corniger

Release 5.0.12.1 (stable)*: Kernel: improved support for serial NAND (SNAND) memory to enhance compatibility and operational stability on KAP-630 model devices [SYS-1809] * publication scope: KAP-630

Release 5.1.0 (preview) Core: discontinued support for the KABiNET ISP authorizer as it is no longer in service [NDM-4506] DNS: corrected the resolution of certain domain names for FQDN-based routing [NDM-4476] HTTP: disabled HTTP/2 support to mitigate security vulnerabilities, including CVE-2026-49975, related to an HPACK out-of-memory (OOM) attack [NDM-4499] HTTP: restored navigation to the Web Interface from the RMM cloud device management system [NDM-4505] IP: improved the handling of non-exclusive FQDN-based routes when the destination interface is unavailable [NDM-4358] IPv6: fixed the 'ip policy no ipv6 route' command operation [NDM-4467] Mobile: added an option to turn off polling of the eSIM on the mobile modem to resolve an issue affecting certain SIM cards [NDM-4424] interface {name} esim disable NTCE: optimized memory allocation settings for the Traffic classification engine system component to avoid unnecessary limitations when using IntelliQoS features [NDM-4482] OpenSSL: library upgraded to 3.5.6/3.0.20 to address multiple security vulnerabilities [NDM-4402] CVE-2026-28386 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-31789 CVE-2026-31790 Web: enhanced the Client Lists page by adding an option to hide offline clients and a tooltip to display the client count by status (requested by @Gonzik) [NWI-4857] Web: arranged the lists of domain names alphabetically in the selector on the DNS-Based Route Parameters pop-up [NWI-4895] Web: added a link to the General Wi-Fi Settings section from the Access Points page [NWI-4894] Web: updated the appearance of the frequency band selector on the Access Points page (requested by @keenet07) [NWI-4867] Web: reduced the delay when switching between modems on the SMS page (reported by @dimon27254) [NWI-4859] Web: fixed the gear button functionality on the About the System card in Safari (reported by @mega1volt) [NWI-4892] Web: resolved an issue that caused the wrong number of copies to be printed when users printed wireless network information from the mobile view (reported by @dimon27254) [NWI-4858] Web: standardized the display of client names and MAC addresses in the Transition Log on the Wi-Fi System page [NWI-4887]

Release 4.3.8 LTS (preview, stable)*: Core: fixed a memory leak in the API parsers for IPv6 addresses and prefixes [NDM-4376] HTTP: addressed the CVE-2026-28753 security vulnerability in the web interface service [NDM-4368] HTTP: disabled HTTP/2 support to mitigate security vulnerabilities, including CVE-2026-49975, related to an HPACK out-of-memory (OOM) attack [NDM-4499] MWS: fixed the 'the controller DPN document is not accepted' error that occurred when acquiring an extender under certain conditions [NDM-4452] OpenSSL: library upgraded to 3.5.6/3.0.20 to address multiple security vulnerabilities [NDM-4402] CVE-2026-28386 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-31789 CVE-2026-31790 SSH: fixed an issue that could prevent the session timeout from being applied correctly [NDM-4406] Wi-Fi: fixed a potential crash and memory leak that could occur when connecting to a Wi-Fi 7 network using WPA3-SAE after changing the wireless settings [SYS-1749] Wi-Fi: fixed the 2.4 GHz channel width display on models using MT7628 or MT7603 [SYS-1755] WireGuard: fixed the issue with multiple connections operation after a device restart (reported by @tkost, @Robespierre) [NDM-4418] * publication scope: KN-1111, KN-1211, KN-1212, KN-1311, KN-1511, KN-1611, KN-1711, KN-2210, KN-3010

Release 5.0.12 (stable): Ethernet: resolved an issue in the Ethernet switch that affected the handling of 802.1Q frames with VLAN ID 0 [SYS-1785] HTTP: disabled HTTP/2 support to mitigate security vulnerabilities, including CVE-2026-49975, related to an HPACK out-of-memory (OOM) attack [NDM-4499] IP: improved the handling of non-exclusive FQDN-based routes when the destination interface is unavailable [NDM-4358] IPv6: fixed the 'ip policy no ipv6 route' command operation [NDM-4467] Mobile: added support for the six-digit PLMN mobile network operator identifier format in the command-line interface [SYS-1773] MWS: fixed the 'the controller DPN document is not accepted' error that occurred when acquiring an extender under certain conditions [NDM-4452] Web: resolved an issue that caused the wrong number of copies to be printed when users printed wireless network information from the mobile view (reported by @dimon27254) [NWI-4858]

Release 5.1 Beta 4 (preview) MWS: fixed the 'the controller DPN document is not accepted' error that occurred when acquiring an extender under certain conditions [NDM-4452] Web: sorted the client list alphabetically when adding a custom view to the Traffic Monitor page (requested by @dimon27254) [NWI-4827] WireGuard: fixed the 'invalid I1 value' error that occured when importing certain configurations [NDM-4472]

