Releases: elseif/MikroTikPatch
RouterOS 7.22.3 -arm64
Build Time:1778298343
What's new in 7.22.3 (2026-May-07 12:19):
*) console - fixed unresponsiveness when entering safe-mode through the Windows 11 terminal;
*) ethernet - fixed stability issue after switch reset on devices with IPQ-40xx, IPQ-60xx CPUs (introduced in v7.22);
*) vrrp - fixed stability issue when using VRRP with a hardware-offloaded bridge for Marvell Prestera switch chip;
RouterOS 7.22.3
Build Time:1778298343
What's new in 7.22.3 (2026-May-07 12:19):
*) console - fixed unresponsiveness when entering safe-mode through the Windows 11 terminal;
*) ethernet - fixed stability issue after switch reset on devices with IPQ-40xx, IPQ-60xx CPUs (introduced in v7.22);
*) vrrp - fixed stability issue when using VRRP with a hardware-offloaded bridge for Marvell Prestera switch chip;
RouterOS 7.22.2 -arm64
Build Time:1777001896
What's new in 7.22.2 (2026-Apr-22 11:03):
*) app - fixed uptime-kuma and jupyter-notebook;
*) bgp - fixed stability issue when non-existent output select-chain was specified;
*) bridge - fixed missing dynamic "switch-cpu" VLAN entry in WiFi setup;
*) bridge - synchronize only local bridge MAC addresses for MLAG (introduced in v7.22);
*) console - rename "cpu-used-per-cpu" to "cpe-used-per-core" in "/system/resource/monitor";
*) container - fixed losing container after reboot;
*) ethernet - fixed false excessive broadcast warning (introduced in v7.20);
*) firewall - improved system stability;
*) ipsec - fixed expired SA handling to prevent “no such item” errors during listing;
*) ipv6,ra - use received prefix when RA on-link flag is 0 (introduced in v7.22);
*) isis - improved stability with fragmented CSNP;
*) leds - fixed default LED configuration for CCR2004-1G-12S+2XS;
*) leds - fixed LED dark mode for RB5009;
*) lte - fixed missing automatic redial when cellular connectivity is lost for R11e-LTE;
*) ospf - improved stability on configuration change;
*) ovpn - fixed OVPN push routes;
*) poe-out - firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces);
*) poe-out - fixed occasional detection issue when using auto-on mode;
*) ptp - allow manual domain configuration for 802.1AS profile;
*) ptp - set DSCP (EF) for the default profile when using IPv4;
*) route - improved service stability when removing routes;
*) routerboard - fixed applying settings via WinBox on devices with fixed CPU frequency;
*) system - added FCC Part 15 Compliance label to "System/Regulatory" menu;
*) system - improved stability for internal RouterOS service communication;
*) system - improved system stability;
*) system - included full certificate chain to Windows executables;
*) usb - fixed crash when using Ethernet adapter (introduced in v7.22);
*) vrrp - fixed packet drop in CHR (introduced in v7.22);
*) wifi - improved authentication stability for WiFi 7 access points;
*) wifi-mediatek - fixed communication issues on 802.11ax access points with Intel clients;
*) wifi-mediatek - fixed HE capabilities IE on 2GHz band;
*) wifi-qcom-be - fixed forwarding of 4-address data from station to station;
*) winbox - added option to configure built-in trust store for all services;
*) www - improved service stability when cancelling REST API sessions;
RouterOS 7.22.2
Build Time:1777001896
What's new in 7.22.2 (2026-Apr-22 11:03):
*) app - fixed uptime-kuma and jupyter-notebook;
*) bgp - fixed stability issue when non-existent output select-chain was specified;
*) bridge - fixed missing dynamic "switch-cpu" VLAN entry in WiFi setup;
*) bridge - synchronize only local bridge MAC addresses for MLAG (introduced in v7.22);
*) console - rename "cpu-used-per-cpu" to "cpe-used-per-core" in "/system/resource/monitor";
*) container - fixed losing container after reboot;
*) ethernet - fixed false excessive broadcast warning (introduced in v7.20);
*) firewall - improved system stability;
*) ipsec - fixed expired SA handling to prevent “no such item” errors during listing;
*) ipv6,ra - use received prefix when RA on-link flag is 0 (introduced in v7.22);
*) isis - improved stability with fragmented CSNP;
*) leds - fixed default LED configuration for CCR2004-1G-12S+2XS;
*) leds - fixed LED dark mode for RB5009;
*) lte - fixed missing automatic redial when cellular connectivity is lost for R11e-LTE;
*) ospf - improved stability on configuration change;
*) ovpn - fixed OVPN push routes;
*) poe-out - firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces);
*) poe-out - fixed occasional detection issue when using auto-on mode;
*) ptp - allow manual domain configuration for 802.1AS profile;
*) ptp - set DSCP (EF) for the default profile when using IPv4;
*) route - improved service stability when removing routes;
*) routerboard - fixed applying settings via WinBox on devices with fixed CPU frequency;
*) system - added FCC Part 15 Compliance label to "System/Regulatory" menu;
*) system - improved stability for internal RouterOS service communication;
*) system - improved system stability;
*) system - included full certificate chain to Windows executables;
*) usb - fixed crash when using Ethernet adapter (introduced in v7.22);
*) vrrp - fixed packet drop in CHR (introduced in v7.22);
*) wifi - improved authentication stability for WiFi 7 access points;
*) wifi-mediatek - fixed communication issues on 802.11ax access points with Intel clients;
*) wifi-mediatek - fixed HE capabilities IE on 2GHz band;
*) wifi-qcom-be - fixed forwarding of 4-address data from station to station;
*) winbox - added option to configure built-in trust store for all services;
*) www - improved service stability when cancelling REST API sessions;
RouterOS 7.21.4 -arm64
Build Time:1776828771
What's new in 7.21.4 (2026-Apr-21 09:49):
*) bgp - fixed stability issue when non-existent output select-chain was specified;
*) bgp-vpn - allow modifying scopes with routing filters;
*) bgp-vpn - fixed non-working import filter after reboot;
*) bgp-vpn - use target scope for imported route;
*) bridge - fixed missing dynamic "switch-cpu" VLAN entry in WiFi setup;
*) bridge - fixed performance regression in complex setups with vlan-filtering (introduced in v7.20);
*) console - removed the "reset" command from shared settings menus (IP/IPv6/Bridge/L3HW/Neighbor-Discovery/Connection-Tracking);
*) container - fixed issue where the container might not start after upgrading if root-dir was not set;
*) container - improved error message if a container fails to start;
*) defconf - fixed L009 configuration (introduced in v7.21);
*) ethernet - fixed false excessive broadcast warning (introduced in v7.20);
*) firewall - improved system stability;
*) ipsec - improved aes256-ctr stability on L009;
*) ipsec - removed modp8192 proposal on MIPS architectures;
