Krita (64-bit)

What's new in this version:

Important note:
- Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading

Changes:
- added support for IEEE 802.1X Port-Based Network Access Control
- added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator
- removed insecure password storage
- correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used
- correctly handle bridge host table
- fixed log message when hardware offloading is being enabled
- improved stability when receiving traffic over USB modem with bridge firewall enabled
- fixed CAP system upgrading process for MMIPS
- fixed interface-list usage in access list
- improved packet processing after overloading interface
- added "key-type" field
- added support for ECDSA certificates (prime256v1, secp384r1, secp521r1)
- fixed self signed CA certificate handling by SCEP client
- made RAM the default CRL storage location
- removed DSA (D) flag
- removed "set-ca-passphrase" parameter
- legacy adapters require "disable-running-check=yes" to be set
- added "replace" parameter for backup "upload-file" command
- fixed GRE protocol packet connection-state matching (CVE-2014-8160)
- significant stability and performance improvements
- fixed known multicast flooding to the CPU
- added ethernet tx-drop counter
- correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate
- fixed auto negotiation when 2-pair twisted cable is used (downshift feature)
- fixed "tx-drop" counter
- improved switch-chip resource allocation on CRS326, CRS328, CRS305
- added "custom-script" field that prints custom configuration installed by Netinstall
- automatically set "installation" parameter for outdoor devices
- changed default configuration type to AP for cAP series devices
- fixed channel width selection for RU locked devices
- create dual stack queue based on limitations specified on DHCPv4 server lease configuration
- do not require lease and binding to have the same configuration for dual-stack queues
- show warning in log if lease and binding dual-stack related parameters do not match and create separate queues
- added "client-mac-limit" parameter
- added IP conflict logging
- added RADIUS accounting support with queue based statistics
- added "vendor-class-id" matcher (CLI only)
- improved stability when performing "check-status" command
- replaced "busy" lease status with "conflict" and "declined"
- added option to disable rapid-commit
- fixed status update when leaving "bound" state
- added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time"
- added "address-list" support for bindings
- added "insert-queue-before" and "parent-queue" parameters
- added RADIUS accounting support with queue based statistics
- added "route-distance" parameter
- fixed dynamic IPv6 binding without proper reference to the server
- override prefix pool and/or DNS server settings by values received from RADIUS
- correctly create neighbors from VLAN tagged discovery messages
- fixed CDP packets not including address on slave ports (introduced in v6.44)
- improved neighbour's MAC address detection
- limit max neighbour count per interface based on total RAM memory
- show neighbors on actual mesh ports
- include "message-id" identification field in e-mail header
- properly release e-mail sending session if the server's domain name can not be resolved
- added support for 25Gbps and 40Gbps rates
- fixed running (R) flag not present on x86 interfaces and CHR legacy adapters
- increased loop warning threshold to 5 packets per second
- added SFTP support
- improved user policy lookup
- fixed fragmented packet processing when only RAW firewall is configured
- process packets by firewall when accepted by RAW with disabled connection tracking
- fixed missing minus close to zero coordinates in dd format
- make sure "direction" parameter is upper case
- strip unnecessary trailing characters from "longtitude" and "latitude" values
- use "serial0" as default port on LtAP mini
- added "interface-mac" variable to HTML pages
- moved "title" HTML tag after "meta" tags
- adjusted debug packet logging topics
- added support for ECDSA certificate authentication (rfc4754)
- added support for IKE SA rekeying for initiator
- do not send "User-Name" attribute to RADIUS server if not provided
- improved certificate verification when multiple CA certificates received from responder
- improved child SA rekeying process
- improved XAuth identity conversion on upgrade
- prefer SAN instead of DN from certificate for ID payload
- improved logging for IPv6 Pool when prefix is already in use
- added dynamic comment field for "active-peers" menu inherited from identity
- added "ph2-total" counter to "active-peers" menu
- added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods
