated values) format;
*) console - improved large import file handling, error detection and stability;
*) console - improved stability when pasting a large input;
*) console - improved stability when removing script;
*) console - increased default width for bitrate type of columns;
*) console - removed follow-strict parameter;
*) console - show rest-api name for active user connections;
*) container - clear VETH address on container exit and mark interface as running only when VETH is in use;
*) defconf - configure the default-route property for PPP clients only on devices with a built-in modem;
*) detnet - properly detect "Internet" status when multiple detnet instances preset in network;
*) dhcp - added comment property for matchers, options and option sets;
*) dhcp - improved DHCP IPv4 and IPv6 client/relay/server underlying interface state change handling;
*) dhcp - improved insert-queue-before, parent-queue and allow-dual-stack-queue behavior;
*) dhcpv4-client - execute script on DNS server or gateway address change;
*) dhcpv4-server - added  "class-id" parameter for DHCP server leases;
*) dhcpv4-server - added matcher ability to match substring;
*) dhcpv4-server - added name for "User-Class" option (77), "Authentication" option (90), "SIP-Servers-DHCP-Option" option (120) and "Unassigned" option (163-174) in debug logs;
*) dhcpv4-server - fixed setting and getting "next-server" property;
*) dhcpv4-server - increased lease offer timeout to 120 seconds;
*) dhcpv4-server - remove corresponding dynamic leases if their address-pool gets removed;
*) dhcpv4-server - show active-server and host-name in print active command;
*) dhcpv6-client - do not add default gateway twice when both prefix and address is acquired;
*) dhcpv6-client - fixed T1, T2, valid-lifetime and preferred-lifetime compliance with RFC8415 by using value 0;
*) dhcpv6-client - pause client and remove dynamically installed objects while it becomes invalid;
*) dhcpv6-client - release client on failed renew attempt;
*) dhcpv6-client - update gateway address for default route on renew;
*) dhcpv6-server - improved system stability;
*) discovery - added discover-interval setting;
*) discovery - added LLDP Port VLAN ID, Port And Protocol VLAN ID, VLAN Name TLVs support;
*) discovery - added LLDP-MED timeout;
*) discovery - changed default discover-interval setting from 60s to 30s;
*) discovery - set unknown bit for any unspecified link type in MAC/PHY TLV; 
*) disk - added "wipe-quick" file-system option to format-drive command (CLI only);
*) disk - added log message when disks get added or removed;
*) disk - added simple test command to test device and filesystem speeds (CLI only);
*) disk - improved system stability;
*) disk - remove dummy "slot1" entries on CHR;
*) dns - added support for DoH with adlist;
*) dns - added support for DoH with static FWD entries;
*) dns - added support for mDNS proxy;
*) dns - improved imported adlist parsing;
*) dns - refactored adlist service internal processes and improved logging;
*) dns - refactored DNS service internal processes;
*) dns - show static entry type "A" field in console;
*) dude - fixed map element RouterOS package upgrade functionality; 
*) ethernet - fixed port speed downshift functionality for CRS354 devices;
*) ethernet - improved system stability for Alpine CPUs when dealing with unexpected non-UDP/TCP packet transmit;
*) fetch - handle HTTP 401 status correctly;
*) fetch - improved logging;
*) file - renamed "creation-time" to "last-modified";
*) filesystem - improved boot speed after device is rebooted without proper shutdown;
*) filesystem - refactored internal processes to minimize sector writes;
*) firewall - added message when interface belonging to VRF is added in filter rules;
*) firewall - fixed an issue with unsetting src-address-type;
*) firewall - fixed IPv6 "nth" matcher showing up twice in help;
*) firewall - fixed issue that prevents restoring src-address-list and dst-addres-list properties using undo command;
*) firewall - removed unnecessary TLS host matcher from NAT tables;
*) health - fixed board-temperature for KNOT device (introduced in v7.15);
*) health - fixed bogus CPU temperature spikes for CCR2216 device;
*) health - fixed missing health for CRS112-8G-4S device (introduced in v7.15);
*) health - improved voltage measurements for RB912UAG-6HPnD and RB912UAG-5HPnD devices;
*) health - removed unnecessary health settings for RB921 and RB922 devices;
*) health - upgraded fan controller firmware to latest version;
*) hotspot - properly escape all reserved URI characters;
*) ike1 - removed unsupported NAT-D drafts with invalid payload numbers;
*) ike2 - improved performance by balancing multicore CPU usage for key exchange calculation;
*) install - allow to save old configuration during cdrom install;
*) install - fixed ARM64 cdrom install (introduced in v7.15);
*) iot - added an option to delete default LoRa servers and a button to recover them if needed;
*) iot - added an option to log LoRa filtered packets;
*) iot - added LoRa NetID and JoinEUI filtering for LNS and CUPS connections;
*) iot - added LoRa option to filter out proprietary packets;
*) iot - fixed incorrect LoRa filter export behavior;
*) iot - fixed LoRa inability to set SSL for LoRa servers via command line;
*) iot - fixed LoRa inability to use variables for GPS-spoofing setting;
*) ip - added max-sessions property for services;
*) ip/ipv6 - added multipath hash policy settings;
*) ipip6 - make IPv6 LL address random;
*) ipsec - changed default dpd-interval from 2 minutes to 8 seconds and dpd-maximum-failures from 5 to 4;
*) ipsec - improved installed SA statistics update;
*) ipv6 - added "d" deprecated flag for expired IPv6 SLAAC addresses;
*) ipv6 - allow to properly disable address when it is generated from pool;
*) ipv6 - allow to properly move IPv6 address from slave interface to a bridge interface;
*) ipv6 - do not allow adding address with invalid prefix when using pool;
*) ipv6 - do not allow to manually delete LL address;
*) ipv6 - fixed "no-dad" functionality;
*) ipv6 - fixed dynamic duplicate address showing when static address is already configured;
*) ipv6 - fixed pool allocated addresses missing after reboot;
*) ipv6 - fixed SLAAC address dynamic appearance;
*) ipv6 - improved handling of IPv6 address information;
*) ipv6 - improved LL address generation process;