*) ipv6,ra - use received prefix when RA on-link flag is 0;
*) isis - improved stability with fragmented CSNP;
*) l2tp - improved system stability on TILE architecture;
*) l3hw - fixed missing VLAN counters after reboot (introduced in v7.21);
*) l3hw - fixed stability issue (introduced in v7.21);
*) leds - fixed default LED configuration for CCR2004-1G-12S+2XS;
*) log - do not provide non-existent logging topics for configuration;
*) lte - fixed framed route support for the first APN;
*) lte - fixed missing automatic redial when cellular connectivity is lost for R11e-LTE;
*) lte - fixed user set MTU not applied to LTE interface;
*) lte - override the "auto" or 0 MTU in "interface" menu to 1500;
*) ospf - fixed typos in log messages;
*) ospf - improved stability on configuration change;
*) ovpn - fixed OVPN push routes;
*) poe-out - firmware update for CRS354-48P-4S+2Q+ (the update will cause a brief power interruption to poe-out interfaces);
*) poe-out - fixed rare PoE-Out firmware upgrade failure on CRS354-48P-4S+2Q+;
*) ptp - allow manual domain configuration for 802.1AS profile;
*) ptp - set DSCP (EF) for the default profile when using IPv4;
*) qos-hw - display queue0 limits for CPU port;
*) qos-hw - fixed "offline" tx-manager ability to queue at least one packet (introduced in v7.21);
*) qos-hw - prohibit setting CPU port with "offline" tx-manager;
*) route - added SLAAC route redistribution for IPv6 capable routing protocols;
*) route - do not set blackhole flag for synthetic routes;
*) route - improved service stability when removing routes;
*) routerboard - fixed applying settings via WinBox on devices with fixed CPU frequency;
*) routing-filter - added possibility to match SLAAC and bgp-mpls-vpn route types;
*) ssh - make login process asynchronous;
*) switch - fixed stability issue when changing bridge multicast-router property on CRS1xx/2xx (introduced in v7.19);
*) system - added FCC Part 15 Compliance label to "System/Regulatory" menu;
*) system - improved stability for internal RouterOS service communication;
*) system - improved system stability;
*) system - improved upgrade service stability when the server is unreachable;
*) system - included full certificate chain to Windows executables;
*) user - properly apply login delay (introduced in v7.20);
*) wifi-mediatek - fixed communication issues on 802.11ax access points with Intel clients;
*) wifi-mediatek - fixed HE capabilities IE on 2GHz band;
*) winbox - fixed "Remote AS" setting under the "Routing/BGP/Connections" menu;
*) winbox - fixed "Src/Dst Address Type" under the "IP/Firewall/NAT" menu;
*) winbox - fixed L3HW default value for VLAN interface (introduced in v7.21);
*) winbox - properly display multiple bands for multi-link interface clients under registration table;
*) winbox - rearrange filter wizard parameters in tabs;
*) www - improved service stability when cancelling REST API sessions;
RouterOS 7.21.4
Build Time:1776828771
What's new in 7.21.4 (2026-Apr-21 09:49):
*) bgp - fixed stability issue when non-existent output select-chain was specified;
*) bgp-vpn - allow modifying scopes with routing filters;
*) bgp-vpn - fixed non-working import filter after reboot;
*) bgp-vpn - use target scope for imported route;
*) bridge - fixed missing dynamic "switch-cpu" VLAN entry in WiFi setup;
*) bridge - fixed performance regression in complex setups with vlan-filtering (introduced in v7.20);
*) console - removed the "reset" command from shared settings menus (IP/IPv6/Bridge/L3HW/Neighbor-Discovery/Connection-Tracking);
*) container - fixed issue where the container might not start after upgrading if root-dir was not set;
*) container - improved error message if a container fails to start;
*) defconf - fixed L009 configuration (introduced in v7.21);
*) ethernet - fixed false excessive broadcast warning (introduced in v7.20);
*) firewall - improved system stability;
*) ipsec - improved aes256-ctr stability on L009;
*) ipsec - removed modp8192 proposal on MIPS architectures;
*) ipv6,ra - use received prefix when RA on-link flag is 0;
*) isis - improved stability with fragmented CSNP;
*) l2tp - improved system stability on TILE architecture;
*) l3hw - fixed missing VLAN counters after reboot (introduced in v7.21);
*) l3hw - fixed stability issue (introduced in v7.21);
*) leds - fixed default LED configuration for CCR2004-1G-12S+2XS;
*) log - do not provide non-existent logging topics for configuration;
*) lte - fixed framed route support for the first APN;
*) lte - fixed missing automatic redial when cellular connectivity is lost for R11e-LTE;
*) lte - fixed user set MTU not applied to LTE interface;
*) lte - override the "auto" or 0 MTU in "interface" menu to 1500;
*) ospf - fixed typos in log messages;
*) ospf - improved stability on configuration change;
*) ovpn - fixed OVPN push routes;
*) poe-out - firmware update for CRS354-48P-4S+2Q+ (the update will cause a brief power interruption to poe-out interfaces);
*) poe-out - fixed rare PoE-Out firmware upgrade failure on CRS354-48P-4S+2Q+;
*) ptp - allow manual domain configuration for 802.1AS profile;
*) ptp - set DSCP (EF) for the default profile when using IPv4;
*) qos-hw - display queue0 limits for CPU port;
*) qos-hw - fixed "offline" tx-manager ability to queue at least one packet (introduced in v7.21);
*) qos-hw - prohibit setting CPU port with "offline" tx-manager;
*) route - added SLAAC route redistribution for IPv6 capable routing protocols;
*) route - do not set blackhole flag for synthetic routes;
*) route - improved service stability when removing routes;
*) routerboard - fixed applying settings via WinBox on devices with fixed CPU frequency;
*) routing-filter - added possibility to match SLAAC and bgp-mpls-vpn route types;
*) ssh - make login process asynchronous;
*) switch - fixed stability issue when changing bridge multicast-router property on CRS1xx/2xx (introduced in v7.19);
*) system - added FCC Part 15 Compliance label to "System/Regulatory" menu;
*) system - improved stability for internal RouterOS service communication;
*) system - improved system stability;
*) system - improved upgrade service stability when the server is unreachable;
*) system - included full certificate chain to Windows executables;
*) user - properly apply login delay (introduced in v7.20);
*) wifi-mediatek - fixed communication issues on 802.11ax access points with Intel clients;
*) wifi-mediatek - fixed HE capabilities IE on 2GHz band;
*) winbox - fixed "Remote AS" setting under the "Routing/BGP/Connections" menu;
*) winbox - fixed "Src/Dst Address Type" under the "IP/Firewall/NAT" menu;
*) winbox - fixed L3HW default value for VLAN interface (introduced in v7.21);
