Note
- Many CVE fixes and improvements, updating is strongly recommended!
- Warning: due to changes in the naming of some nvram variables, users of OpenVPN should:
- clear nvram during the update or
- use this script: https://gist.github.com/pedro0311/674f2e19691106417a989a43bf27b0a4 - read the inside HOWTO first!
What's Changed
- wireguard: fix regression in 2025.5 when using "External - VPN Provider" type of VPN you couldn't set "Redirect Internet Traffic" to "All" if you wanted all traffic to be routed through wg, but instead had to use "Routing Policy" and "To Destination IP" set to "0.0.0.0/0"
- stubby: fix DNSSEC trust anchor bootstrapping by using static root trust anchors instead of Zero-config DNSSEC
- GUI: Status: Device List: fix sort by Lease Time (close #165)
- GUI: Bandwidth/IP Traffic: fix calculation on real-time chart (close #27)
- GUI: Bandwidth/IP Traffic: add interactive range selection to bandwidth charts (close #17)
- GUI: Bandwidth: Real-Time: prevent bandwidth spikes on interface counter resets
- GUI: IP Traffic: Real-Time: prevent bandwidth spikes on interface counter resets
- apcupsd: only install apcupsd with other files if TCONFIG_UPS is selected (close #202)
- wireguard: add delay on startup with user-defined value (close #204)
- DDNS: mdu.c: get_address(): add IPv6 support, refactor (close #215)
- DDNS: mdu.c: enhance _http_req() with full IPv6 support and safety fixes
- DDNS: mdu.c: update_cloudflare(): fix memory leak and improve Cloudflare DNS record handling
- mwwatchdog: cktracert(): fix rx_bytes overflow in traffic detection (busybox int32 limit) (close #181)
- build: embed firmware filename into image
- Update defaults.c disable telnet enable at startup
- WireGuard: separate the VPN tunnel check from the normal watchdog, as the former does not work with all configurations
- OpenVPN Client: separate the VPN tunnel check from the normal watchdog, as the former does not work with all configurations
- openssl-1.1: add fix for: CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795 and CVE-2026-22796
- httpd: usb.c: fix critical bugs in asp_usbdevices()
- porthealth: add port health service
- nginx: delay on startup with user-defined delay
... and much more
New Contributors
Full Changelog: 2025.5...2026.1