*) ipv6 - properly initialize default ND "interface=all" entry;
*) ipv6 - respect APN settings for "add-default-route" and "use-peer-dns" also when "accept-router-advertisements=yes";
*) ipv6 - warn user that reboot is required in order to properly apply accept-router-advertisements changes;
*) isis - fixed filter-chain and filter-select settings;
*) isis - install IPv6 link-local gateways correctly;
*) l2tp - improved system stability;
*) l3hw - added per-VLAN packet and byte counters to compatible switches;
*) l3hw - disable L3HW on bonding modes that do not support it;
*) log - added basic validation for "disk-file-name" property;
*) lte - added "sms-protocol" setting in "/interface lte" menu (CLI only);
*) lte - fixed "at-chat" for DELL T99W175 (PID: 0x05c6 VID: 0x90d5);
*) lte - fixed cases where LTE interface would take long time to become ready after bootup for Chateau 5G and Chateau 5G R16 (introduced in v7.15);
*) lte - fixed cases where modem could be handled by multiple dialer instances;
*) lte - fixed modem firmware upgrade for Chateau 5G and Chateau 5G R16 (introduced in v7.15);
*) lte - fixed possible crash when enabling/disabling config-less modem interface;
*) lte - fixed R11e-LTE no traffic flow when modem with older firmware version is used;
*) lte - fixed support for Fibocom modem fm150-na;
*) lte - improved modem AT/modem port open;
*) lte - improvements to "/interface/lte/show-capabilities" command;
*) media - improved file indexing for DLNA; 
*) modem - added authentication functionality to EC200A;
*) modem - fixed PPP link recovery when port unexpectedly removed and returned due to modem firmware crash;
*) modem - fixed unresponsive PPP link recovery when TX bandwidth was exceeding link capacity;
*) modem - improved support for KNOT BG77 modem firmware update;
*) mqtt - broker password is no longer exported unless "show-sensitive" flag is used;
*) netinstall-cli - added check for device and package architectures match;
*) netinstall-cli - added support for multiple device install;
*) netinstall-cli - allow mixed package architectures;
*) netwatch - added DNS probe;
*) netwatch - added ttl and accept-icmp-time-exceeded properties for ICMP probe;
*) netwatch - use time format according to ISO standard;
*) ospf - improved system stability during LSA monitoring;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) poe-out - fixed low-voltage detection while PD is connected for KNOT device;
*) poe-out - fixed silent firmware upgrade fail on CRS112-8P-4S device (introduced in v7.15);
*) poe-out - upgraded firmware for SAMD20 PSE (AF/AT) controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) port - added IPv6 support for the "remote-access" feature; 
*) ppp - added SIM hot-plug enable command to default init-string for KNOT and CME gateway;
*) ppp - added support for IPv6-only domain names to l2tp-client, ovpn-client and sstp-client;
*) ppp - automatically generate IPv6 firewall rules when filter-id is specified;
*) ppp - fixed dynamic queue default name (introduced in v7.15);
*) ppp - fixed PPP info parser showing error for BG77 modem running on KNOT AUX AT/modem port;
*) profiler - classify wifi processing as "wireless";
*) ptp - added PTP support for CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ, CRS518-16XS-2XQ, CRS504-4XQ, CRS510-8XS-2XQ devices;
*) qos-hw - added H and I flags to queues;
*) qos-hw - added new monitoring properties for ports and global QoS stats;
*) qos-hw - added queue-buffers property to tx-manager;
*) qos-hw - allow port print stats, usage and pfc while QoS is disabled;
*) qos-hw - allow to set queue-buffers in bytes, percent or auto;
*) qos-hw - enabling ECN forces WRED (unless share is disabled);
*) qos-hw - fixed egress-rate limit validation;
*) qos-hw - fixed global buffer limits for 98DX8212 and 98DX8332 switches;
*) qos-hw - fixed WRED thresholds;
*) qos-hw - improved behavior when changing ports tx-manger;
*) qos-hw - limit WRED to queues with enabled shared buffers;
*) queue - improved system stability;
*) quickset - removed Basic AP mode;
*) rose-storage - fixed "/file sysnc status" parameter to be read-only;
*) rose-storage - moved "/rsync-daemon" to "/file rsync-daemon;
*) rose-storage - renamed sync "remote-addr" property to "remote-address";
*) route - added ability to redistribute isis routes;
*) route - fixed incorrectly handled route distinguisher and route targets (introduced in v7.15);
*) route - fixed memory leak (introduced in v7.15);
*) route - fixed some missing route parameters when printing (introduced in v7.15);
*) route - improved route attribute handling (may increase memory usage);  
*) route - improved routing table update performance;
*) route - improved stability when getting entries from large routing tables;
*) route - place static route in the correct VRF when vrf-interface parameter is used; 
*) route - rename route type from is-is to isis;
*) routerboard - improved Etherboot stability for CRS320-8P-8B-4S+ device ("/system routerboard upgrade" required); 
*) routerboard - improved Etherboot stability for IPQ-40xx devices ("/system routerboard upgrade" required);
*) routerboot - improved boot process ("/system routerboard upgrade" required);
*) rpki - fixed preference sorting;
*) sfp - fixed calculated link length based on EEPROM in certain cases;
*) sfp - fixed missing traffic after reboot with S-RJ01 module running at 10/100 Mbps rate on CCR2004-16G-2S+ device;
*) sfp - fixed SFP28 interface with fec74 mode on CCR2004-1G-2XS-PCIe device;
*) sfp - fixed SFP28 jumbo frame processing on CCR2004-1G-2XS-PCIe device;
*) sms - added polling setting so that RouterOS itself checks SMS instead of relying on URC messages;
*) snmp - added support for KNOT BG77 modem cellular signal info;
*) snmp - fixed LAST-UPDATED format in MIKROTIK-MIB;
*) ssh - fixed SSH cryptographic accelerator selection for GCM cipher (introduced in v7.14);
*) ssh - fixed unsupported user SSH public key import (introduced in v7.15);
*) ssh - improved system stability when SSH tries to bind to non-existing interface;
*) supout - added detnet section;
*) supout - added monitor command for all wifi interfaces;
*) supout - added netwatch section;
*) supout - added user SSH keys section;
*) supout - increased console output width;
*) supout - limit address-list and connection tracking entries to 999 in supout.rif;
*) supout - rename "store" section to "disk";
