Hi,

The OpenWrt community is proud to announce the newest stable release of the OpenWrt 23.05 stable series. It improves device support and brings a few bug fixes including security fixes.

Download firmware images using the OpenWrt Firmware Selector:

• https://firmware-selector.openwrt.org/?version=23.05.4

Download firmware images directly from our download servers:

• https://downloads.openwrt.org/releases/23.05.4/targets/

Main changes between OpenWrt 23.05.3 and OpenWrt 23.05.4

Device support

• Support for the following devices was added:
  • ath79: Huawei AP5030DN
  • mediatek: Unielec U7981-01
  • mediatek: Xiaomi AX3000T
  • mediatek: Cudy TR3000 v1
  • mediatek: Zbtlink ZBT-Z8103AX
  • mediatek: Adtran SmartRG Bonanza Peak series
  • mediatek: YunCore AX835
  • mediatek: Comfast CF-E393AX
  • mediatek: D-Link EAGLE PRO AI R32
  • mediatek: JDCloud RE-CP-03
  • mediatek: Netcore N60
  • mediatek: D-Link AQUILA PRO AI M30
  • mediatek: Cudy M3000 v1
  • mpc85xx: Hewlett Packard MSM460
  • ramips: D-Link DIR-806A B1
  • ramips: Netgear EAX12 series
  • ramips: Edimax BR-6208AC V2
  • ramips: Cudy TR1200 v1
• armsr: enable framebuffer emulation for virtio-gpu/drm displays used by Hetzner console
• armsr: add Realtek and smsc Ethernet phy drivers to the default image
• armsr: Renesas: RZ: Ethernet module and ttySC0
• ipq40xx: Linksys WHW03 v2: enable additional 5 GHz channels
• ipq40xx: Engenius EAP1300: Enable device
• ipq40xx: NETGEAR EX6150v2: fix broken image generation
• ipq806x: Meraki MR52: swap LAN LEDs
• mediatek: backport multiple Ethernet fixes from master
• mediatek: filogic: fix failsafe mode on devices with no lan1
• mediatek: Xiaomi WR30U: drop device with NMBM layout
• mediatek: Xiaomi WR30U: fix sysupgrade error
• mpc85xx: Enterasys WS-AP3710i: fix boot
• mpc85xx: Enterasys WS-AP3710i: fix eth mac-address
• rockchip: improve stability and fix console
• realtek: D-Link DGS-1210-16: Fix reboot hang
• realtek: Trap LLDP packets to the CPU and do not forward
• ramips: limit max spi clock frequency to 50 MHz

Various fixes and improvements

• Added missing and fixed license information for multiple packages
• Added CPE IDs to multiple packages
• Fix communication with tethered iOS devices in CDC NCM mode
• base-files: fix uid/gid auto-enumeration to avoid 16-bit limit
• wifi-scripts: fix creation of IBSS in legacy (non-HT) mode
• hostapd: don't ignore probe-requests with invalid DSSS params
• mac80211: backport many (security) fixes
• mac80211: add missing config for third 160MHz width for 5GHz radio
• kernel: Add missing dependencies for kmod-fs-btrfs
• kernel: allow installing kmod-ipt-tee and kmod-nft-dup-inet at the same time.
• config: Enable ext4 journaling by default.
• linux-firmware: package Intel AX201 firmware

Core components update

• Update Linux from 5.15.150 to 5.15.162
• Update mac80211 from 6.1.24 to 6.1.97-1
• Update mt76 from 2023-09-11 to 2024-04-03
• Update wireless-regdb from 2024.01.23 to 2024.07.04
• Update libxml2 from 2.11.4 to 2.12.5
• Update mbedtls from 2.28.7 to 2.28.8
• Update OpenSSL from 3.0.13 to 3.0.14
• Update wolfssl from 5.6.4 to 5.7.2
• Update unetd from 2023-05-31 to 2024-03-31
• Update ucode from 2023-11-07 to 2024-07-11
• Update intel-microcode from 20240312 to 20240531

Upgrading to 23.05.4

Sysupgrade can be used to upgrade a device from 22.03 to 23.05, and configuration will be preserved in most cases.

• Sysupgrade from 21.02 to 23.05 is not officially supported.
• ipq40xx EA6350v3, EA8300, MR8300 and WHW01 require tweak to the U-Boot environment on update from 22.03 to 23.05. Refer to the Device wiki or the instruction on sysupgrade on how to do this change. Config needs to be reset on sysupgrade.

Known issues

• lantiq/xrx200 target shows error messages in DSA switch configuration of the integrated GSWIP switch. (see: https://github.com/openwrt/openwrt/pull/13200)
• OpenWrt 23.05.4 was signed with the wrong signing keys. The keys from OpenWrt snapshot were used for OpenWrt 23.05.4, OpenWrt 23.05.3, OpenWrt 23.05.2, OpenWrt 23.05.0 and the release candidates. A later OpenWrt 23.05 service release will use a different key.

See up to date information here:
https://openwrt.org/releases/23.05/notes-23.05.4#known_issues

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/23.05/notes-23.05.4

In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/23.05/notes-23.05.4#known_issues

For a detailed list of all changes since 23.05.3, refer to
https://openwrt.org/releases/23.05/changelog-23.05.4

To download the 23.05.4 images, navigate to:
https://downloads.openwrt.org/releases/23.05.4/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org/?version=23.05.4

As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.

