Hi,
The OpenWrt community is proud to announce the newest stable release of the OpenWrt 23.05 stable series. It improves device support and brings a few bug fixes including security fixes.
Download firmware images using the OpenWrt Firmware Selector:
Download firmware images directly from our download servers:
Main changes between OpenWrt 23.05.2 and OpenWrt 23.05.3
Security fixes
- CVE-2023-36328: dropbear: Integer Overflow vulnerability in mp_grow in libtommath
- CVE-2023-48795: dropbear: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted
- CVE-2023-50868: dnsmasq: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack
Device support
- Support for the following devices was added:
- ath79: UniFi UK-Ultra
- mediatek: Acelink EW-7886CAX
- mediatek: ASUS RT-AX59U
- mediatek: ASUS TUF AX6000
- mediatek: Buffalo WSR-3200AX4S
- mediatek: Cetron CT3003
- mediatek: Confiabits MT7981
- mediatek: Cudy RE3000 v1
- mediatek: D-Link EAGLE PRO AI M32
- mediatek: GL.iNet GL-MT6000
- mediatek: JCG Q30 PRO
- mediatek: Routerich AX3000
- mediatek: TP-Link EAP225v5
- mediatek: Ubiquiti UniFi 6 Plus
- mediatek: Zbtlink ZBT-Z8102AX
- mediatek: ZyXEL EX5700 (Telenor)
- ramips: Cudy WR1300 v3
- ramips: D-Link COVR-X1860 A1
- ramips: Rostelecom RT-FE-1A
- ramips: Rostelecom RT-FL-1 (Serсomm RT-FL-1)
- ramips: Rostelecom S1010 (Serсomm S1010.RT)
- ramips: TP-Link EX220 v1
- ramips: YunCore G720
- ramips: Z-ROUTER ZR-2660
- ath79: Nanostation Loco M5 XW: Fix read only jffs2 partition
- ath79: TP-Link TL-WDR3600 and TL-WDR4300: Fix spurious reboot hangs
- ath79: ubnt-bullet-m-xw: fix Ethernet PHY traffic
- ipq807x: edgecore EAP102: fix lan/wan
- kirkwood: Ctera C200 V1: fix ubi part name
- lantiq: xway: disable SMP: fix boot on some Danube boards and NAT performance
- mediatek: MT7981/MT7986: fix Ethernet rx hang issue
- meidatek: Mercusys MR90X v1: fix eeprom loading
- mpc85xx: Extreme Networks WS-AP3825i: increase available RAM
- mvebu: IEI-World Puzzle M90x: fix RTC
- ramips: improve mtk_eth_soc resets
- ramips: rt305x: Use default uart in lzma-loader
- ramips: Sercomm NA502: Fix bootup problem
- ramips: Unielec u7621-01: Correct the PCIe port number
- realtek: d-link dgs-1210-10p: improve sfp support
- realtek: Netgear GS110TPP: fix OEM install
- rockchip: Orange Pi R1 Plus LTS: improve Ethernet stability
Various fixes and improvements
- mt76: Add mt7922 firmware
- mwlwifi: Add support for WPA3
- dropbear: Increase scp transfer speed
- kernel: fix bridge proxyarp issue with some broken DHCP clients
- mac80211: fix min_tx_power setting
- kernel: add Aquantia PHY firmware loader patches
- hostapd: fix FILS AKM selection with EAP-192
- hostapd: fix 11r defaults when using SAE
- hostapd: fix 11r defaults when using WPA
- hostapd: ACS: Fix typo in bw_40 frequency array on channel 118
Core components update
- Update Linux from 5.15.137 to 5.15.150
- Update mwlwifi from 2023-04-29 to 2023-11-20
- Update mt76 from 2023-08-14 to 2023-09-11
- Update netifd from 2023-11-10 to 2024-01-04
- Update jsonfilter from 2018-02-04 to 2024-01-23
- Update bcm27xx-gpu-fw from 2022-05-16 to 2024-01-11
- Update mbedtls from 2.28.5 to 2.28.7
- Update openssl from 3.0.12 to 3.0.13
- Update wireless-regdb from 2023.09.01 to 2024.01.23
- Update intel-microcode from 20230808 to 20240312
- Update dnsmasq from 2.89 to 2.90
Upgrading to 23.05.3
Sysupgrade can be used to upgrade a device from 22.03 to 23.05, and configuration will be preserved in most cases.
- Sysupgrade from 21.02 to 23.05 is not officially supported.
- ipq40xx EA6350v3, EA8300, MR8300 and WHW01 require tweak to the U-Boot environment on update from 22.03 to 23.05. Refer to the Device wiki or the instruction on sysupgrade on how to do this change. Config needs to be reset on sysupgrade.
Known issues
- lantiq/xrx200 target shows error messages in DSA switch configuration of the integrated GSWIP switch. (see: https://github.com/openwrt/openwrt/pull/13200)
- OpenWrt 23.05.3 was signed with the wrong signing keys. The keys from OpenWrt snapshot were used for OpenWrt 23.05.3, OpenWrt 23.05.2, OpenWrt 23.05.0 and the release candidates. A later OpenWrt 23.05 service release will use a different key.
See up to date information here:
https://openwrt.org/releases/23.05/notes-23.05.3#known_issues
Full release notes and upgrade instructions are available at
https://openwrt.org/releases/23.05/notes-23.05.3
In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/23.05/notes-23.05.3#known_issues
For a detailed list of all changes since 23.05.2, refer to
https://openwrt.org/releases/23.05/changelog-23.05.3
To download the 23.05.3 images, navigate to:
https://downloads.openwrt.org/releases/23.05.3/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org/?version=23.05.3
As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.
Have fun!
The OpenWrt Community
To stay informed of new OpenWrt releases and security advisories, there are new channels available:
-
a low-volume mailing list for important announcements:
https://lists.openwrt.org/mailman/listinfo/openwrt-announce -
a dedicated "announcements" section in the forum:
https://forum.openwrt.org/c/announcements/14 -
other announcement channels (such as RSS feeds) might be added in the future, they will be listed at https://openwrt.org/contact