*) switch - fixed an issue where half-duplex links could occupy Tx resources for 98DX8xxx, 98DX4xxx, 98DX325x switch chips;
*) switch - fixed an issue with Ethernet port group hang for CRS354 devices;
*) switch - fixed Ethernet interface counter 32bit overflow for CRS354 devices;
*) switch - fixed limited Tx traffic on Ethernet ports for CRS354 devices (introduced in v7.15);
*) switch - improved switch reset;
*) switch - improved system stability on CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) system - added "clock" logging topic for time change related messages;
*) system - added critical log message when not enough space to store new configuration;
*) system - added log message if device failed to reboot gracefully;
*) system - added more details to user initiated reboot (reset, upgrade, downgrade);
*) system - added support for upgrade over IPv6 network; 
*) system - do not cancel package upgrade if another architecture packages found on the router;
*) system - do not download packages scheduled for uninstall;
*) system - do not start IPsec and certificate processes when not necessary;
*) system - fixed "free disk space" error message on system upgrade/downgrade;
*) system - fixed an issue where routing configuration was missing after performing a reset, adding a new configuration and then upgrading (introduced in v7.15); 
*) system - fixed empty logs after reboot in certain cases;
*) system - improved internal system services messaging;
*) system - improved performance for TCP input;
*) system - improved reporting of total memory size;
*) system - improved system stability for CCR2004-1G-2XS-PCIe device;
*) system - improved system stability for RBSXTsq5nD and RBLDF-5nD;
*) system - improved system stability;
*) system - improved watchdog and kernel panic reporting;
*) system - reduced RAM usage for ARM64 devices;
*) system - set flash-boot mode as "boot-device" after system reset initiated by reset button  ("/system routerboard upgrade" required);
*) system - set flash-boot mode as "boot-device" after system reset initiated from software;
*) traceroute - do not stop traceroute after 5 consecutive unreachable hops;
*) tunnel - allow specifying IPv6 LL address as "remote-address" for EoIPv6, GRE6 and IPIP6 tunnels;
*) user - added inactivity timeout for non-GUI sessions;
*) user-manager - updated logo;
*) vxlan - added comment support to VTEPs;
*) vxlan - prevent creating multiple VTEPs with same IP/port combination;
*) webfig - allow to enter time that exceeds 23:59:59;
*) webfig - correctly display default value for number type;
*) webfig - enabled hotlock mode for terminal;
*) webfig - fixed an issue where wrong menu title was shown;
*) webfig - fixed issue with incorrectly applying optional fields;
*) webfig - fixed sorting by datetime;
*) webfig - use "any" argument by default for Torch "Port" property;  
*) wifi - added "slave-name-format";
*) wifi - added interface provisioning logs;
*) wifi - adjusted virtual interface naming when provisioning local radios;
*) wifi - do not allow frequency-scan on virtual interfaces;
*) wifi - do not unset radio-mac and master-interface properties on reset;
*) wifi - enable creating virtual wifi interfaces using "copy-from" setting;
*) wifi - fixed packet receive when having multiple station interfaces;
*) wifi - fixed signal strength reporting during association (introduced in v7.15);
*) wifi - fixed typo in log message;
*) wifi - improve regulatory compliance for Chateau ax devices;
*) wifi - improved interface stability when receiving invalid FT authentication frames;
*) wifi - improved system stability after interface hang;
*) wifi - improved WPA3 PMKSA handling when access-lists with custom passphrases are used;
*) wifi - make sniffer tool return an error when attempting to sniff with a radio which does not support it;
*) wifi - send channel switch announcements to clients when switching channels at requested re-select intervals;
*) wifi - use name-format also for local interfaces when provisioning;
*) wifi-qcom - add spectral-scan and spectral-history tools (CLI only);
*) wifi-qcom-ac - count dropped packets to "tx-drop" instead of "tx-error";
*) wifi-qcom-ac - improved memory allocating process;
*) winbox - added "Import Router ID" parameter under "Routing/BGP/VPN" menu;
*) winbox - added "Switch/QoS" menu for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
*) winbox - added "Trace" column under "System/History" menu;
*) winbox - added configuration settings for ROSE; 
*) winbox - added extra "File System" under "Format Drive" button;
*) winbox - added missing "Default Name" property for interfaces;
*) winbox - do not show "Last Logged In" and "Expire Password" when creating new system user;
*) winbox - fixed "Authority" property under "System/Certificates/Requests" menu;
*) winbox - fixed duplicated "MVRP Attributes" table;
*) winbox - fixed false invalid flag under "System/Ports/Remote Access" menu;
*) winbox - fixed issue with skin file appearing as unknown in user group menu (introduced in v7.15);
*) winbox - fixed signal bar "excellent" tooltip;
*) winbox - fixed Switch menu for RB1100AHx4 device;
*) winbox - improved QR code display;
*) winbox - moved DHCPv6 Server "Allow Dual Stack Queue" property from General to Queues tab;
*) winbox - moved Switch menu tabs to individual menus;
*) winbox - properly display available address-pools for DHCPv6 server configuration;
*) winbox - removed deprecated x86/CHR specific settings under "System/Resources" menu;
*) winbox - removed spare argument for "PFS Group" property under "IP/IPsec/Proposals" menu;
*) winbox - renamed configurable wifi property "Tx Power" to "Max Tx Power";
*) winbox - separated different Watchdog settings into logical tabs;
*) winbox - use CAP serial number with "Set Identity" button under "WiFi/Remote CAP" menu;
*) winbox - use correct default value for "Partition Offset" property;
*) winbox/webfig - fixed skins (introduced in v7.15);
*) wireless - allow unsetting signal-range and ssid-regext properties for capsman access-list;
*) wireless - fixed dynamic VLAN assignments for vlan-filtering bridge in certain cases;
*) wireless - limit antenna-gain property to 100;
*) www - log out inactive REST API users;
*) x86 - added missing PCI ids for bnx2x driver;
*) x86 - added RTL8156 driver support;
*) x86 - fixed missing serial ports with MCS9900;