Release 5.1 Beta 3 (preview) Ethernet: resolved an issue in the Ethernet switch that affected the handling of 802.1Q frames with VLAN ID 0 [SYS-1785] Mobile: added support for the newer 6-digit mobile network operator PLMN identifiers [NWI-4838] Web: resolved an issue with the Firewall Rule editor (reported by @spatiumstas) [NWI-4835] Web: resolved the issue with WISP connections to networks that have special characters in their names [NWI-4836]

And if you want not the setting as it is currently implemented (ie to use direct mode KeenDNS name, which at moment works on a system primary connection, be noted - backup connections won't get pointed to until become primary), but actually post a feature request (as per forum section), then there's little chance it is automated. System would have to store certificate issued for IP address (not domain name), which is uncommon and also not secure. sorry I'm not telling more, as simple AI question reveals a bunch of 'why's it is not recommended even from a user point of view. In a case this address is dynamic, for one, router will have to request new certificate and revoke the old one each time the change happens, This is definitely not what your CA provider expects. And if you suddenly get the CG-NAT you instantly lose access (which wouldn't be a problem with KeenDNS solution, as it can automatically fall back to cloud base). I simply had a thought as there was an example above, where protocol is https and address is actually the IPv4 number. this is not how it works, usually Please confirm if you want specifically access via HTTPS protocol using cleartext IP of your router, and if that is the case, then any details you can share may be of help.

If you want to access over your public IPs, though, there's no need to set up anything apart from opening the HTTP access on the Management - Users & Access - Inbound Management Access: apply HTTP + HTTPS. mind that this will not be secure, as you'll be using plain http to open website by its IP address. not recommended in WAN scenario. recommended practice is to use KeenDNS - it has Direct mode where your traffic goes via your IP directly, not using cloud bounce all this is in KB by the way, try support section on the Keenetic website

Release 5.1 Beta 2 (preview) Mobile: enabled the display of signal level, band, downlink and uplink frequency, BSSID, TAC/LAC, and PCI/PSC data, where available during mobile network scans with Hero 5G (KN-4110) devices [NWI-4800] MWS: added support for mobile network scanning with embedded 5G/4G modems on Wi-Fi System Extenders [NWI-4802] MWS: enabled the display of connection details for client devices connected to Wi-Fi System Extenders via Ethernet [NDM-4429] Web: adjusted the height of the list on the Application Traffic Analyser page (reported by @dimon27254) [NWI-4819] Web: resolved the issue that occurred when changing the network port speed on the System Settings page [NWI-4833] Web: updated the Wi-Fi Network Settings editor window to resolve the issue when configuring the WPA Enterprise protection [NWI-4806] Web: fixed the display of the current time in the schedule editor [NWI-4815] Web: resolved the scrolling issue for the mobile view of the Application Traffic Analyser page [NWI-4816] Web: fixed the display of transmitted traffic statistics for unregistered clients on the Client Lists page (reported by @x13) [NWI-4834] Web: fixed the Download Station application operation [NWI-4826] Web: fixed several issues with the Wi-Fi settings (reported by @spatiumstas, @keenet07) [NWI-4813] Web: adjusted the contrast of table elements to improve readability (requested by @spatiumstas) [NWI-4805] Web: removed the unnecessary 'Delete' button from the WireGuard VPN Server connection statistics window in mobile view [NWI-4809] Web: updated the Traffic Monitor card on the Dashboard page for better performance in mobile view [NWI-4779] Wi-Fi: updated the MediaTek Wi-Fi 7 SoC firmware and wireless driver to improve stability, compatibility, and performance in various Wi-Fi operation scenarios [SYS-1772] WireGuard: fixed the issue with multiple connections operation after a device restart (reported by @tkost, @Robespierre) [NDM-4418]

Release 5.0.11 (stable): Mobile: added an option to turn off polling of the eSIM on the mobile modem to resolve an issue affecting certain SIM cards [NDM-4424] interface {name} esim disable MWS: resolved the issue where wireless-only segments were missing from extenders under certain conditions [NDM-4420] SSH: fixed an issue that could prevent the session timeout from being applied correctly [NDM-4406] Web: adjusted the height of the list on the Application Traffic Analyser page (reported by @dimon27254) [NWI-4819] Web: fixed the display of the current time in the schedule editor [NWI-4815] Web: resolved the scrolling issue for the mobile view of the Application Traffic Analyser page [NWI-4816] Web: fixed the Download Station application operation [NWI-4826] Web: removed the unnecessary 'Delete' button from the WireGuard VPN Server connection statistics window in mobile view [NWI-4809] Wi-Fi: fixed the 2.4 GHz channel width display on models using MT7628 or MT7603 [SYS-1755] Wi-Fi: updated the MediaTek Wi-Fi 7 SoC firmware and wireless driver to improve stability, compatibility, and performance in various Wi-Fi operation scenarios [SYS-1772] WireGuard: fixed the issue with multiple connections operation after a device restart (reported by @tkost, @Robespierre) [NDM-4418]