*) winbox - properly display multiple bands for multi-link interface clients under registration table;
*) winbox - rearrange filter wizard parameters in tabs;
*) www - improved service stability when cancelling REST API sessions;
RouterOS 7.23rc3 -arm64
Build Time:1778211832
What's new in 7.23rc3 (2026-May-06 19:26):
*) console - fixed unresponsiveness when entering safe-mode through the Windows 11 terminal;
*) discovery - added separate read-only menu "/ip/neighbor/lldp" for neighbors discovered by the LLDP (CLI only) (additional fixes);
*) ethernet - fixed stability issue after switch reset on devices with IPQ-40xx, IPQ-60xx CPUs (introduced in v7.22);
*) ip - added IPv6 and VRF support for reverse-proxy;
*) netwatch - fixed memory leak when using HTTP/HTTPS GET probe with invalid src-address;
*) sniffer - fixed missing VLAN tag in the TZSP packets (additional fixes);
*) system - improved switching to HTTP/1 if HTTP/2 is not supported by remote host;
*) upgrade - added the option to configure HTTP/HTTPS modes when connecting to MikroTik upgrade servers (additional fixes);
*) vrrp - fixed stability issue when using VRRP with a hardware-offloaded bridge for Marvell Prestera switch chip;
*) wifi - improved interface provisioning for WiFi 7 access points;
Other changes since v7.22:
!) upgrade - use HTTPS by default when connecting to MikroTik upgrade servers;
*) app - added birdnet-go, cryptpad, diagrams-net, metube, nextcloud-whiteboard, paperless-ngx, wbo, zulip apps;
*) app - added docker-with-dockge, docker-with-komodo, docker-with-portainer, HA-otbr-matter, odoo, otbr, stalwart apps;
*) app - added lorawan-stack, mikrodash, trip apps;
*) app - added possibility to set app command-line parameter from CLI;
*) app - added restart command;
*) app - allow apps on xfs file system;
*) app - allow filtering by installed apps;
*) app - allow overriding default stop signal;
*) app - allow parsing DNS in YAML;
*) app - allow passing stop signal from YAML and passing it to container as default;
*) app - allow picking app category from drop-down;
*) app - allow updating name parameter from YAML for custom apps;
*) app - allow updating YAML for existing custom app, forces cleanup;
*) app - apps now check for port availability, apps will not start on "internal" if app masks existing service;
*) app - automatically pass any required devices to container, such as otbr;
*) app - automatically restart app when required hardware device is changed;
*) app - bundled ollama with openwebui;
*) app - check if certificate already exists before creating a new one;
*) app - disabled PiHole syncing NTP to host;
*) app - fixed birdnet-go, cryptpad, lorawan-stack, mikrodash (introduced in v7.23beta5);
*) app - fixed issue where XFS disks did not appear in the app disk drop-down;
*) app - fixed potential crash when running cleanup on a lot of apps;
*) app - fixed saving custom apps;
*) app - fixed showing ui-url for apps;
*) app - fixed some apps not containing the full repository URL;
*) app - fixed store issue when adding a custom app;
*) app - fixed uptime-kuma and jupyter-notebook;
*) app - fixed YAML not exported for custom apps;
*) app - improved app networks and port behavior;
*) app - improved automatic hardware device passing to container;
*) app - improved YAML error message;
*) app - make sure all layer .tar.gz files are deleted after extraction finishes;
*) app - on file based devices, swap is enabled on the file itself instead of creating another one and enabling it on that;
*) app - stability fixes for the "/app" menu;
*) app - swap file is now created based on the mount-point it is attached to;
*) app - updated uptime-kuma image;
*) arm64,x86 - updated Broadcom bnxt Ethernet driver for 200G support;
*) bfd - fixed source address selection for IPv6 multihop sessions;
*) bgp - fixed stability issue when nonexistent output select-chain was specified;
*) bridge - added ability to set custom Option 82 with dhcp-agent-circuit-id, dhcp-agent-remote-id settings (replaces add-dhcp-option82 setting; configuration is automatically updated after upgrade);
*) bridge - added DHCPv6 snooping feature with ability to set custom Option 18 and Option 37;
*) bridge - fixed missing dynamic "switch-cpu" VLAN entry in WiFi setup;
*) bridge - improved MAC synchronization for MLAG;
*) bridge - recognize more DHCP message types when dhcp-snooping is enabled;
*) bridge - synchronize only local bridge MAC addresses for MLAG (introduced in v7.22);
*) bth - fixed WireGuard client config IP address netmask;
*) certificate - added "ISRG Root X1" and "DigiCert Global Root G2" to SMIPS built-in root certificate authorities store;
*) certificate - added option to configure built-in trust store for all services (additional fixes);
*) certificate - allow deleting ACME certificate that failed to generate;
*) certificate - improved ACME logging;
*) certificate - improved ACME status reporting;
*) certificate - set Let's Encrypt as default ACME directory;
*) chr - improved guest tool config for arm64 CHR;
*) cloud - show error if cloud services are not supported on the device;
*) console - added comment in "/ip/dhcp-server/option/sets" and "/ipv6/dhcp-server/option/sets" menus;
*) console - added path parameter to export;
*) console - added syntax highlight for script properties in some menus (e.g. dhcp-client, dhcp-server, ppp/profile, interface/vrrp);
*) console - export mentions custom defconf script presence in header;
*) console - fixed "/log/print follow on-event" to work with "where" (introduced in v7.22);
*) console - fixed output when oversized completion present;
*) console - removed redundant keepalive for the serial-terminal, ensure that the device no longer periodically outputs /0 while using "/system/serial-terminal";
*) console - rename "cpu-used-per-cpu" to "cpe-used-per-core" in "/system/resource/monitor";
*) console - show "/system/resource/hardware/usb-power-reset" only on x86;
*) console - show warning in print header when terminal is too narrow to show any columns;
*) console - treat non-existent command parameters as runtime errors;
*) container - added restart-policy=no/always/on-failure, stop-on-unhealthy, restart-count, restart-interval, restart-max-count properties;
*) container - added support for noexec option to mounts;
*) container - added support for USB audio devices for containers;
*) container - allow disabling individual container environment variables without deleting them;
*) container - allow picking mount source directories with the file picker in WinBox;
*) container - allow setting memory-max global and per container;
*) container - allow user-defined mounts overriding /sys and /dev;
*) container - check if root-dir does not exist before adding a container;