{
    /ipv6 firewall address-list
    add address=mertcangokgoz.com list=mertcangokgoz.com
    :delay 5s
    :local ipv6add ([/ipv6 firewall address-list print as-value where comment="mertcangokgoz.com"]->0->"address")
    :set ipv6add [:pick $ipv6add 0 [:find $ipv6add "/" -1] ]
    :put [/tool fetch host=mertcangokgoz.com url="https://mertcangokgoz.com/" output=user as-value]
    remove [find where address=mertcangokgoz.com and list=mertcangokgoz.com]
}

What's new in 7.15rc2 (2024-Apr-24 12:38):

!) system - added support for AMPERE (R) and ARM64 CHR installations (new ARM64 CHR image available); 
*) bridge - added MVRP support;
*) chr - fixed management access (introduced in v7.15rc1); 
*) discovery - added LLDP Maximum Frame Size TLV support;
*) file - fixed file list updates in certain situations (introduced v7.15rc1);
*) lte - added "at-chat" support for DELL T99W175 (PID: 0x05c6 VID: 0x90d5);
*) partitions - fixed missing partition information on certain devices (introduced in v7.15beta8);
*) ppp - enabled monitoring of registration state, RSRP, RSRQ, SINR, PCI, CellID for BG77 modem;
*) ppp - fixed info command  and  PPP client crash when SIM is not present (introduced in v7.15beta6);
*) qos-hw - added "offline" tx-manager (CLI only);
*) qos-hw - added Priority Flow Control for compatible switches (CLI only);
*) storage - improved configuration storing process on first system boot after configuration reset;
*) winbox - fixed missing information for CHR/x86 (introduced in v7.15rc1);

Other changes since v7.14:

