OpenWrt 22.03 | OpenWrt

End of life · latest 22.03.7 on 2024-07-25 · initial release 2022-09-06 · EoL 2024-07

Get firmware on Downloads (latest 22.03.7). Each version's full technical changelog lives on the wiki; the notes below are the per-release summary.

OpenWrt 22.03.7 — Service Release · 25 July 2024

OpenWrt 22.03 is EOL

⚠️ The OpenWrt 22.03 series is end of life according to the OpenWrt security policy. The last release from the OpenWrt 22.03 series is 22.03.7, after this date we will not provide any updates for OpenWrt 22.03, not even for severe security problems. We encourage everyone to upgrade to OpenWrt 23.05 which will be supported till 2025.

Main changes between OpenWrt 22.03.6 and OpenWrt 22.03.7

Only the main changes are listed below. See https://openwrt.org/releases/22.03/changelog-22.03.7 for the full changelog.

Security

CVE-2023-52160: hostapd: Fix a authentication bypass problem in WPA Enterprise client mode.
CVE-2023-36328: dropbear: libtommath: possible integer overflow
CVE-2023-48795: dropbear: implement Strict KEX mode

Device support

ath79: TP-Link TL-WDR3600 and TL-WDR4300: fix spurious reboot hangs
ath79: Ubiquity Bullet M (XW): Fix Ethernet PHY link up
bcm47xx: Linksys WRT320N v1: Fix switch setup
ramips: Improve reliability of bootup by improving reset handling
sunxi: Olinuxino Micro: fix network bringup

Various fixes and improvements

mac80211: add missing config for third 160MHz width for 5GHz radio
hostapd: fix 11r defaults when using SAE
hostapd: fix 11r defaults when using WPA

Core components update

Update Linux kernel from 5.10.201 to 5.10.221
Update ksmbd from 3.4.7 to 3.5.0
Update mac80211 from 5.15.92-1 to 5.15.162-1
Update wolfssl from 5.6.4 to 5.7.2
Update mbedtls from 2.28.5 to 2.28.8
Update wireless-regdb from 2023.09.01 to 2024.07.04
Update intel-microcode from 20230808 to 20240531
Update jsonfilter from 2018-02-04 to 2024-01-23

Known issues

See reporting bugs if you encounter issues with this release.

Broken MV88E6176 switch

Devices featuring the MV88E6176 integrated switch are currently broken in 22.03: the switch behaves as a hub, meaning network packets will be sent to all ports. This bug is documented in (FS#11077). This problem is only seen with kernel 5.10. OpenWrt 21.02 and OpenWrt master are not affected.

OpenWrt 22.03.6 — Service Release · 5 December 2023

OpenWrt 22.03 EOL in April 2024

⚠️ The OpenWrt 22.03 series will be supported till April 2024 according to the OpenWrt security policy. The last release from the OpenWrt 22.03 series is planned for April 2024, after this date we will not provide any updates for OpenWrt 22.03, not even for severe security problems. We encourage everyone to upgrade to OpenWrt 23.05 which will be supported till 2025.

Main changes between OpenWrt 22.03.5 and OpenWrt 22.03.6

Only the main changes are listed below. See https://openwrt.org/releases/22.03/changelog-22.03.6 for the full changelog.

Device support

Support for the following devices was added:
- ramips: Cudy X6 v2
- ramips: Keenetic Lite III rev. A
- ramips: SNR-CPE-W4N-MT router
ath79: WLR-7100: fix packetloss
ath79: wpj563: enable 2nd USB controller
ath79: TP-Link Archer C7 v2: increase the rfkill debounce interval
bmips: NETGEAR DGND3700v2: fix boot loop
ipq40xx: switch to performance governor by default
ramips: Cudy X6: fixes / improvements

Various fixes and improvements

build: generate index.json
build: fix generation of large .vdi images
lua: fix integer overflow in LNUM patch
dropbear: add ed25519 for failsafe key
treewide: add PKG_CPE_ID to multiple packages
mac80211: fix not set noscan option for wpa_supplicant
hostapd: fix broke noscan option for mesh
hostapd: permit also channel 7 for 2.5GHz to be set to HT40PLUS