*) container - clean up layers of non-existing containers;
*) container - detect and show containers killed by out-of-memory killer;
*) container - do not allow starting container/shell with non-existing user or group;
*) container - draw graphs in container stats;
*) container - fixed container entrypoint and shell override by user;
*) container - fixed container layer size calculation;
*) container - fixed container shell not working with multi-arg commands;
*) container - fixed losing container after reboot;
*) container - fixed repull if root-dir of container was in tmpfs;
*) container - fixed running "/container shell" with the correct user, if container user is set or overridden;
*) container - improved errors at container start;
*) container - improved running container instance memory usage;
*) container - layers are now accessible under "Layers" tab;
*) container - pass any container startup error message back to "run" and make it exit immediately;
*) container - remove container backup directory if import fails;
*) container - removed "Layers" button;
*) container - show container size and container data size;
*) container - show default DNS servers;
*) container - show layer size calculation status;
*) crypto - fixed fallback flag loss in qcrypto;
*) crypto - improved safexcel driver with upstream changes and patches;
*) dhcpv4-server - added "add-dns" and "add-dns-suffix" properties for creating local DNS entries;
*) dhcpv4-server - changed lease agent-circuit-id and agent-remote-id format to HEX;
*) dhcpv4-server - do not raise an alert when receiving a packet originating from the same device;
*) dhcpv4-server - do not suggest bogus pools when using setup command (e.g. when address is /31 or /32);
*) dhcpv4-server - fixed an issue where renew packets without giaddr were sometimes not processed;
*) discovery - added "add-dns-entries" and "add-dns-entries-suffix" properties for creating local DNS entries (additional fixes);
*) discovery - added option to disable/enable LLDP MED (additional fixes);
*) discovery - dynamically update advertised "interface-name";
*) discovery - fixed LLDP MAC/PHY TLV;
*) disk - added "/disk" smart-info;
*) disk - added disk check and repair for ext4, btrfs and xfs file systems;
*) disk - improved device name tracking in "/system/resource/hardware" menu;
*) disk - show disk io errors in "/disk" menu;
*) disk - use USB UASP interface for supported devices;
*) dns - added HTTP/2 support to DoH on ARM64 and x86/CHR devices;
*) ethernet - fixed false excessive broadcast warning (introduced in v7.20);
*) ethernet - improved system stability for RB3011, L009, NetMetal ax, hAP ax lite devices;
*) ethernet - improved system stability on devices with Alpine CPUs;
*) fetch - fixed non-working idle-timeout in some cases;
*) file - added copy, tail, head commands (CLI only);
*) firewall - improved stability for SIP helper;
*) firewall - improved system stability (additional fixes);
*) graphing - improved service stability when storing data;
*) hardware - report the correct state of PCI devices in "/system/resource/hardware" menu;
*) health - hide health menu for RB951ui-2nD;
*) interface - show warning when same MAC address is used on more than one virtual interface (additional fixes);
*) iot - added LoRa Tx delay setting;
*) iot - added MQTT subscribe message real-time monitoring option;
*) iot - added Wiliot support;
*) iot - fixed LoRa LBT issues, which caused Tx packets not gettin...
RouterOS 7.23rc3
Build Time:1778211832
What's new in 7.23rc3 (2026-May-06 19:26):
*) console - fixed unresponsiveness when entering safe-mode through the Windows 11 terminal;
*) discovery - added separate read-only menu "/ip/neighbor/lldp" for neighbors discovered by the LLDP (CLI only) (additional fixes);
*) ethernet - fixed stability issue after switch reset on devices with IPQ-40xx, IPQ-60xx CPUs (introduced in v7.22);
*) ip - added IPv6 and VRF support for reverse-proxy;
*) netwatch - fixed memory leak when using HTTP/HTTPS GET probe with invalid src-address;
*) sniffer - fixed missing VLAN tag in the TZSP packets (additional fixes);
*) system - improved switching to HTTP/1 if HTTP/2 is not supported by remote host;
*) upgrade - added the option to configure HTTP/HTTPS modes when connecting to MikroTik upgrade servers (additional fixes);
*) vrrp - fixed stability issue when using VRRP with a hardware-offloaded bridge for Marvell Prestera switch chip;
*) wifi - improved interface provisioning for WiFi 7 access points;
Other changes since v7.22:
!) upgrade - use HTTPS by default when connecting to MikroTik upgrade servers;
*) app - added birdnet-go, cryptpad, diagrams-net, metube, nextcloud-whiteboard, paperless-ngx, wbo, zulip apps;
*) app - added docker-with-dockge, docker-with-komodo, docker-with-portainer, HA-otbr-matter, odoo, otbr, stalwart apps;
*) app - added lorawan-stack, mikrodash, trip apps;
*) app - added possibility to set app command-line parameter from CLI;
*) app - added restart command;
*) app - allow apps on xfs file system;
*) app - allow filtering by installed apps;
*) app - allow overriding default stop signal;
*) app - allow parsing DNS in YAML;
*) app - allow passing stop signal from YAML and passing it to container as default;
*) app - allow picking app category from drop-down;
*) app - allow updating name parameter from YAML for custom apps;
*) app - allow updating YAML for existing custom app, forces cleanup;
*) app - apps now check for port availability, apps will not start on "internal" if app masks existing service;
*) app - automatically pass any required devices to container, such as otbr;
*) app - automatically restart app when required hardware device is changed;
*) app - bundled ollama with openwebui;
*) app - check if certificate already exists before creating a new one;
*) app - disabled PiHole syncing NTP to host;
*) app - fixed birdnet-go, cryptpad, lorawan-stack, mikrodash (introduced in v7.23beta5);
*) app - fixed issue where XFS disks did not appear in the app disk drop-down;
*) app - fixed potential crash when running cleanup on a lot of apps;
*) app - fixed saving custom apps;
*) app - fixed showing ui-url for apps;
*) app - fixed some apps not containing the full repository URL;
*) app - fixed store issue when adding a custom app;
*) app - fixed uptime-kuma and jupyter-notebook;
*) app - fixed YAML not exported for custom apps;
*) app - improved app networks and port behavior;
*) app - improved automatic hardware device passing to container;
*) app - improved YAML error message;
*) app - make sure all layer .tar.gz files are deleted after extraction finishes;
*) app - on file based devices, swap is enabled on the file itself instead of creating another one and enabling it on that;