!) system - added support for AMPERE (R) hardware (new ARM64 ISO file, new ARM64 extra-nics.npk package);
*) bgp - added initial vpnv6 support;
*) bgp - correctly synchronize input.accept-nlri address list;
*) bgp - fixed prefix count when BGP sessions run with multiple AFIs;
*) bgp - fixed selecting local.default-address from wrong VRF;
*) bgp - use IPv6 as default address-family for IPv6 sessions;
*) bgp-vpn - use VRF interface as gateway for leaked connected routes;
*) branding - added option to hide default configuration prompt;
*) branding - added option to hide or replace default caps-mode-script;
*) bridge - added error message if MLAG peer-port is configured with "mlag-id";
*) bridge - added MLAG peer-port events to logs;
*) bridge - do not allow multiple bonds with same "mlag-id";
*) bridge - improved protocol-mode STP, RSTP and MSTP stability; 
*) bridge - rename monitor property "path-cost" to "actual-path-cost";
*) bridge - reworked dynamic VLAN creation;
*) bridge - use default "edge=auto" for dynamically bridged interfaces (PPP, VPLS, WDS);
*) certificate - added support for different ACME servers for ssl-certificate (CLI only);
*) certificate - added support for importing pbes2 encrypted private keys with aes128;
*) certificate - added trusted parameter for certificate import;
*) certificate - allow replacing certificate with internal import;
*) certificate - delete certificate related files automatically from storage after import;
*) certificate - improved RSA key signature processing speed;
*) chr - allow to "generate-new-id" only while CHR is running on level "free" license;
*) chr - fixed bogus messages printed out while booting up the system (introduced in v7.14);
*) chr - fixed Xen and Vultr missing ethernet (introduced in v7.14);
*) console - added "byte-array" option to ":convert" command;
*) console - added "proplist" parameter to interactive commands;
*) console - added "rows" property for sniffer quick mode;
*) console - added "sanitize-names" property under "/console/settings" menu (option for replacing reserved characters with underscores for files, disabled by default);
*) console - added "type" parameter to ":resolve" command;
*) console - added "use-script-permissions" option when running scripts from CLI;
*) console - added hotkey "F8" to print entire multiline input;
*) console - added link from "/iot/lora" to "/lora";
*) console - added log for script execution failures;
*) console - added multi-line print in "/file" menu; 
*) console - added option to get "about" value (dynamically created text field by RouterOS services like CAPsMAN);
*) console - added option to read and change file line endings in full-screen editor;
*) console - added warning log for modified filenames due to reserved characters;
*) console - covert spaces, CR, LF in ":convert to=url" command;
*) console - do not convert string to array in ":deserialize" command;
*) console - fixed ":onerror" behavior when "do" block is missing;
*) console - fixed "export where" functionality in certain menus;
*) console - fixed bogus console ports on ARM64 devices (introduced in v7.15beta6);
*) console - fixed console prompt when entering hot lock mode with "F7";
*) console - fixed DHCP server "authoritative=no" configuration export;
*) console - fixed do/while implementation not working with variables (introduced in v7.14);
*) console - fixed filtering by "dhcp" flag in "/ip/arp" menu;
*) console - fixed multiple typos in help;
*) console - improved stability;
*) console - optimized configuration export to prevent startup of processes without any configuration;
*) console - remove unnecessary serial ports for Alpine CPUs;
*) console - show system note before serial login if enabled;
*) console - use user permissions when running scripts from WinBox and WebFig;
*) container - do not allow negative number for "ram-high" setting;
*) defconf - do not override default DHCP server lease time;
*) defconf - fixed 5ghz-ax channel width for L11, L22 devices;
*) defconf - fixed unknown topics in log messages;
*) defconf - minor configuration script updates;
*) dhcpv4-relay - added VRF support;
*) discovery - added LLDP MAC/PHY Configuration/Status TLV support;
*) discovery - added LLDP Port Description TLV support;
*) discovery - advertise only physical interface name for LLDP PortID TLV;
*) discovery - always send LLDP MED Power TLV if MED was received;
*) discovery - fixed high CPU utilization when "tx-only" mode is set;
*) discovery - optimized LLDP information update;
*) disk - added option to auto configure media sharing;
*) disk - added support for formatting exfat file-system;
*) disk - improved support for file systems with non-ascii characters in file names;
*) disk - improved support for formatting ext4 file-system;
*) disk - improved system stability when adding partition with no parent;
*) disk - improved system stability;
*) disk - the "scan" command will now detect and include USB drives that were previously ejected;
*) dns - added support for "adlist";
*) dns - added VRF support;
*) dns - improved system stability when caching entries;
*) eap - improved eap-peap, eap-mschap2 client authentication (dot1x/wireless/ipsec);
*) ethernet - fixed default names for CRS310-8G+2S+ device (introduced in v7.14);
*) ethernet - fixed interface disable for CRS326-4C+20G+2Q;
*) ethernet - fixed management port disable/enable on CCR2004-1G-12S+2XS, CCR2004-1G-2XS-PCIe, CCR2216, CCR2116 devices;
*) ethernet - improved port speed downshift functionality for CRS326-4C+20G+2Q;
*) fetch - added "idle-timeout" parameter;
*) fetch - changed topic "info" to "error" for permission denied logs;
*) fetch - fixed slow throughput due to "raw" logging which occurred even when not listening to the topic (introduced in v7.13);
*) file - allow adding and renaming files and directories;
*) file - avoid refreshing whole file system during file modification;
*) file - fixed moving files to/from external storage (introduced in v7.15beta4);
*) file - improved external storage detection;
*) health - added "cpu-temperature" for IPQ50xx devices; 
*) health - added log for fan state changes on CRS3xx, CRS5xx, CCR2xxx, CCR1016r2, CCR1036r2 devices;
*) health - fixed fan behavior for CRS310-1G-5S-4S+ (introduced in v7.14);
*) health - fixed missing "cpu-temperature" on IPQ-60xx devices (introduced in v7.15beta8);
*) health - fixed rogue voltage on CRS510-8XS-2XQ-IN;
*) install - cdrom and hdd install images contain additional packages that can be interactively selected;
*) ipv6 - properly initialize default ND "interface=all" entry;
*) leds - fixed LEDs for L22 device;
*) lora - removed LoRa WinBox and console functionality duplication (moved to IoT package since v7.11);
*) lte - added support for concatenated AT commands in "modem-init" string;
*) lte - added support to set "modem-init" string for "dialer-less" modems;
*) lte - apply the same configuration for Microsoft branded EM12-G modem (Surface Mobile Broadband) as for Quectel EM12-G;
*) lte - dropped support for R11e-LTE-US FOTA firmware update;
*) lte - fixed firmware upgrade not found issue for Chateau LTE12 (introduced in v7.15beta4);
*) lte - fixed R11e-LTE-US modem dial-up;
*) lte - make interface persistent (unused interface configs can be removed, allow to export and examine current configuration without the device present);
*) media - added support for DLNA;
*) metarouter - removed support;
*) modem - send APN authentication for BG77 modem also if ppp-client interface created manually;
*) netinstall - improved stability;
*) ovpn - fixed import ovpn config when remote port is missing;
*) ovpn - fixed minor typo in error message;
*) poe-out - added LLDP power management support for devices with single PoE-out port;
*) poe-out - fixed powering devices if input voltage is lower than 12V for hEX PoE (introduced in v7.9);
*) poe-out - improved firmware upgrade stability for AF/AT controlled boards;
*) poe-out - moved "PoE LLDP" property from "/interface/ethernet/poe" to "/ip/neighbor/discovery-settings" and enable it by default;
*) ppp - added "enable-ipv6-accounting" option under PPP AAA menu (CLI only);
*) ppp - added log when disconnecting a client due to "WISPr-Session-Terminate-Time" RADIUS attribute;
*) ppp - allow underscores in domain names;
*) ppp - fixed "Framed-IPv6-Pool" usage when received from RADIUS;
*) ppp - fixed "on-down" script running even when tunnel was not up;
*) ppp - fixed reporting of frame error rate (introduced in v7.15beta8);