Core components update

Update Linux kernel from 5.10.176 to 5.10.201
Update openssl from 1.1.1t to 1.1.1w
Update wolfssl from 5.5.4 to 5.6.4
Update mbedtls from 2.28.2 to 2.28.5
Update mt76 22.03 from 2022-09-06 to 2023-09-11
Update wireless-regdb from 2023.02.13 to 2023.09.01
Update linux-firmware from 20220411 to 20230804
Update intel-microcode from 20220809 to 20230808
Update ca-certificates from 20211016 to 20230311
Update uhttpd from 2022-10-31 to 2023-06-25
Update urngd from 2020-01-21 to 2023-11-01

Known issues

See reporting bugs if you encounter issues with this release.

Broken MV88E6176 switch

OpenWrt 22.03.5 — Service Release · 1 May 2023

Main changes between OpenWrt 22.03.4 and OpenWrt 22.03.5

Only the main changes are listed below. See https://openwrt.org/releases/22.03/changelog-22.03.5 for the full changelog.

Security fixes

CVE-2023-0464: openssl: Excessive Resource Usage Verifying X.509 Policy Constraints
CVE-2023-0465: openssl: Invalid certificate policies in leaf certificates are silently ignored

Device support

Archer AX23 / MR70X: Reduce SPI-frequency
Aruba AP-105: Create APBoot compatible image
Buffalo WSR-600DHP: Fix boot loop

Various fixes and improvements

Fix UBI (Unsorted Block Images) bug which prevented some devices from booting
Fix ccache compile with GCC 13

Core components update

Update uclient from 2021-05-14 to 2023-04-13

Known issues

See reporting bugs if you encounter issues with this release.

Broken MV88E6176 switch

OpenWrt 22.03.4 — Service Release · 10 April 2023

Main changes between OpenWrt 22.03.3 and OpenWrt 22.03.4

Only the main changes are listed below. See https://openwrt.org/releases/22.03/changelog-22.03.4 for the full changelog.

Security fixes

Device support

Various fixes and improvements

Core components update

Known issues

See reporting bugs if you encounter issues with this release.

Broken MV88E6176 switch

OpenWrt 22.03.3 — Service Release · 9 January 2023

Main changes between OpenWrt 22.03.2 and OpenWrt 22.03.3

Only the main changes are listed below. See https://openwrt.org/releases/22.03/changelog-22.03.3 for the full changelog.

Security fixes

CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x’s awk applet
CVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-after-free flaw in dnsmasq DHCPv6 server
CVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5
CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
CVE-2022-46393: mbedtls: Fix potential heap buffer overread and overwrite
CVE-2022-46392: mbedtls: An adversary with access to precise enough information about memory accesses can recover an RSA private key
CVE 2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections.