*) app - stability fixes for the "/app" menu;
*) app - swap file is now created based on the mount-point it is attached to;
*) app - updated uptime-kuma image;
*) arm64,x86 - updated Broadcom bnxt Ethernet driver for 200G support;
*) bfd - fixed source address selection for IPv6 multihop sessions;
*) bgp - fixed stability issue when nonexistent output select-chain was specified;
*) bridge - added ability to set custom Option 82 with dhcp-agent-circuit-id, dhcp-agent-remote-id settings (replaces add-dhcp-option82 setting; configuration is automatically updated after upgrade);
*) bridge - added DHCPv6 snooping feature with ability to set custom Option 18 and Option 37;
*) bridge - fixed missing dynamic "switch-cpu" VLAN entry in WiFi setup;
*) bridge - improved MAC synchronization for MLAG;
*) bridge - recognize more DHCP message types when dhcp-snooping is enabled;
*) bridge - synchronize only local bridge MAC addresses for MLAG (introduced in v7.22);
*) bth - fixed WireGuard client config IP address netmask;
*) certificate - added "ISRG Root X1" and "DigiCert Global Root G2" to SMIPS built-in root certificate authorities store;
*) certificate - added option to configure built-in trust store for all services (additional fixes);
*) certificate - allow deleting ACME certificate that failed to generate;
*) certificate - improved ACME logging;
*) certificate - improved ACME status reporting;
*) certificate - set Let's Encrypt as default ACME directory;
*) chr - improved guest tool config for arm64 CHR;
*) cloud - show error if cloud services are not supported on the device;
*) console - added comment in "/ip/dhcp-server/option/sets" and "/ipv6/dhcp-server/option/sets" menus;
*) console - added path parameter to export;
*) console - added syntax highlight for script properties in some menus (e.g. dhcp-client, dhcp-server, ppp/profile, interface/vrrp);
*) console - export mentions custom defconf script presence in header;
*) console - fixed "/log/print follow on-event" to work with "where" (introduced in v7.22);
*) console - fixed output when oversized completion present;
*) console - removed redundant keepalive for the serial-terminal, ensure that the device no longer periodically outputs /0 while using "/system/serial-terminal";
*) console - rename "cpu-used-per-cpu" to "cpe-used-per-core" in "/system/resource/monitor";
*) console - show "/system/resource/hardware/usb-power-reset" only on x86;
*) console - show warning in print header when terminal is too narrow to show any columns;
*) console - treat non-existent command parameters as runtime errors;
*) container - added restart-policy=no/always/on-failure, stop-on-unhealthy, restart-count, restart-interval, restart-max-count properties;
*) container - added support for noexec option to mounts;
*) container - added support for USB audio devices for containers;
*) container - allow disabling individual container environment variables without deleting them;
*) container - allow picking mount source directories with the file picker in WinBox;
*) container - allow setting memory-max global and per container;
*) container - allow user-defined mounts overriding /sys and /dev;
*) container - check if root-dir does not exist before adding a container;
*) container - clean up layers of non-existing containers;
*) container - detect and show containers killed by out-of-memory killer;
*) container - do not allow starting container/shell with non-existing user or group;
*) container - draw graphs in container stats;
*) container - fixed container entrypoint and shell override by user;
*) container - fixed container layer size calculation;
*) container - fixed container shell not working with multi-arg commands;
*) container - fixed losing container after reboot;
*) container - fixed repull if root-dir of container was in tmpfs;
*) container - fixed running "/container shell" with the correct user, if container user is set or overridden;
*) container - improved errors at container start;
*) container - improved running container instance memory usage;
*) container - layers are now accessible under "Layers" tab;
*) container - pass any container startup error message back to "run" and make it exit immediately;
*) container - remove container backup directory if import fails;
*) container - removed "Layers" button;
*) container - show container size and container data size;
*) container - show default DNS servers;
*) container - show layer size calculation status;
*) crypto - fixed fallback flag loss in qcrypto;
*) crypto - improved safexcel driver with upstream changes and patches;
*) dhcpv4-server - added "add-dns" and "add-dns-suffix" properties for creating local DNS entries;
*) dhcpv4-server - changed lease agent-circuit-id and agent-remote-id format to HEX;
*) dhcpv4-server - do not raise an alert when receiving a packet originating from the same device;
*) dhcpv4-server - do not suggest bogus pools when using setup command (e.g. when address is /31 or /32);
*) dhcpv4-server - fixed an issue where renew packets without giaddr were sometimes not processed;
*) discovery - added "add-dns-entries" and "add-dns-entries-suffix" properties for creating local DNS entries (additional fixes);
*) discovery - added option to disable/enable LLDP MED (additional fixes);
*) discovery - dynamically update advertised "interface-name";
*) discovery - fixed LLDP MAC/PHY TLV;
*) disk - added "/disk" smart-info;
*) disk - added disk check and repair for ext4, btrfs and xfs file systems;
*) disk - improved device name tracking in "/system/resource/hardware" menu;
*) disk - show disk io errors in "/disk" menu;
*) disk - use USB UASP interface for supported devices;
*) dns - added HTTP/2 support to DoH on ARM64 and x86/CHR devices;
*) ethernet - fixed false excessive broadcast warning (introduced in v7.20);
*) ethernet - improved system stability for RB3011, L009, NetMetal ax, hAP ax lite devices;
*) ethernet - improved system stability on devices with Alpine CPUs;
*) fetch - fixed non-working idle-timeout in some cases;
*) file - added copy, tail, head commands (CLI only);
*) firewall - improved stability for SIP helper;
*) firewall - improved system stability (additional fixes);
*) graphing - improved service stability when storing data;
*) hardware - report the correct state of PCI devices in "/system/resource/hardware" menu;
*) health - hide health menu for RB951ui-2nD;
*) interface - show warning when same MAC address is used on more than one virtual interface (additional fixes);
*) iot - added LoRa Tx delay setting;
*) iot - added MQTT subscribe message real-time monitoring option;
*) iot - added Wiliot support;
*) iot - fixed LoRa LBT issues, which caused Tx packets not gettin...