*) profiler - added "neighbor-discovery" task;
*) ptp - added PTP support for CCR2116 device;
*) qos-hw - added "profile" and "map" support for CPU port;
*) qos-hw - added congestion avoidance support for 98DX8xxx, 98DX4xxx, 98DX325x switch chips (CLI only);
*) qos-hw - added ECN marking support for compatible switches;
*) qos-hw - added per-queue traffic shapers (CLI only);
*) qos-hw - added support for QoS profile assignment via ACL rules;
*) qos-hw - added WRED support for compatible switches;
*) qos-hw - fixed port "print stats/usage" when using "from" property; 
*) qos-hw - replaced buffer with bytes in QoS monitor;
*) queue - improved system stability (introduced in v7.6);
*) quickset - only show LTE mode for devices without other wireless interfaces;
*) radius - added "require-message-auth" option that requires "Message-Authenticator" in received Access-Accept/Challenge/Reject messages;
*) radius - include "Message-Authenticator" in any RADIUS communication messages besides accounting for all services;
*) route - do not allow routes with empty "dst-address";
*) route - do not redistribute loopback address as connected route;
*) route - fixed bgp-vpn prefix import with the same route distinguisher (RD);
*) route - improved system stability;
*) route - rework of route attributes;
*) route - show route-distinguisher (RD) in route print;
*) route-filter - allow setting different AFI gateways;
*) route-filter - fixed ext community list matcher;
*) sfp - added "100M-baseFX" link mode support for compatible devices;
*) sfp - added "sfp-ignore-rx-los" setting;
*) sfp - fixed "sfp-tx-fault" state indication for CRS510;
*) sfp - fixed link establishment with 100Mbps optical modules (requires "/interface ethernet reset" or adding "100M-baseFX" modes for advertise or speed properties);
*) sfp - fixed missing Tx traffic at 10Gbps rate on CCR2004-16G-2S+ in rare cases;
*) sfp - ignore SFP RX LOS signal for modules with bad EEPROM;
*) sfp - improved "sfp-tx-power" value monitoring in certain cases;
*) sfp - improved auto-negotiation linking for some MikroTik cables and modules;
*) sfp - improved system stability for CR2004-1G-2XS-PCIe (introduced in v7.14);
*) sfp - improved system stability with some GPON modules for CCR2004 and CCR2116 devices;
*) smb - added logs for share connection requests;
*) smb - do not allow setting empty "comment" or "domain" properties;
*) sms - added option to select SMS storage;
*) sms - added SMS PDU to SMS inbox "print detail";
*) sms - added workaround for modems which do not notify regarding new SMS arrival (missing URC);
*) sms - improved SMS handling;
*) sms - removed SMS for SMIPS;
*) sms - use "gsm" logging topic for serial modem SMS logs;
*) snmp - added missing PoE-out status codes to MIKROTIK-MIB;
*) snmp - added new "mtxrOpticalVendorSerial" OID to MIKROTIK-MIB;
*) socks - attempt to parse domain name as IP before resolving;
*) ssh - added support for user Ed25519 private keys;
*) ssh - export host Ed25519 public key;
*) ssh - fixed permissions to run ".auto.rsc" scripts;
*) ssh - require "policy" user policy when adding public key;
*) sstp - added SNI support;
*) sstp - disconnect clients when server is disabled;
*) switch - added support for multiple ingress and egress port mirroring on 98DXxxxx switches;
*) switch - added support for RSPAN mirroring on 98DXxxxx switches;
*) switch - fixed L3HW and QoS monitor during switch reset;
*) system - added resource values (Product name, File name and File version) for Windows executable files;
*) system - fixed upgrade for CCR2004-1G-12S+2XS (introduced in v7.15beta6);
*) system - general work on optimizing the size of RouterOS packages;
*) system - show "cpu-frequency" for Alpine CPUs;
*) system - updated office address in RouterOS license;
*) system - updated online manual links from "wiki" to the help documentation;
*) timezone - updated timezone information from "tzdata2024a" release;
*) traffic-flow - detect IPv4 source address if not set;
*) traffic-flow - improved system stability;
*) userman - added "require-message-auth" option that requires "Message-Authenticator" in received Access-Request messages;
*) userman - include "Message-Authenticator" in any RADIUS communication messages besides accounting for all services;
*) vlan - added MVRP (applicant) configuration option;
*) vlan - ensure that VLAN MTU remains unchanged when adjustments are made to the parent interface MTU, only modifications to the L2MTU might impact VLAN MTU;
*) vlan - fixed MTU reset on bridge after reboot;
*) vlan - limit "vlan-id" range from 1-4095 to 1-4094;
*) vrf - fixed VRF interfaces being moved to main table after reboot (introduced in v7.14);
*) webfig - allow pasting with ctrl+v into terminal;
*) webfig - fixed column preferences for ordered tables;
*) webfig - show inherited properties for wifi interfaces;
*) wifi - added "reselect-interval" support;
*) wifi - changed interface default to "disabled=yes";
*) wifi - do not report disabled state for CAPsMAN managed interface;
*) wifi - fixed configuration export for "disabled" property;
*) wifi - improve channel selection after radar detection events;
*) wifi - improve regulatory compliance for L11, L22 devices;
*) wifi - improved stability of DFS check in the 5GHz-A band;
*) wifi - improved system stability when provisioning CAPs in certain cases;
*) wifi - rename "available-channels" parameter to "channel-priorities" and include desirability rating for each channel;
*) wifi - report current CAPsMAN address and identity on CAP;
*) wifi - show inherited properties with "print" command (replaces "actual-configuration") and added "print config" for showing only configured values;
*) wifi-qcom - added configuration.distance setting to enable operation over multi-kilometer distances;
*) wifi-qcom - updated driver;
*) wifi-qcom-ac - fix interfaces getting stuck in "stopping" state after radar detection (introduced in v7.15beta9);
*) winbox - added "Download" and "Flush" buttons under "System/Certificates/CRL" menu;
*) winbox - added "Flat Snoop" button under "WiFi" menu;
*) winbox - added "FT Preserve VLAN ID" setting under "WiFi/Configuration/FT" menu;
*) winbox - added "Request logout" button under "System/Users/Active Users" menu;
*) winbox - added "Trusted" checkbox under "System/Certificates/Import" menu;
*) winbox - added drop down menu for "User" property when importing SSH key under "System/User/SSH Keys" and "System/User/SSH Private Keys" menus;
*) winbox - added invalid flag under "IP/DHCP Relay" menu;
*) winbox - added key type and key length column for user SSH keys;
*) winbox - added missing SFP monitoring properties under "Interface/SFP" menu;
*) winbox - added passphrase option for SSH host key export;
*) winbox - added passphrase option for SSH host key import;
*) winbox - allow specifying size and rtmpfs size with M, G units under "System/Disks" menu;
*) winbox - allow to specify "M" or "G" postfix for download, upload or total limits under "User Manager/Limitations" menu;
*) winbox - do not show "Host Key Size" when using ed25519 key under "IP/SSH" menu;
*) winbox - fixed the issue where the skin file fails to appear in the user group menu after creation;
*) winbox - renamed "Channel" column to "Current Channel" under "Wifi" menu;
*) winbox - show "Valid Servers" and "Unknown Servers" column by default under "IP/DHCP Server/Alerts" menu;
*) winbox - show inherited properties for wifi interfaces;
*) winbox - show SIM settings for SXTR device under "Interfaces/LTE/Modem" menu;
*) winbox - updated icons for certain menus;
*) winbox - use correct values for "Jump Target" property under "IPv6/Firewall/Filter Rules" menu;
*) wireguard - added option to mark peer as responder only;
*) wireguard - added peer "name" field and display it in logs;
*) wireguard - do not attempt to connect to peer without specified endpoint-address;
*) wireguard - fixed "auto" argument usage for "private-key" and "preshared-key" settings;
*) wireguard - fixed performance issues showing QR code;
*) wireless - perform shorter channel availability check for 5600-5650MHz if regulatory domain permits it;
*) x86 - fixed ixgbe Tx hang by disabling TSO;
*) x86 - fixed VLAN tagged packet transmit for ice driver;
*) x86 - ice driver update to v1.13.7;
*) x86 - improved stability for RTL8125 driver;
*) x86 - ixgbe driver update to 5.19.9;
*) x86/chr - improved panic saving (increased minimal RAM requirements to 256MB);