Device support

Support for the following devices was added:
- Ruckus ZoneFlex 7372
- Ruckus ZoneFlex 7321
- ZTE MF289F
- TrendNet TEW-673GRU
- Linksys EA4500 v3
- Wavlink WS-WN572HP3 4G
Fix reboot loop by using LZMA loader. This affects the following devices:
- NETGEAR EX6150
- HiWiFi HC5962
- ASUS RT-N56U B1
- Belkin F9K1109v1
- D-Link DIR-645
- D-Link DIR-860L B1
- NETIS WF2881
- ZyXEL WAP6805
Fix WAN mac address assignment. This affects the following devices:
- UniElec U7621-01
- UniElec U7621-06
- TP-Link AR7241
- TP-Link TL-WR740N
- TP-Link TL-WR741ND v4
- Teltonika RUT230
- Luma Home WRTQ-329ACN
mvebu: Disable devices using broken mv88e6176 switch. This affects the following devices (See https://openwrt.org/releases/22.03/notes-22.03.3#broken_mv88e6176_switch):
- CZ.NIC Turris Omnia
- Linksys WRT1200AC
- Linksys WRT1900ACS
- Linksys WRT1900AC v1
- Linksys WRT1900AC v2
- Linksys WRT3200ACM
- Linksys WRT32X
- Linksys WRT3200ACM
- SolidRun ClearFog Pro
lantiq/xrx200: Enable interrupts on second VPE
layerscape: Fix SPI-NOR issues with vendor patches
RouterBoard 912UAG: Fix reference clock
TP-Link RE200 v3/v4: Fix LED configuration
GL.iNet GL-MT1300: Fix flash access by reducing SPI clock
Youku YK-L2 and YK-L1: Allow installing initramfs-kernel.bin over vendor web UI
D-Link DIR-825 B1: Add factory image recipe
D-Link DIR-825-B1: Expand rootfs
D-Link DGS-1210-10P: Add support for extra buttons and LEDs
Asus RT-AC88U: Include Broadcom 4366b1 firmware by default
AVM FRITZ!Box 7430: Include USB driver by default
HAOYU Electronics MarsBoard A10: Include sound driver by default
Linksys EA6350v3, EA8300, MR8300 and WHW01: Allow flashing Linksys factory firmware

Various fixes and improvements

firewall4: Fix boot hang with firewall4 and loadfile
Added the following kernel packages:
- kmod-sched-prio (extracted from kmod-sched)
- kmod-sched-red (extracted from kmod-sched)
- kmod-sched-act-police (extracted from kmod-sched)
- kmod-sched-act-ipt (extracted from kmod-sched)
- kmod-sched-pie (extracted from kmod-sched)
- kmod-sched-drr
- kmod-sched-fq-pie
- kmod-sched-act-sample
- kmod-nvme
- kmod-phy-marvell
- kmod-hwmon-sht3x
- kmod-netconsole
- kmod-btsdio
Added firmware files for mt7916 and mt7921 devices
hostapd: Remove dtim_period option from device, it is already a BSS property
procd: Service: pass all arguments to service
ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
comgt-ncm: Add support for quectel modem EC200T-EU
umbim: Allow roaming and partner connections
kernel: Add support for EON EN25QX128A spi nor flash
iwinfo: Many bugfixes and improvements:
- improvements in showing the used band, ht mode and hw mode
- Added support for HE (Wifi 6) modes
- Added support for new devices (MT7921AU, MT7986 WiSoC)
- Add support for CCMP-256 and GCMP-256 ciphers
uhttpd: Fix incorrectly emitting HTTP 413 for certain content lengths
gcc: Import patch fixing asm machine directive for powerpc

Core components update

Update Linux kernel from 5.10.146 to 5.10.161
Update mac80211 backports from 5.15.58-1 to 5.15.81-1
Update strace from 5.16 to 5.19
Update mbedtls from 2.28.1 to 2.28.2
Update openssl from 1.1.1q to 1.1.1s
Update wolfssl from 5.5.1 to 5.5.4
Update util-linux from 2.37.3 to 2.37.4
Update firewall4 from 2022-10-14 to 2022-10-18
Update odhcpd from 2022-03-22 to 2023-01-02
Update uhttpd from 2022-08-12 to 2022-10-31
Update iwinfo from 2022-08-19 to 2022-12-15
Update ucode from 2022-10-07 to 2022-12-02

Known issues

See reporting bugs if you encounter issues with this release.

Broken MV88E6176 switch

OpenWrt 22.03.2 — Service Release · 17 October 2022

Main changes between OpenWrt 22.03.1 and OpenWrt 22.03.2

Only the main changes are listed below. See https://openwrt.org/releases/22.03/changelog-22.03.2 for the full changelog.