Release 5.1 Beta 1 (preview) Web: enabled the option to choose the connection when configuring custom IPv6 DNS servers [NWI-4799] Web: enhanced the Assignment column to better fit larger client device lists in the Application Filter menu (requested by @FLK) [NWI-4781] Web: fixed the navigation to the File Browser from the System Dashboard page in a specific case (reported by @iggo) [NWI-4796] Web: updated the IPv6 section on the Firewall page to allow selection of the OPKG tunnel interfaces (reported by @avn) [NWI-4776] Wi-Fi: fixed the 2.4 GHz channel width display on models using MT7628 or MT7603 [SYS-1755]

Release 5.1 Beta 0.3 IPv6: fixed the web interface operation when IPv6 was turned off with 'system set net.ipv6.conf.all.disable_ipv6 1' command (requested by @gaaronk) [NDM-4303] LTE: reduced the delay when switching between slots of a dual-SIM modem on Hopper 4G+ and Hero 5G models [NDM-4379] PingCheck: fixed the switch to the backup connection with an unconfigured availability check in case the higher-priority connection check fails [NDM-4392] SSH: fixed an issue that could prevent the session timeout from being applied correctly [NDM-4406] Tools: added an option to set the DF (Do Not Fragment) bit in the ping utility via the command line interface [NDM-4391] Web: fixed missing localization in the confirmation dialogue when turning off Wi-Fi (reported by @project_fcc) [NWI-4791] Web: corrected the notification that appears when turning off all access points in the wireless band (requested by @dimon27254) [NWI-4783] Web: fixed an issue where the selected Automatic theme would switch when printing the wireless network information (reported by @dimon27254) [NWI-4773] Web: fixed issues with the wireless roaming settings on the Access Points page (reported by @dimon27254) [NWI-4778] Web: corrected the display of the storage icon at certain screen resolutions (reported by @dimon27254) [NWI-4693] Wi-Fi: fixed a potential crash and memory leak that could occur when connecting to a Wi-Fi 7 network using WPA3-SAE after changing the wireless settings [SYS-1749]

Release 5.0.10 (preview → stable): LTE: reduced the delay when switching between slots of a dual-SIM modem on Hopper 4G+ and Hero 5G models [NDM-4379] OpenSSL: library upgraded to 3.5.6/3.0.20 to address multiple security vulnerabilities [NDM-4402] CVE-2026-28386 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-31789 CVE-2026-31790 Web: corrected the display of the storage icon at certain screen resolutions (reported by @dimon27254) [NWI-4693] Wi-Fi: fixed a potential crash and memory leak that could occur when connecting to a Wi-Fi 7 network using WPA3-SAE after changing the wireless settings [SYS-1749]

Release 5.0.9 (preview): Core: fixed a memory leak in the API parsers for IPv6 addresses and prefixes [NDM-4376] HTTP: addressed the CVE-2026-28753 security vulnerability in the web interface service [NDM-4368] NDNS: fixed the incorrect 403 Forbidden status when accessing the device name in cloud mode over IPv6 [NDM-4378] VLAN: resolved the issue that caused the 'VLAN ID is busy' log messages to appear when adding network segments [NDM-4363] VLAN: fixed the 802.1q egress priority setting for packets with non-zero DSCP mark [NDM-4342] Web: added sorting by name and traffic transmitted to the WireGuard connections list (requested by @Алексей Микин) [NWI-4732] Web: added an option to turn off the WireGuard peer in the 'Connect via' selector [NWI-4756] Web: fixed the Dashboard link to the Active Connections tab in Diagnostics [NWI-4743] Web: fixed the charts display on the Traffic Monitor page [NWI-4758] Web: fixed the reorder operation for connections on the Connection Policies page (reported by @spatiumstas) [NWI-4740] Web: fixed scrolling on the Application Traffic Analyser page [NWI-4726] Web: fixed the partition size display on the Applications page (reported by @spatiumstas) [NWI-4495] Web: fixed the logo font and colour in the header (requested by @dimon27254 et al) [NWI-4771] Web: removed the toggle's own status display (reported by @KeyYerS) [NWI-4742] WSD: corrected the packet format for Probe and Hello messages to fix the reboot issue with NETSurveillance video cameras [NDM-4387]

Release 5.1 Beta 0.2 Core: fixed a memory leak in the API parsers for IPv6 addresses and prefixes [NDM-4376] NDNS: fixed the incorrect 403 Forbidden status when accessing the device name in cloud mode over IPv6 [NDM-4378] Web: restored the Wi-Fi band selection option for registered clients (reported by @Gonzik) [NWI-4774] Web: fixed the logo font and colour in the header (requested by @dimon27254 et al) [NWI-4771] Wi-Fi: restored the ability to configure different SSIDs for 2.4 and 5 GHz in the same segment (reported by @keenet07, @Robespierre) [NDM-4343] WSD: corrected the packet format for Probe and Hello messages to fix the reboot issue with NETSurveillance video cameras [NDM-4387]