What's new in 7.15beta9 (2024-Mar-27 21:55):

*) bgp - added initial vpnv6 support;
*) bridge - added MVRP support;
*) console - added "sanitize-names" property under "/console/settings" menu (option for replacing reserved characters with underscores for files, disabled by default);
*) console - added multi-line print in "/file" menu; 
*) console - remove unnecessary serial ports for Alpine CPUs;
*) defconf - fixed 5ghz-ax channel width for L11, L22 devices;
*) dhcpv4-relay - added VRF support (CLI only);
*) eap - improved eap-peap, eap-mschap2 client authentication (dot1x/wireless/ipsec);
*) health - fixed missing "cpu-temperature" on IPQ-60xx devices (introduced in v7.15beta8);
*) ipv6 - properly initialize default ND "interface=all" entry;
*) media - added support for DLNA;
*) ppp - added "enable-ipv6-accounting" option under PPP AAA menu (CLI only);
*) ppp - fixed "Framed-IPv6-Pool" usage when received from RADIUS;
*) ppp - fixed reporting of frame error rate (introduced in v7.15beta8);
*) qos-hw - added "profile" and "map" support for CPU port;
*) qos-hw - added per-queue traffic shapers (CLI only);
*) sfp - added "100M-baseFX" link mode support for compatible devices;
*) sms - removed SMS for SMIPS;
*) system - general work on optimizing the size of RouterOS packages;
*) system - show "cpu-frequency" for Alpine CPUs;
*) vlan - added MVRP (applicant) configuration option;
*) wifi - added "reselect-interval" support;
*) wifi - rename "available-channels" parameter to "channel-priorities" and include desirability rating for each channel;
*) wifi - report current CAPsMAN address and identity on CAP;
*) wifi-qcom - added configuration.distance setting to enable operation over multi-kilometer distances (CLI only);
*) wifi-qcom - updated driver;
*) winbox - added key type and key length column for user SSH keys;
*) winbox - added passphrase option for SSH host key export;
*) winbox - added passphrase option for SSH host key import;
*) winbox - allow specifying size and rtmpfs size with M, G units under "System/Disks" menu;
*) winbox - do not show "Host Key Size" when using ed25519 key under "IP/SSH" menu;
*) winbox - renamed "Channel" column to "Current Channel" under "Wifi" menu;
*) winbox - show inherited properties for wifi interfaces;
*) winbox - updated icons for certain menus;
*) wireguard - added option to mark peer as responder only;
*) wireguard - fixed performance issues showing QR code;

What's new in 7.14.2 (2024-Mar-27 09:48):

*) defconf - do not override default DHCP server lease time;
*) defconf - fixed 5ghz-ax channel width for L11, L22 devices;
*) ethernet - fixed interface disable for CRS326-4C+20G+2Q;
*) ethernet - improved port speed downshift functionality for CRS326-4C+20G+2Q;
*) leds - fixed LEDs for L22 device;
*) lte - fixed firmware upgrade not found issue for Chateau LTE12 (introduced in v7.14.1);
*) ssh - require "policy" user policy when adding public key;
*) timezone - updated timezone information from "tzdata2024a" release;
*) traffic-flow - improved system stability;
*) vrf - fixed VRF interfaces being moved to main table after reboot (introduced in v7.14);
*) wifi-qcom - added configuration.distance setting to enable operation over multi-kilometer distances (CLI only);

What's new in 7.15beta8 (2024-Mar-21 09:12):