Security fixes

mac80211/cfg80211: Security fixes for BSSID parsing (CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721 and CVE-2022-42722)
- See https://openwrt.org/advisory/2022-10-17-1

Device support

Support for the following devices was added:
ZyXEL NWA50AX / NWA55AXE (ramips)
ramips/mediatek: backport NAND flash driver from master
mpc85xx: p1010: make TP-Link WDR4900 v1 build again

Various fixes and improvements

busybox: nslookup: Fix wrongly dropped DNS response on some platforms

Core components update

Update rpcd from 2022-08-24 to 2022-09-21
Update ucode from 2022-08-29 to 2022-10-07
Update firewall4 from 2022-09-01 to 2022-10-14

Known issues

Boot hang with firewall4 and loadfile: When using a firewall configuration declaring config ipset sections in conjunction with an option loadfile entry, the fw4 process will hang and prevent the system startup to complete. To solve this issue, boot the system into failsafe mode and temporarily disable any loadfile option. Proceed with a normal system reboot, upgrade the firewall4 package to version “2022-10-18-7ae5e14b-1” or later using opkg update; opkg upgrade firewall4 and re-enable any previously disabled option loadfile entries.

See reporting bugs if you encounter issues with this release.

OpenWrt 22.03.1 — Service Release · 12 October 2022

Main changes between OpenWrt 22.03.0 and OpenWrt 22.03.1

Only the main changes are listed below. See https://openwrt.org/releases/22.03/changelog-22.03.1 for the full changelog.

Security fixes

wolfssl: Fix security problem (CVE-2022-38152, CVE-2022-38153 and CVE-2022-39173)
- See Security Advisory 2022-10-04-1

Device support

Support for the following devices was added:
- ZTE MF281
- Ubiquiti UniFi FlexHD
Asus RT-AX53U: fix switch setup
GL-inet GL-AP1300: add LTE package, add WAN LED
Ubiquiti XM moved to ath79/tiny
Ubiquiti UniFi 6LR: fix network config
Linksys RE6500: enable LZMA loader to fix boot
LibreRouter v1: fix watchdog and PoE passthrough
NanoPi R4S: ensure unique MAC address
bcm4908:
- Enable NVMEM U-Boot env data driver
- Backport mtd parser for Broadcom’s U-Boot partition
- fix -EPROBE_DEFER support in bcm4908_enet
realtek:
- fix RTL838x receive tag decoding
- fix RTL839x receive tag decoding
ath79/tiny: activate low_mem too

Various fixes and improvements

kernel:
- Backport mtd dynamic partition patch
- Fix possible mtd NULL pointer dereference
hostapd: rename hostapd multicast_to_unicast option to multicast_to_unicast_all
mt7620 wifi: multiple improvements
build system:
- Switch from xxd tool to xxdi.pl script
- Check TLS certificates by default when downloading over HTTPS
- Fix issues with targets installed via feeds
- Fix build warnings with grep-3.8
- Fix build problems with external toolchains
- Activate fortify source when using external toolchain

Core components update

Update Linux kernel from 5.10.138 to 5.10.146
Update mt76 from 2022-08-26 to 2022-09-06
Update wolfssl from 5.4.0 to 5.5.1
Update wireless-regdb from 2022.06.06 to 2022.08.12
Update intel-microcode from 20220510 to 20220809

OpenWrt 22.03.0 — First Stable Release · 6 September 2022

Highlights in OpenWrt 22.03.0

Firewall4 based on nftables

Firewall4 is used by default, superseding the iptables-based firewall3 implementation in the OpenWrt default images. Firewall4 uses nftables instead of iptables to configure the Linux netfilter ruleset.

Firewall4 keeps the same the UCI firewall configuration syntax and should work as a drop-in replacement for fw3 with most common setups, emitting nftables rules instead of iptables ones.

Including custom firewall rules through /etc/firewall.user still works, but requires marking the file as compatible first, otherwise it is ignored. Firewall4 additionally allows to include nftables snippets. The firewall documentation explains how to include custom firewall rules with firewall4. Some community packages that add firewall rules might not work for now, and will need to be adapted to fw4: this will happen gradually throughout the lifetime of the 22.03 release series.

