Latest ASUSWRT Merlin Firmware Link & Changelog

Home Forums Wireless Routers & Modems … ASUS Latest ASUSWRT Merlin Firmware Link & Changelog


Viewing 1 post (of 1 total)
  • Author
  • #462
    UK Sentinel
    • Posts 3395
    • Skipper

    Latest ASUSWRT Merlin Changelog – 384.5 (13-May-2018)


    384.6 (25-July-2018)
    – NOTE: The RT-AC87U is not supported in this release, as
    Asus hasn’t released any updated code for that model.
    – NEW: Merged with GPL 384_21045/382_50624.
    – NEW: Added support for the “-p” option to netstat.
    – NEW: Added setting to enable DNS rebind protection, on the
    DHCP page.  This works by rejecting upstream server
    responses that would point at a private IP.
    – CHANGED: Updated nano to 2.9.8
    – CHANGED: Updated curl to 7.60.0 (contains security fixes)
    – CHANGED: Allow selecting text (for copy/paste operations)
    on AiProtection pages.
    – CHANGED: Added AES-*-GCM ciphers to the OpenVPN legacy
    ciphers (so they can be explicitely used without
    using NCP).
    – CHANGED: Updated dnsmasq to 2.80test2-17-g51e4eee (themiron)
    – CHANGED: Since dnsmasq 2.80, dnsmasq now ensures that unsigned
    DNS replies received with DNSSEC enabled are legitimate.
    If your upstream DNS doesn’t support DNSSEC, this means
    all replies from signed zones will be considered
    invalid.  Make sure you only enable DNSSEC if your
    upstream DNS servers do support it.  This behaviour is
    a bit slower, but far more secure than the old default.
    – CHANGED: Network Tools -> Netstat output also report program/PID
    – CHANGED: Updated CA bundle to June 20th version.
    – FIXED: IPv6-related issues on non-HND platform (themiron)
    – FIXED: Couldn’t log on WTFast if accessing the router
    webui over https.
    – FIXED: USB modem support code failing to properly pass
    parameters to the kernel module (themiron)
    – REMOVED: WTFast support for RT-AC88U/RT-AC3100/RT-AC5300,
    as it’s incompatible with recent versions of
    curl (and has been broken for quite some time).
    Not gonna revert back to a 7 years old curl
    version just for WTFast.

    384.5 (13-May-2018)
    – NEW: Merged withh GPL 384_20648
    – NEW: Merged RT-AC68U, RT-AC5300 binary blobs from 384_20648
    – NEW: Merged RT-AC86U SDK and binary blobs from 384_20648
    – NEW: service-event script, executed before any service
    call is made.  First argument is the event (typically
    stop, start or restart), second argument is the target
    (wireless, httpd, etc…).
    Note that this script will block the execution of
    the event until it returns.
    – NEW: Added USB HID modules (for use with devices such
    as UPS)
    – NEW: Added ip6tables-save command.
    – CHANGED: Updated OpenVPN to 2.4.6.
    – CHANGED: Updated Dropbear to 2018.76.
    – CHANGED: Updated Openssl to 1.0.2o.
    – CHANGED: Updated miniupnpd to version 2.1 (20180508).
    – CHANGED: Updated nano to 2.9.5.
    – CHANGED: Moved RT-AC86U to the same Busybox version (1.25.1)
    as other models.
    – CHANGED: Revised OpenVPN server options:
    o Removed “TLS Reneg time” (rarely used, can manually
    be set as a custom option)
    o Removed “Server Poll” (which didn’t work
    properly), and reimplemented watchdog service,
    hardcoded to 2 mins frequency.
    o Removed “Push LAN” and “Redirect Gateway”,
    replaced with new Client Access setting
    o Removed Firewall setting (firewall rules are now
    always created, and the broken External mode
    was fixed and integrated into the new Client
    Access setting).  You can now use the postconf
    script to override it.
    o Removed option to respond to DNS queries – enabling
    the option to Push DNS will also handle it
    o Added new Client Access setting to select between
    three types of access: LAN only, WAN only (will
    block access to the LAN, including the router
    itself) and LAN + WAN.
    o Keys and certificates can now be up to 7999
    characters long.

    – CHANGED: Revised OpenVPN client options:
    o Reorganized settings into groups
    o Removed “Poll Interval” (which didn’t work
    properly), and reimplemented watchdog service,
    with a hardcoded frequency of 2 mins.
    o Removed Firewall setting (firewall rules are now
    always created).  You can now use the postconf
    script to override it.
    o Modified behaviour of Connection Retry.  Instead
    of taking a value in seconds that only affected
    resolution failure, it now takes a number of
    attempts, and affects connection failures.
    Resolution failures will now retry for an infinite
    period of time (the default OpenVPN value).
    o Added “refresh” link which can be clicked to
    re-query the public IP endpoint of the tunnel
    o Keys and certificates can now be up to 7999
    characters long.

    – CHANGED: Removed option to resolve names on the
    Log -> Connections page.
    That functionality was added to the
    Network Tools -> Netstat page instead.
    – CHANGED: Re-designed Log -> Connections page into a table
    with sortable fields – click on a column header to
    sort on that field.
    – CHANGED: From now on, setting the router to act as a master
    browser or a WINS server will also require you to
    enable sharing.  This will ensure that users understand
    that enabling either of these settings requires disk
    sharing to also be enabled (which it was already
    silently doing before).
    – CHANGED: Moved “Beta firmware” option to the Tools -> Other
    Settings page
    – CHANGED: Improved layout of the Firmware Update page
    – CHANGED: WPAD behaviour (sending a carriage return on
    DHCP option 252) can now be controlled in the
    Tweaks section.
    – CHANGED: Blocking custom scripts such as service-event
    and pre-mount will now wait a maximum of 120
    seconds before resuming normal operations, to
    prevent accidental lockouts.
    – CHANGED: Autofill start/end time for DST when selecting
    a timezone (LostFreq)
    – FIXED: Some dnsmasq issues related to DNSSEC were fixed,
    including CVE-2017-15107. (backported from
    dnsmasq 2.79 by John Bacho)
    – FIXED: Restoring an OpenVPN instance to default values
    would fail to disable its Start with WAN setting.
    – FIXED: Hardware authentication failure for the RT-AC3100
    and RT-AC5300.
    – FIXED: Minidlna web status page could no longer be enabled.
    – FIXED: CVE-2017-9022, CVE-2017-9023 and CVE-2017-11185 in
    Strongswan (odkrys)
    – FIXED: Various issues with download traffic in Traditional
    QoS (Cédric Dufour)
    – FIXED: TCP timeout values couldn’t be changed on the
    Tools -> Other Settings page.
    – FIXED: Security issue related to webui logging in (Asus bug)

    In a completely sane world, madness is the only freedom (J.G.Ballard).

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.