- added traffic statistics to "active-peers" menu
- disallow setting "src-address" and "dst-address" for transport mode policies
- do not allow adding identity to a dynamic peer
- fixed policies becoming invalid after changing priority
- general improvements in policy handling
- properly drop already established tunnel when address change detected
- renamed "remote-peers" to "active-peers"
- renamed "rsa-signature" authentication method to "digital-signature"
- replaced policy SA address parameters with peer setting
- use tunnel name for dynamic IPsec peer name
- improved system stability when receiving bogus packets
- renamed SIM slots "up" and "down" to "2" and "3"
- added initial support for Vodafone R216-Z
- added passthrough interface subnet selection
- added support for manual operator selection
- allow setting empty APN
- allow to specify URL for firmware upgrade "firmware-file" parameter
- do not show error message for info commands that are not supported
- fixed session reactivation on R11e-LTE in UMTS mode
- improved firmware upgrade process
- improved "info" command query
- improved R11e-4G modem operation
- renamed firmware upgrade "path" command to "firmware-file" (CLI only)
- show alphanumeric value for operator info
- show correct firmware revision after firmware upgrade
- use default APN name "internet" when not provided
- use secondary DNS for DNS server configuration
- added support for additional Serial Console port on GPIO headers
- added support for link scope opaque LSAs (Type 9) for OSPFv2
- fixed opaque LSA type checking in OSPFv2
- improved "unknown" LSA handling in OSPFv3
- added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066)
- added initial support for Quectel BG96
- increased minimal free RAM that can not be used for proxy services
- improved system stability when receiving bogus packets
- fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required)
- improved system stability ("/system routerboard upgrade" required)
- renamed 'sim' menu to 'modem'
- fixed S-35LC20D transceiver DDMI readouts after reboot
- added USSD message functionality under "/tool sms" (CLI only)
- allow specifying multiple "allowed-number" values
- improved delivery report logging
- added "dot1dStpPortTable" OID
- added OID for neighbor "interface"
- added "write-access" column to community print
- allow setting interface "adminStatus"
- fixed "send-trap" not working when "trap-generators" does not contain "temp-exception"
- fixed "send-trap" with multiple "trap-targets"
- improved reliability on SNMP service packet validation
- properly return multicast and broadcast packet counters for IF-MIB OIDs
- accept remote forwarding requests with empty hostnames
- added new "ssh-exec" command for non-interactive command execution
- fixed non-interactive multiple command execution
- improved remote forwarding handling (introduced in v6.44.3)
- improved session rekeying process on exchanged data size threshold
- keep host keys when resetting configuration with "keep-users=yes"
- use correct user when "output-to-file" parameter is used
- improved stability when received traffic hits tarpit firewall
- added IPv6 ND section to supout file
- added "kid-control devices" section to supout file
- added "pwr-line" section to supout file
- changed IPv6 pool section to output detailed print
- properly reapply settings after switch chip reset
- added "max-block-size" parameter under TFTP "settings" menu (CLI only)
- improved link fault detection on SFP+ ports
- added LTE CQI and IMSI parameter support
- fixed potential memory corruption
- improved error reporting with incorrect firware upgrade XML file
- improved stability when sending large ping amounts
- improved stability when stopping traffic generator
- removed "local-address" requirement when "ipsec-secret" is used
- added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only)
- do not show unused "dmg" paramete
- prefer AP with strongest signal when multiple APs with same SSID present
- show running frequency under "monitor" command
- added "System/SwOS" menu for all dual-boot devices
- do not allow setting "dns-lookup-interval" to "0"
- show "LCD" menu only on boards that have LCD screen
- fixed frequency duplication in the frequency selection menu
- fixed incorrect IP header for RADIUS accounting packet
- improved 160MHz channel width stability on rb4011
- improved DFS radar detection when using non-ETSI regulated country
- improved installation mode selection for wireless outdoor equipment
- set default SSID and supplicant-identity the same as router's identity
- updated "china" regulatory domain information
- updated "new zealand" regulatory domain information
- improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473)