The legacy iptables utilities are not included in the default images anymore, but can be added back using opkg or the Image Builder if needed. The transitional packages iptables-nft, arptables-nft, ebtables-nft and xtables-nft can be used to create nftables rules using the old iptables command line syntax.

Many new devices added

OpenWrt 22.03 supports over 1580 devices. Support for over 180 new devices was added in addition to the device support by OpenWrt 21.02.

OpenWrt 22.03 supports more than 15 devices capable of Wifi 6 (IEEE 802.11ax) using the MediaTek MT7915 wifi chip.

More targets converted to DSA

The following targets or boards were migrated from swconfig to DSA with OpenWrt 22.03 in addition to the systems already migrated with OpenWrt 21.02:

https://openwrt.org/docs/techref/targets/bcm53xx: All board using this target were converted to DSA
https://openwrt.org/docs/techref/targets/lantiq: All boards using the xrx200 / vr9 SoC
https://openwrt.org/docs/techref/targets/sunxi: Bananapi Lamobo R1 (only sunxi board with switch)

Dark mode in LuCI

The LuCI bootstrap design supports a dark mode. The default design activates dark mode depending on the browser settings. Change it manually at “System” -> “System” -> “Language and Style”.

Year 2038 problem handled

OpenWrt 22.03 uses musl 1.2.x, which changed the time_t type from 32 bit to 64 bit on 32 bit systems, on 64 bit system it was always 64 bit long. When a Unix time stamp is stored in a signed 32 bit integer it will overflow on 19 January 2038. With the change to 64 bit this will happen 292 billion years later. This is a change of the musl libc ABI and needs a recompilation of all user space applications linked against musl libc. For 64 bit systems this was done when the ABI was defined many years ago, the glibc ARC ABI already has a 64 bit time_t.

Core components update

Core components have the following versions in 22.03.0-rc6:

Updated toolchain:
- musl libc 1.2.3
- glibc 2.34
- gcc 11.2.0
- binutils 2.37
Updated Linux kernel
- 5.10.138 for all targets
Network:
- hostapd 2.10, dnsmasq 2.86, dropbear 2022.82
- cfg80211/mac80211 from kernel 5.15.58
System userland:
- busybox 1.35.0

In addition to the listed applications, many others were also updated see the detailed Changelog for more information.

OpenWrt 22.03.0-rc6 — Sixth Release Candidate · 2 August 2022

OpenWrt 22.03.0-rc6

The OpenWrt community is proud to announce the sixth release candidate of the upcoming OpenWrt 22.03 stable version series. It incorporates over 3500 commits since branching the previous OpenWrt 21.02 release and has been under development for about one year.

This is just a release candidate and not the final release yet.

Get OpenWrt firmware images at: https://downloads.openwrt.org/releases/22.03.0-rc6/ or use the firmware selector at: https://firmware-selector.openwrt.org/?version=22.03.0-rc6

Changes between OpenWrt 22.03.0-rc5 and 22.03.0-rc6

For a detailed list of changes since OpenWrt 22.03.0-rc6 see the 22.03.0-rc6 changelog.

Changes in this release candidate since the previous 22.03.0-rc5 release candidate are:

Software updates

Linux kernel updated to version 5.10.134 (from 5.10.127 in v22.03.0-rc5)
mac80211 updated to version 5.15.58-1 (from 5.15.33-1 in v22.03.0-rc5)
wolfssl updated to version 5.4.0 (from 5.3.0 in v22.03.0-rc5)
openssl update to version 1.1.1q (from 1.1.1p in v22.03.0-rc5)
intel-microcode update to version 20220510 (from 20220207 in v22.03.0-rc5)

Misc changes

wolfssl: Deactivate CPU acceleration by default
wolfssl: Make package shared again

Device support

New devices
- ramips: Netgear WAX202
bcm53xx: NAT performance increase

Many other changes in all parts of OpenWrt, see 22.03.0-rc6 changelog for details.