*) bridge - added MVRP support;
*) bridge - improved protocol-mode STP, RSTP and MSTP stability; 
*) bridge - reworked dynamic VLAN creation;
*) certificate - added support for different ACME servers for ssl-certificate (CLI only);
*) console - fixed DHCP server "authoritative=no" configuration export;
*) console - improved stability;
*) container - do not allow negative number for "ram-high" setting;
*) defconf - do not override default DHCP server lease time;
*) disk - improved system stability when adding partition with no parent;
*) eap - improved eap-peap, eap-mschap2 client authentication (dot1x/wireless/ipsec);
*) ethernet - fixed interface disable for CRS326-4C+20G+2Q;
*) ethernet - improved port speed downshift functionality for CRS326-4C+20G+2Q;
*) fetch - changed topic "info" to "error" for permission denied logs;
*) fetch - fixed slow throughput due to "raw" logging which occurred even when not listening to the topic (introduced in v7.13);
*) file - fixed moving files to/from external storage (introduced in v7.15beta4);
*) health - added "cpu-temperature" for IPQ50xx devices; 
*) health - fixed fan behavior for CRS310-1G-5S-4S+ (introduced in v7.14);
*) health - fixed rogue voltage on CRS510-8XS-2XQ-IN;
*) leds - fixed LEDs for L22 device;
*) lte - fixed firmware upgrade not found issue for Chateau LTE12 (introduced in v7.15beta4);
*) media - added support for DLNA;
*) metarouter - removed support;
*) netinstall - improved stability;
*) ovpn - fixed import ovpn config when remote port is missing;
*) package - reduced "wireless" package size for ARM, ARM64 devices;
*) package - reduced package size for SMIPS;
*) ppp - added "enable-ipv6-accounting" option under PPP AAA menu (CLI only);
*) ppp - added addition support to monitor modem registration state, RSRP, RSRQ, SINR, PCI, CellID for BG77 modem;
*) qos-hw - fixed port "print stats/usage" when using "from" property; 
*) quicksest - only show LTE mode for devices without other wireless interfaces;
*) route - rework of route attributes;
*) route-filter - allow setting different AFI gateways;
*) sfp - fixed "sfp-tx-fault" state indication for CRS510;
*) sfp - improved auto-negotiation linking for some MikroTik cables and modules;
*) sfp - improved system stability with some GPON modules for CCR2004 and CCR2116 devices;
*) socks - attempt to parse domain name as IP before resolving;
*) ssh - require "policy" user policy when adding public key;
*) system - fixed upgrade for CCR2004-1G-12S+2XS (introduced in v7.15beta6);
*) system - updated office address in RouterOS license;
*) system - updated online manual links from "wiki" to the help documentation;
*) timezone - updated timezone information from "tzdata2024a" release;
*) traffic-flow - improved system stability;
*) webfig - allow pasting with ctrl+v into terminal;
*) webfig - fixed column preferences for ordered tables;
*) wifi - changed interface default to "disabled=yes";
*) wifi - improve regulatory compliance for L11, L22 devices;
*) wifi - improved stability of DFS check in the 5GHz-A band;
*) wifi - improved system stability when provisioning CAPs in certain cases;
*) wifi - show inherited properties with "print" command (replaces "actual-configuration") and added "print config" for showing only configured values;
*) winbox - fixed the issue where the skin file fails to appear in the user group menu after creation;
*) winbox - updated icons for WireGuard and ZeroTier menus;
*) wireguard - added option to mark peer as responder only (CLI only);
*) wireless - perform shorter channel availability check for 5600-5650MHz if regulatory domain permits it;
*) x86 - improved stability for RTL8125 driver;
*) x86/chr - improved panic saving (increased minimal RAM requirements to 256MB);

What's new in v2.16:

*) added support for CRS310-1G-5S-4S+IN/OUT; CRS310-8G+2S+IN
*) added notification when Primary backup firmware is in use
   and encourage moving to Secondary regular firmware;
*) added confirmation dialog before resetting configuration;
*) added support for board-specific backup filename generation;
*) added SNMP serial number and version OIDs;
*) added option to disable IGMP querier;
*) added option to specify IGMP version;
*) added support for host table sorting;
*) added Clear All/Set Default buttons in the Port Isolation menu;
*) added options to set forced 2.5G or forced 10G for SFP+ ports;
*) added support for SFP rate select;
*) added support for pages in the host table;
*) css106: fixed Ethernet disable;
*) css106: fixed BPDU receive on only-tagged VLAN ports;
*) css106: fixed "Lock On First" setting;
*) css106: fixed RSTP port blocking;
*) css106: improved system stability;
*) crs312: fixed linking after changing auto-negotiation setting for combo ports;
*) crs354: added missing health readouts;
*) crs3xx: improved packet buffer resource allocation;
*) fixed duplicate IGMP query packets when IGMP snooping is enabled;
*) fixed multicast forwarding after disabling IGMP snooping;
*) fixed non-DHCP packet forwarding when Option82 is enabled;
*) fixed neighbor discovery from WinBox;
*) fixed port numbering in BPDU packets;
*) fixed packet forwarding after disabling RSTP on blocked port;
*) fixed IGMP group removal on link down;
*) fixed DHCP packet bypass on LAG by "Add Information Option";
*) fixed fragmented packet drops by "Add Information Option";
*) fixed DHCP request duplication when using DHCP Snooping;
*) fixed DHCP packet forwarding to untrusted ports;
*) fixed forbidden deletion of Default VLAN ID;
*) fixed SNMP ifSpeed OID reporting in certain cases;
*) fixed incorrectly restored backup configuration in some cases;
*) fixed S-RJ01 false detection as multi-mode fiber;
*) fixed SFP+ interface linking after enabling autonegotiation;
*) fixed QSFP+ interface linking after re-enabling it;
*) improved SwOS web interface stability and responsiveness;
*) increased up to 64 byte SNMP Community/Contact/Info/Location;

RouterOS v6 - RAM = 128 + [ 8 × (CPU_COUNT) × (INTERFACE_COUNT - 1) ]
RouterOS v7 - RAM = 256 + [ 8 × (CPU_COUNT) × (INTERFACE_COUNT - 1) ]

[mertcan@MikroTik] > /system license print 
  system-id: 6dHTJaL/utuJ
      level: free

[mertcan@MikroTik] > /system license renew 
account: mertcan
password: ********
level: p10
  status: done