Hi,

The OpenWrt community is proud to announce the fourth release candidate of the upcoming OpenWrt 24.10 stable series.
OpenWrt 24.10.0-rc4 incorporates over 5100 commits since branching the previous OpenWrt 23.05 release and has been under development for over one year.

This is just a release candidate and not the final release yet.

Download firmware images using the OpenWrt Firmware Selector:

• https://openwrt.github.io/firmware-selector-openwrt-org?version=24.10.0-rc4
  Download firmware images directly from our download servers:
• https://downloads.openwrt.org/releases/24.10.0-rc4/targets/

Please test this version

This is not the final version, this is a test version. Please report problems and bugs in our issue tracker. https://github.com/openwrt/openwrt/issues

Changes between OpenWrt 24.10.0-rc2 and 24.10.0-rc4

LuCI had multiple severe bugs in OpenWrt version 24.10.0-rc3, we did not officially released it.

• Linux Kernel update to version 6.6.67
• Added support for Realtek RTL8812au/RTL8821au USB wifi devices
• d1: Renamed boards to match device tree compatible string
• lantiq: xrx200_legacy: Create subtarget with less flash usage. Move the following devices to xrx200_legacy:
  • Alpha ASL56026 / BT Openreach ECI VDSL Modem V-2FUb/I
  • BT Openreach ECI VDSL Modem V-2FUb/R
  • NETGEAR DM200
  • TP-Link Archer VR200 v1
  • TP-Link Archer VR200v v1
  • TP-Link TD-W8970 v1
  • TP-Link TD-W8980 V1
• mediatek: filogic: Cudy WR3000: Fix MAC addresses
• mediatek: filogic: Migrate wifi configuration device paths
• qualcommax: ipq807x: fixed device IDs for some Netgear devices
• realtek: Zyxel GS1900: merge firmware partitions

For a detailed list of changes since OpenWrt 24.10.0-rc4 see the 24.10.0-rc4 changelog.

Highlights in OpenWrt 24.10:

General changes

• TLS 1.3 support in default images
  • mbedtls was updated to version 3.6 which includes support for TLS 1.3
• Activate POSIX Access Control Lists and file system security attributes for all file systems on devices with big flash sizes. This is needed by docker nowadays.
  • This is activated for all targets which do not have the small_flash feature flag. small_flash is set for the ath79/tiny, bcm47xx/legacy, lantiq/ase, lantiq/xrx200_legacy, lantiq/xway_legacy, ramips/mt76x8, ramips/rt288x, ramips/rt305x and ramips/rt3883 targets.
• Activate kernel support for Multipath TCP on devices with big flash sizes.
• Improved support for WiFi6 (802.11ax) and initial support for WiFi7 (802.11be)
  • Not many Wifi7 devices are supported by OpenWrt yet
• Improved Link Layer Discovery Protocol (LLDP) support
• OpenWrt 24.10 uses OPKG only, APK packages are not supported. Only main branch was changed to APK.

Many new devices added

OpenWrt 24.10 supports over 1950 devices. Support for over 100 new devices was added in addition to the device support by OpenWrt 23.05.

• Added support for OpenWrt One

Target changes

• Added d1 target for AllWinner D1 RISC-V SoC
• Added ixp4xx target for Intel XScale IXP4xx SoCs.
• Added loongarch64 target for SoCs with Loongson LoongArch CPUs.
• Added starfive target for StarFive JH71x0 (7100/7110) SoCs.
• Added stm32 target for STMicroelectronics STM32 SoCs.
• Renamed ipq807x target to qualcommax.
• Removed ath25 target. It supported Atheros ieee80211g devices with maximum 16MB RAM
• Removed bcm63xx target. It supported some Broadcom DSL MIPS SoCs and was replaced by the bmips target. The Broadcom DSL itself was never supported.
• Removed octeontx target. It supported the Octeon-TX CN80XX/CN81XX based boards
• Removed oxnas target. It supported the PLXTECH/Oxford NAS782x/OX8xx
• The qoriq target for the NXP QorIQ (PowerPC) SoCs is built
• The ipq806x target for Qualcomm Atheros IPQ806X SoCs was converted to DSA

Core components update

Core components have the following versions in 24.10.0-rc4:

• Updated toolchain:
  • musl libc 1.2.5
  • glibc 2.38
  • gcc 13.3.0
  • binutils 2.42
• Updated Linux kernel
  • 6.6.67 for all targets
• Network:
  • hostapd master snapshot from September 2024, dnsmasq 2.90, dropbear 2024.86
  • cfg80211/mac80211 from kernel 6.11.2

Upgrading to 24.10

Sysupgrade can be used to upgrade a device from 23.05 to 24.10, and configuration will be preserved in most cases.

• Sysupgrade from 22.03 to 24.10 is not officially supported.

• There is no configuration migration path for users of the ipq806x target for Qualcomm Atheros IPQ806X SoCs because it switched to DSA. You have to upgrade without saving the configuration.
  ''Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed''

• User of the Linksys E8450 aka. Belkin RT3200 running OpenWrt 23.05 or earlier will need to run installer version v1.1.3 or later in order to reorganize the UBI layout for the 24.10 release. A detailed description is in the OpenWrt wiki. Updating without using the installer will break the device. Sysupgrade will show a warning before doing an incompatible upgrade.