OpenWrt 22.03.0-rc5 — Fifth Release Candidate · 8 July 2022

OpenWrt 22.03.0-rc5

The OpenWrt community is proud to announce the fifth release candidate of the upcoming OpenWrt 22.03 stable version series. It incorporates over 3500 commits since branching the previous OpenWrt 21.02 release and has been under development for about one year.

This is just a release candidate and not the final release yet.

Get OpenWrt firmware images at: https://downloads.openwrt.org/releases/22.03.0-rc5/ or use the firmware selector at: https://firmware-selector.openwrt.org/?version=22.03.0-rc5

Changes between OpenWrt 22.03.0-rc4 and 22.03.0-rc5

For a detailed list of changes since OpenWrt 22.03.0-rc4 see the 22.03.0-rc5 changelog.

Changes in this release candidate since the previous 22.03.0-rc4 release candidate are:

Software updates

Linux kernel updated to version 5.10.127 (from 5.10.120 in v22.03.0-rc4)
openssl update to version 1.1.1p (from 1.1.1o in v22.03.0-rc4)
mt76 update to version 2022-07-03 (from 2022-03-15 in v22.03.0-rc4)
wireless-regdb update to version 2022.06.06 (from 2022.02.18 in v22.03.0-rc4)

Misc changes

firewall4: multiple updates
iptables: default to ip(6)tables-nft
hostapd: Add owe_transition_ifname option

Device support

New devices
- ath79: RouterBOARD mAP
- mediatek: Ubiquiti UniFi 6 LR v2
rampis: ZyXEL NBG-419N v2: fix booting
Activate ARM64 crypto extensions in supported ARM64 target kernels.
Update uboot-mvebu to version v2022.04
ipq40xx: mikrotik: provide BDF-s on demand

Many other changes in all parts of OpenWrt, see 22.03.0-rc5 changelog for details.

OpenWrt 22.03.0-rc4 — Fourth Release Candidate · 14 June 2022

OpenWrt 22.03.0-rc4

The OpenWrt community is proud to announce the fourth release candidate of the upcoming OpenWrt 22.03 stable version series. It incorporates over 3500 commits since branching the previous OpenWrt 21.02 release and has been under development for about one year.

This is just a release candidate and not the final release yet.

Get OpenWrt Firmware at: https://downloads.openwrt.org/releases/22.03.0-rc4/

OpenWrt 22.03.0-rc2 was skipped because the URL of the release repository was not updated correctly.

OpenWrt 22.03.0-rc3 was skipped because of a severe problem in firewall4.

Changes between OpenWrt 22.03.0-rc1 and 22.03.0-rc4

For a detailed list of changes since OpenWrt 22.03.0-rc1 see the 22.03.0-rc4 changelog.

Changes in this release candidate since the previous 22.03.0-rc1 release candidate are:

Software updates

Linux kernel updated to version 5.10.120 (from 5.10.111 in v22.03.0-rc1)
wolfssl Update to version 5.3.0 (from 5.2.0 in v22.03.0-rc1)
openssl Update to version 1.1.1o (from 1.1.1n in v22.03.0-rc1)

Misc changes

ucode: many updates
firewall4: many updates
Multiple fixes for flow offload fixing problems with IPv6 and PPPoE

Device support

New devices
- ath79: TP-Link Deco M4R
- ath79: Netgear WNDAP360
- ath79: MikroTik RouterBOARD 952Ui-5ac2nD (hAP ac lite)
- ath79: MikroTik RouterBOARD 951Ui-2nD (hAP)
- ath79: Ubiquiti NanoBeam M5
- bcm53xx: Asus RT-AC88U
- ipq806x: Arris TR4400 v2
- ramips: YunCore AX820
- ramips: TP-Link RE650 v2
- ramips: Wavlink WL-WN533A8
- ramips: SERCOMM NA502S
- ramips: Cudy X6
- realtek: ZyXEL GS1900-16
- realtek: ZyXEL GS1900-24E
lantiq: Add upstream vectoring support

Many other changes in all parts of OpenWrt, see Chnagelog for details.