Have fun!

The OpenWrt Community

To stay informed of new OpenWrt releases and security advisories, there are new channels available:

• a low-volume mailing list for important announcements:
  https://lists.openwrt.org/mailman/listinfo/openwrt-announce

• a dedicated "announcements" section in the forum:
  https://forum.openwrt.org/c/announcements/14

• other announcement channels (such as RSS feeds) might be added in the future, they will be listed at https://openwrt.org/contact

Thanks for you work hauke and to everyone else that contributed to this release!

Yummy - thanks devs!

Upgraded my RT3200 and WDR4300 dumb AP just fine. Everything working as expected.

Thanks devs!

TP-LINK Archer C2600 v1 and two Archer A7s updated using Luci from 23.05.3 to 23.05.4 with settings kept, missing packages installed and devices rebooted.
So far all appears to be working normally.

Thanks again to all who do the work to make this not just possible, but easy.

Does anyone know why the "signed with the wrong signing keys" known issue is still there? It was also in .3 And in .2. There's no way that this happened each time. It says that a "later OpenWrt 23.05 service release will use a different key."

I'm seeing this error with attended sysupgrade via Luci:

Error connecting to upgrade server

Could not reach API at "https://sysupgrade.openwrt.org/api/overview?1721435021126". Please try again later.

{"detail":"Not Found"}

However, auc cli works fine.

This just happened to me

Upgraded a mediatek/filogic:zyxel,nwa50ax-pro from 23.05.3 to 25.05.4 using auc -y without issue.

On ath79/generic:tplink,archer-c7-v4, auc fails during the build with liblua version not as requested: 5.3.5-5 vs. 5.1.5-11.

Both mediatek/mt7622:linksys,e8450-ubi and x86/64:generic are dying as soon as auc starts, due to missing libusb-1.0.

I'll wait a few days and see if the libraries rebuild before I try again.

Seems like sysupgrade.openwrt.org has an issue with luci attended sysupgrade

https://sysupgrade.openwrt.org/stats
it is showing no data for everything

auc however works fine for me

In my case, I can't get the CLI to work...

Stupid quesiton but if you have a router on 23.05.2 you just get the 23.05.4 sysupgrade image and then flash?

Not a stupid question...

Yes, you can directly flash 23.05.4 (sysupgrade image) from 23.05.2 on most devices (certainly all standard embedded routers/APs).

Likely due to the combination of image buildbots year ago, when the separate 22.03 and 23.05 buildbots were removed and all images (main/master, 23.05, 22.03) are built with same buildbot. Earlier the separate release branch specific buildbots had separate signing keys. Likely there is currently no real logic in the buildbot script to select a different key for the releases, so that all builds are actually built with the same key.

What's the point of signing releases and snapshots with different keys anyway? Maybe it's better to say "not a bug, we officially have only one key"?

I get these errors on Linksys E8450, with auc -y:

Collected errors:
 * opkg_conf_parse_file: Duplicate src declaration (openwrt_core https://downloads.openwrt.org/releases/23.05.4/targets/mediatek/mt7622/packages). Skipping.
 * opkg_conf_parse_file: Duplicate src declaration (openwrt_base https://downloads.openwrt.org/releases/23.05.4/packages/aarch64_cortex-a53/base). Skipping.
 * opkg_conf_parse_file: Duplicate src declaration (openwrt_luci https://downloads.openwrt.org/releases/23.05.4/packages/aarch64_cortex-a53/luci). Skipping.
 * opkg_conf_parse_file: Duplicate src declaration (openwrt_packages https://downloads.openwrt.org/releases/23.05.4/packages/aarch64_cortex-a53/packages). Skipping.
 * opkg_conf_parse_file: Duplicate src declaration (openwrt_routing https://downloads.openwrt.org/releases/23.05.4/packages/aarch64_cortex-a53/routing). Skipping.
 * opkg_conf_parse_file: Duplicate src declaration (openwrt_telephony https://downloads.openwrt.org/releases/23.05.4/packages/aarch64_cortex-a53/telephony). Skipping.
Error: Impossible package selection: liblua version not as requested: 5.3.5-5 vs. 5.1.5-11

Let me report a successful sysupgrade via auc -y of Netgear WAX202, used as a repeater (so no liblua installed).

The sysupgrade of the main router, Linksys E8450, was OK on paper, but the result didn't work. The laptop connects to WiFi, but the repeater has trouble. Namely, the client connection is shown in the Wireless screen of the repeater, but IP packets don't come through. The network in question is a standard WPA3-SAE network with WDS.

EDIT: the repeater started working after an extra reboot of the main router and the replug of the USB hub that allows me to use my LTE modem and USB-connected SSD at the same time.

will work, but if you had any additional packages installed you will loose them (and the functionality they had, obviously). if any such packages are needed for the router to access the internet or for you to access the router (think VPNs), then you will be deadlocked.

if you have installed any packages before, i'd wait for a fix to Attended Sysupgrade server (which is having an issue right now), install package luci-app-attendedsysupgrade and use LuCI's Attended Sysupgrade client to upgrade.