RouterOS 7.23rc2 -arm64
Build Time:1777001896
What's new in 7.23rc2 (2026-Apr-21 18:18):
*) app - fixed birdnet-go, cryptpad, lorawan-stack, mikrodash (introduced in v7.23beta5);
*) ethernet - fixed false excessive broadcast warning (introduced in v7.20);
*) ipsec – fixed expired SA handling to prevent “no such item” errors during listing;
*) lte - fixed AT modem dialer command timeout (introduced in v7.23beta5);
*) lte - fixed operator setting for QMI modems;
*) poe-out - firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces);
*) poe-out - fixed occasional detection issue when using auto-on mode;
*) route - revert to old routing rule priorities for containers (introduced in v7.22);
*) sniffer - fixed missing VLAN tag in the TZSP packets (additional fixes);
*) system - improved system stability;
*) wifi-mediatek - fixed stability issue getting regulatory information and during initialization;
*) wifi-qcom-be - fixed stability issue during initialization;
*) www - improved service stability when cancelling REST API sessions;
Other changes since v7.22:
!) upgrade - use HTTPS by default when connecting to MikroTik upgrade servers;
*) app - added birdnet-go, cryptpad, diagrams-net, metube, nextcloud-whiteboard, paperless-ngx, wbo, zulip apps;
*) app - added docker-with-dockge, docker-with-komodo, docker-with-portainer, HA-otbr-matter, odoo, otbr, stalwart apps;
*) app - added lorawan-stack, mikrodash, trip apps;
*) app - added possibility to set app command-line parameter from CLI;
*) app - added restart command;
*) app - allow apps on xfs file system;
*) app - allow filtering by installed apps;
*) app - allow overriding default stop signal;
*) app - allow parsing DNS in YAML;
*) app - allow passing stop signal from YAML and passing it to container as default;
*) app - allow picking app category from drop-down;
*) app - allow updating name parameter from YAML for custom apps;
*) app - allow updating YAML for existing custom app, forces cleanup;
*) app - apps now check for port availability, apps will not start on "internal" if app masks existing service;
*) app - automatically pass any required devices to container, such as otbr;
*) app - automatically restart app when required hardware device is changed;
*) app - bundled ollama with openwebui;
*) app - check if certificate already exists before creating a new one;
*) app - disabled PiHole syncing NTP to host;
*) app - fixed issue where XFS disks did not appear in the app disk drop-down;
*) app - fixed potential crash when running cleanup on a lot of apps;
*) app - fixed saving custom apps;
*) app - fixed showing ui-url for apps;
*) app - fixed some apps not containing the full repository URL;
*) app - fixed store issue when adding a custom app;
*) app - fixed uptime-kuma and jupyter-notebook;
*) app - fixed YAML not exported for custom apps;
*) app - improved app networks and port behavior;
*) app - improved automatic hardware device passing to container;
*) app - improved YAML error message;
*) app - make sure all layer .tar.gz files are deleted after extraction finishes;
*) app - on file based devices, swap is enabled on the file itself instead of creating another one and enabling it on that;
*) app - stability fixes for the "/app" menu;
*) app - swap file is now created based on the mount-point it is attached to;
*) app - updated uptime-kuma image;
*) arm64,x86 - updated Broadcom bnxt Ethernet driver for 200G support;
*) bfd - fixed source address selection for IPv6 multihop sessions;
*) bgp - fixed stability issue when nonexistent output select-chain was specified;
*) bridge - added ability to set custom Option 82 with dhcp-agent-circuit-id, dhcp-agent-remote-id settings (replaces add-dhcp-option82 setting; configuration is automatically updated after upgrade);
*) bridge - added DHCPv6 snooping feature with ability to set custom Option 18 and Option 37;
*) bridge - fixed missing dynamic "switch-cpu" VLAN entry in WiFi setup;
*) bridge - improved MAC synchronization for MLAG;
*) bridge - recognize more DHCP message types when dhcp-snooping is enabled;
*) bridge - synchronize only local bridge MAC addresses for MLAG (introduced in v7.22);
*) bth - fixed WireGuard client config IP address netmask;
*) certificate - added "ISRG Root X1" and "DigiCert Global Root G2" to SMIPS built-in root certificate authorities store;
*) certificate - added option to configure built-in trust store for all services (additional fixes);
*) certificate - allow deleting ACME certificate that failed to generate;
*) certificate - improved ACME logging;
*) certificate - improved ACME status reporting;
*) certificate - set Let's Encrypt as default ACME directory;
*) chr - improved guest tool config for arm64 CHR;
*) cloud - show error if cloud services are not supported on the device;
*) console - added comment in "/ip/dhcp-server/option/sets" and "/ipv6/dhcp-server/option/sets" menus;
*) console - added path parameter to export;
*) console - added syntax highlight for script properties in some menus (e.g. dhcp-client, dhcp-server, ppp/profile, interface/vrrp);
*) console - export mentions custom defconf script presence in header;
*) console - fixed "/log/print follow on-event" to work with "where" (introduced in v7.22);
*) console - fixed output when oversized completion present;
*) console - removed redundant keepalive for the serial-terminal, ensure that the device no longer periodically outputs /0 while using "/system/serial-terminal";
*) console - rename "cpu-used-per-cpu" to "cpe-used-per-core" in "/system/resource/monitor";
*) console - show "/system/resource/hardware/usb-power-reset" only on x86;
*) console - show warning in print header when terminal is too narrow to show any columns;
*) console - treat non-existent command parameters as runtime errors;
*) container - added restart-policy=no/always/on-failure, stop-on-unhealthy, restart-count, restart-interval, restart-max-count properties;
*) container - added support for noexec option to mounts;
*) container - added support for USB audio devices for containers;
*) container - allow disabling individual container environment variables without deleting them;
*) container - allow picking mount source directories with the file picker in WinBox;
*) container - allow setting memory-max global and per container;
*) container - allow user-defined mounts overriding /sys and /dev;
*) container - check if root-dir does not exist before adding a container;
*) container - clean up layers of non-existing containers;
*) container - detect and show containers killed by out-of-memory killer;
*) container - do not allow starting container/shell with non-existing user or group;
