OpenWrt 22.03.7 seventh service release

Release and security announcements
1

Hi,

The OpenWrt community is proud to announce the newest stable release of the OpenWrt 22.03 stable version series. It fixes security issues, improves device support, and brings a few bug fixes.

Download firmware images using the OpenWrt Firmware Selector:

Download firmware images directly from our download servers:

OpenWrt 22.03 is EOL

The OpenWrt 22.03 series is end of life according to the OpenWrt security policy. The last release from the OpenWrt 22.03 series is 22.03.7, after this date we will not provide any updates for OpenWrt 22.03, not even for severe security problems. We encourage everyone to upgrade to OpenWrt 23.05 which will be supported till 2025.

Main changes between OpenWrt 22.03.6 and OpenWrt 22.03.7:

Security

  • CVE-2023-52160: hostapd: Fix a authentication bypass problem in WPA Enterprise client mode.
  • CVE-2023-36328: dropbear: libtommath: possible integer overflow
  • CVE-2023-48795: dropbear: implement Strict KEX mode

Device support

  • ath79: TP-Link TL-WDR3600 and TL-WDR4300: fix spurious reboot hangs
  • ath79: Ubiquity Bullet M (XW): Fix Ethernet PHY link up
  • bcm47xx: Linksys WRT320N v1: Fix switch setup
  • ramips: Improve reliability of bootup by improving reset handling
  • sunxi: Olinuxino Micro: fix network bringup

Various fixes and improvements

  • mac80211: add missing config for third 160MHz width for 5GHz radio
  • hostapd: fix 11r defaults when using SAE
  • hostapd: fix 11r defaults when using WPA

Core components update

  • Update Linux kernel from 5.10.201 to 5.10.221
  • Update ksmbd from 3.4.7 to 3.5.0
  • Update mac80211 from 5.15.92-1 to 5.15.162-1
  • Update wolfssl from 5.6.4 to 5.7.2
  • Update mbedtls from 2.28.5 to 2.28.8
  • Update wireless-regdb from 2023.09.01 to 2024.07.04
  • Update intel-microcode from 20230808 to 20240531
  • Update jsonfilter from 2018-02-04 to 2024-01-23

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/22.03/notes-22.03.7

In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/22.03/notes-22.03.7#known_issues

For a detailed list of all changes since 22.03.6, refer to
https://openwrt.org/releases/22.03/changelog-22.03.7

To download the 22.03.7 images, navigate to:
https://downloads.openwrt.org/releases/22.03.7/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org/?version=22.03.7

As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.

Have fun!

The OpenWrt Community

To stay informed of new OpenWrt releases and security advisories, there are new channels available:

11 Likes
3

Just updated a Linksys MR8300 using attended sysupgrade with no issues.

Thank you to the team!

1 Like
4

Is it known whether this release is also affected by the mac80211 wifi throughput issue seen in the recent v23 release?

5

Likely not.
Mac80211 in 22.03 is based on kernel 5.15 backports, which has not got the problematic commit.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/net/mac80211/cfg.c?h=v5.15.164

23.05 mac80211 is based on kernel 6.1 backports, and there the problem commit exists.
"set station RX-NSS on reconfig"
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/net/mac80211/cfg.c?h=v6.1.102
Two upstream fixes were merged for 23.05, but they are likely not needed for 22.03 (at least not needed for the same reason...)

2 Likes
6

Anyone using a Raspberry Pi 4 as a router with OpenWrt should use 22.03.7. It’s a good match to the older hardware and works reliably throwing no errors to the log while getting the most throughput speed possible with this hardware. Set it and forget it.