*) container - draw graphs in container stats;
*) container - fixed container entrypoint and shell override by user;
*) container - fixed container layer size calculation;
*) container - fixed container shell not working with multi-arg commands;
*) container - fixed losing container after reboot;
*) container - fixed repull if root-dir of container was in tmpfs;
*) container - fixed running "/container shell" with the correct user, if container user is set or overridden;
*) container - improved errors at container start;
*) container - improved running container instance memory usage;
*) container - layers are now accessible under "Layers" tab;
*) container - pass any container startup error message back to "run" and make it exit immediately;
*) container - remove container backup directory if import fails;
*) container - removed "Layers" button;
*) container - show container size and container data size;
*) container - show default DNS servers;
*) container - show layer size calculation status;
*) crypto - fixed fallback flag loss in qcrypto;
*) crypto - improved safexcel driver with upstream changes and patches;
*) dhcpv4-server - added "add-dns" and "add-dns-suffix" properties for creating local DNS entries;
*) dhcpv4-server - changed lease agent-circuit-id and agent-remote-id format to HEX;
*) dhcpv4-server - do not raise an alert when receiving a packet originating from the same device;
*) dhcpv4-server - do not suggest bogus pools when using setup command (e.g. when address is /31 or /32);
*) dhcpv4-server - fixed an issue where renew packets without giaddr were sometimes not processed;
*) discovery - added "add-dns-entries" and "add-dns-entries-suffix" properties for creating local DNS entries (additional fixes);
*) discovery - added option to disable/enable LLDP MED (additional fixes);
*) discovery - added separate read-only menu "/ip/neighbor/lldp" for neighbors discovered by LLDP the (CLI only);
*) discovery - dynamically update advertised "interface-name";
*) discovery - fixed LLDP MAC/PHY TLV;
*) disk - added "/disk" smart-info;
*) disk - added disk check and repair for ext4, btrfs and xfs file systems;
*) disk - improved device name tracking in "/system/resource/hardware" menu;
*) disk - show disk io errors in "/disk" menu;
*) disk - use USB UASP interface for supported devices;
*) dns - added HTTP/2 support to DoH on ARM64 and x86/CHR devices;
*) ethernet - improved system stability for RB3011, L009, NetMetal ax, hAP ax lite devices;
*) ethernet - improved system stability on devices with Alpine CPUs;
*) fetch - fixed non-working idle-timeout in some cases;
*) file - added copy, tail, head commands (CLI only);
*) firewall - improved stability for SIP helper;
*) firewall - improved system stability (additional fixes);
*) graphing - improved service stability when storing data;
*) hardware - report the correct state of PCI devices in "/system/resource/hardware" menu;
*) health - hide health menu for RB951ui-2nD;
*) interface - show warning when same MAC address is used on more than one virtual interface (additional fixes);
*) iot - added LoRa Tx delay setting;
*) iot - added MQTT subscribe message real-time monitoring option;
*) iot - added Wiliot support;
*) iot - fixed LoRa LBT issues, which caused Tx packets not g...
RouterOS 7.23rc2
Build Time:1777001896
What's new in 7.23rc2 (2026-Apr-21 18:18):
*) app - fixed birdnet-go, cryptpad, lorawan-stack, mikrodash (introduced in v7.23beta5);
*) ethernet - fixed false excessive broadcast warning (introduced in v7.20);
*) ipsec – fixed expired SA handling to prevent “no such item” errors during listing;
*) lte - fixed AT modem dialer command timeout (introduced in v7.23beta5);
*) lte - fixed operator setting for QMI modems;
*) poe-out - firmware update for 802.3at capable boards (the update will cause a brief power interruption to poe-out interfaces);
*) poe-out - fixed occasional detection issue when using auto-on mode;
*) route - revert to old routing rule priorities for containers (introduced in v7.22);
*) sniffer - fixed missing VLAN tag in the TZSP packets (additional fixes);
*) system - improved system stability;
*) wifi-mediatek - fixed stability issue getting regulatory information and during initialization;
*) wifi-qcom-be - fixed stability issue during initialization;
*) www - improved service stability when cancelling REST API sessions;
Other changes since v7.22:
!) upgrade - use HTTPS by default when connecting to MikroTik upgrade servers;
*) app - added birdnet-go, cryptpad, diagrams-net, metube, nextcloud-whiteboard, paperless-ngx, wbo, zulip apps;
*) app - added docker-with-dockge, docker-with-komodo, docker-with-portainer, HA-otbr-matter, odoo, otbr, stalwart apps;
*) app - added lorawan-stack, mikrodash, trip apps;
*) app - added possibility to set app command-line parameter from CLI;
*) app - added restart command;
*) app - allow apps on xfs file system;
*) app - allow filtering by installed apps;
*) app - allow overriding default stop signal;
*) app - allow parsing DNS in YAML;
*) app - allow passing stop signal from YAML and passing it to container as default;
*) app - allow picking app category from drop-down;
*) app - allow updating name parameter from YAML for custom apps;
*) app - allow updating YAML for existing custom app, forces cleanup;
*) app - apps now check for port availability, apps will not start on "internal" if app masks existing service;
*) app - automatically pass any required devices to container, such as otbr;
*) app - automatically restart app when required hardware device is changed;
*) app - bundled ollama with openwebui;
*) app - check if certificate already exists before creating a new one;
*) app - disabled PiHole syncing NTP to host;
*) app - fixed issue where XFS disks did not appear in the app disk drop-down;
*) app - fixed potential crash when running cleanup on a lot of apps;
*) app - fixed saving custom apps;
*) app - fixed showing ui-url for apps;
*) app - fixed some apps not containing the full repository URL;
*) app - fixed store issue when adding a custom app;
*) app - fixed uptime-kuma and jupyter-notebook;
*) app - fixed YAML not exported for custom apps;
*) app - improved app networks and port behavior;
*) app - improved automatic hardware device passing to container;
*) app - improved YAML error message;
*) app - make sure all layer .tar.gz files are deleted after extraction finishes;
*) app - on file based devices, swap is enabled on the file itself instead of creating another one and enabling it on that;
*) app - stability fixes for the "/app" menu;
*) app - swap file is now created based on the mount-point it is attached to;
*) app - updated uptime-kuma image;
*) arm64,x86 - updated Broadcom bnxt Ethernet driver for 200G support;
*) bfd - fixed source address selection for IPv6 multihop sessions;
*) bgp - fixed stability issue when nonexistent output select-chain was specified;
*) bridge - added ability to set custom Option 82 with dhcp-agent-circuit-id, dhcp-agent-remote-id settings (replaces add-dhcp-option82 setting; configuration is automatically updated after upgrade);
*) bridge - added DHCPv6 snooping feature with ability to set custom Option 18 and Option 37;
*) bridge - fixed missing dynamic "switch-cpu" VLAN entry in WiFi setup;
*) bridge - improved MAC synchronization for MLAG;
*) bridge - recognize more DHCP message types when dhcp-snooping is enabled;
*) bridge - synchronize only local bridge MAC addresses for MLAG (introduced in v7.22);
*) bth - fixed WireGuard client config IP address netmask;
*) certificate - added "ISRG Root X1" and "DigiCert Global Root G2" to SMIPS built-in root certificate authorities store;
*) certificate - added option to configure built-in trust store for all services (additional fixes);
*) certificate - allow deleting ACME certificate that failed to generate;
*) certificate - improved ACME logging;
*) certificate - improved ACME status reporting;
*) certificate - set Let's Encrypt as default ACME directory;
*) chr - improved guest tool config for arm64 CHR;
*) cloud - show error if cloud services are not supported on the device;
*) console - added comment in "/ip/dhcp-server/option/sets" and "/ipv6/dhcp-server/option/sets" menus;
*) console - added path parameter to export;
*) console - added syntax highlight for script properties in some menus (e.g. dhcp-client, dhcp-server, ppp/profile, interface/vrrp);
*) console - export mentions custom defconf script presence in header;
*) console - fixed "/log/print follow on-event" to work with "where" (introduced in v7.22);
*) console - fixed output when oversized completion present;
*) console - removed redundant keepalive for the serial-terminal, ensure that the device no longer periodically outputs /0 while using "/system/serial-terminal";
*) console - rename "cpu-used-per-cpu" to "cpe-used-per-core" in "/system/resource/monitor";
*) console - show "/system/resource/hardware/usb-power-reset" only on x86;
*) console - show warning in print header when terminal is too narrow to show any columns;
*) console - treat non-existent command parameters as runtime errors;
*) container - added restart-policy=no/always/on-failure, stop-on-unhealthy, restart-count, restart-interval, restart-max-count properties;
*) container - added support for noexec option to mounts;
*) container - added support for USB audio devices for containers;
*) container - allow disabling individual container environment variables without deleting them;
*) container - allow picking mount source directories with the file picker in WinBox;
*) container - allow setting memory-max global and per container;
*) container - allow user-defined mounts overriding /sys and /dev;
*) container - check if root-dir does not exist before adding a container;
*) container - clean up layers of non-existing containers;
*) container - detect and show containers killed by out-of-memory killer;
*) container - do not allow starting container/shell with non-existing user or group;
*) container - draw graphs in container stats;
*) container - fixed container entrypoint and shell override by user;
*) container - fixed container layer size calculation;
*) container - fixed container shell not working with multi-arg commands;
*) container - fixed losing container after reboot;
*) container - fixed repull if root-dir of container was in tmpfs;
*) container - fixed running "/container shell" with the correct user, if container user is set or overridden;
*) container - improved errors at container start;
*) container - improved running container instance memory usage;
*) container - layers are now accessible under "Layers" tab;
*) container - pass any container startup error message back to "run" and make it exit immediately;
*) container - remove container backup directory if import fails;
*) container - removed "Layers" button;
*) container - show container size and container data size;
*) container - show default DNS servers;
*) container - show layer size calculation status;
*) crypto - fixed fallback flag loss in qcrypto;
*) crypto - improved safexcel driver with upstream changes and patches;
*) dhcpv4-server - added "add-dns" and "add-dns-suffix" properties for creating local DNS entries;
*) dhcpv4-server - changed lease agent-circuit-id and agent-remote-id format to HEX;
*) dhcpv4-server - do not raise an alert when receiving a packet originating from the same device;
*) dhcpv4-server - do not suggest bogus pools when using setup command (e.g. when address is /31 or /32);
*) dhcpv4-server - fixed an issue where renew packets without giaddr were sometimes not processed;
*) discovery - added "add-dns-entries" and "add-dns-entries-suffix" properties for creating local DNS entries (additional fixes);
*) discovery - added option to disable/enable LLDP MED (additional fixes);
*) discovery - added separate read-only menu "/ip/neighbor/lldp" for neighbors discovered by LLDP the (CLI only);
*) discovery - dynamically update advertised "interface-name";
*) discovery - fixed LLDP MAC/PHY TLV;
*) disk - added "/disk" smart-info;
*) disk - added disk check and repair for ext4, btrfs and xfs file systems;
*) disk - improved device name tracking in "/system/resource/hardware" menu;
*) disk - show disk io errors in "/disk" menu;
*) disk - use USB UASP interface for supported devices;
*) dns - added HTTP/2 support to DoH on ARM64 and x86/CHR devices;
*) ethernet - improved system stability for RB3011, L009, NetMetal ax, hAP ax lite devices;
*) ethernet - improved system stability on devices with Alpine CPUs;
*) fetch - fixed non-working idle-timeout in some cases;
*) file - added copy, tail, head commands (CLI only);
*) firewall - improved stability for SIP helper;
*) firewall - improved system stability (additional fixes);
*) graphing - improved service stability when storing data;
*) hardware - report the correct state of PCI devices in "/system/resource/hardware" menu;
*) health - hide health menu for RB951ui-2nD;
*) interface - show warning when same MAC address is used on more than one virtual interface (additional fixes);
*) iot - added LoRa Tx delay setting;
*) iot - added MQTT subscribe message real-time monitoring option;
*) iot - added Wiliot support;
*) iot - fixed LoRa LBT issues, which caused Tx packets not g...