• Users of the Xiaomi AX3200 aka. Redmi AX6S running OpenWrt 23.05 or earlier have to follow a special upgrade procedure described in the wiki. This will increase the flash memory available for OpenWrt. Updating without following the guide in the wiki break the device. Sysupgrade will show a warning before doing an incompatible upgrade.

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/24.10/notes-24.10.0-rc4

In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/24.10/notes-24.10.0-rc4#known_issues

For a detailed list of all changes since 24.10.0-rc2, refer to
https://openwrt.org/releases/24.10/changelog-24.10.0-rc4

To download the 24.10.0-rc4 images, navigate to:
https://downloads.openwrt.org/releases/24.10.0-rc4/targets/
Use OpenWrt Firmware Selector to download:
https://openwrt.github.io/firmware-selector-openwrt-org?version=24.10.0-rc4

As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.

Have fun!

The OpenWrt Community

To stay informed of new OpenWrt releases and security advisories, there
are new channels available:

• a low-volume mailing list for important announcements:
  https://lists.openwrt.org/mailman/listinfo/openwrt-announce

• a dedicated "announcements" section in the forum:
  https://forum.openwrt.org/c/announcements/14

• other announcement channels (such as RSS feeds) might be added in the
  future, they will be listed at https://openwrt.org/contact

Is there a way to configure uhttpd to accept only TLS 1.3 connections? I can't find options in the wiki documentation, https://openwrt.org/docs/guide-user/services/webserver/uhttpd

Flashed rc4 on my GL-MT6000. Added my config, lots of settings, and packages. Everything is working great. Thanks for your efforts to all the devs and happy holidays!

happy xmas !

No, restricting ustreamssl to only TLS 1.3 is not supported, you can add this and create a PR.

Tried an RC4 custom build for GL-MT6000.
Std packages + my oneliner:
luci-app-sqm luci-proto-wireguard qrencode luci-app-ddns ddns-scripts-noip curl miniupnpd-nftables luci-app-upnp luci-app-wol map

Results: Unsupported profile: glinet_gl-mt6000

edit: appologies, wrong reply to Hauke,
I was meant to post a generic reply (still learning the forum).

Same for Linsys EA7300v2 (ramips/mt7621), Netgear WNR3700v4 (ath79/nand). Is it the underscore in the profle name? I don't remember if it's _ or -.

I've installed the Rc-4 and can say the UI seems to be less buggy now and doesn't have some odd issues anymore (so far).

What I did find is a visual bug in LuCI when inspecting any of the realtime graphs in a small browser window and the expanding the browser window.

The graph basically just stays in the middle and does not render all the way to the actual beginning of the graph:

image969×620 23.4 KB

After a while of letting it run it looks like this:

image967×615 24.5 KB

This is what it should actually look like:

image987×641 23.4 KB

Router info:

Router Model: Xiaomi Mi Router 4A (100M International Edition V2)
Firmware Version: OpenWrt 24.10.0-rc4 r28211-d55754ce0d / LuCI openwrt-24.10 branch 24.357.59006~41cbd31

NOTE: This happens when you open a realtime graph in a small window and THEN expand it. If you open up the graph and then change your browser window size it does NOT happen.

@aparcar The ASU server needs a kick (misc/update_all_targets.py?) to register the mediatek/filogic targets (and maybe others?).

It appears that the ASU server knows about the device, but it has not received the "build completed" callback from the web hook. Since the build has indeed completed, this results when https://github.com/openwrt/asu/blob/main/asu/routers/api.py#L97 finds no entry in the redis database.

This error is present in the x86/64 target too as well as the ASUS AX6000 target with custom package selection:

image1029×437 17.6 KB

Update: 25/12/24
Firmware Selector now working as expected on ASUS TUF AX6000 target and x86/64 target with custom packages. Thank you for resolving the issue.

Custom image for

Target         mediatek/mt7622
Profile        xiaomi_redmi-router-ax6s

builds and installs fine in owut (which is interesting, because for rc3 it did not build for that profile) whereas BPI R4 and mt3000 both fail with unsupported profile:

Request:
  Version 24.10.0-rc4 r28211-d55754ce0d (kernel 6.6.67)
--
Status:   Unsupported profile: glinet_gl-mt3000
Progress:   0s total =   0s in queue +   0s in build

Build failed in   0s total =   0s in queue +   0s to build:
ERROR: Build failed with status 400

--> those two successfully built and flashed RC3 before.

Either way, merry xmas to everyone

Successfully updated from RC2 via owut on my NanoPi R5C. 2 hours of uptime and so far no complaints.

Tried to use owut upgrade from rc2:

Results: Unsupported profile: dlink_dir-3040-a1

UPDATE: tried after 5hrs everything went smoothly. Merry Christmas!

This issue has been signaled several times before, hours ago. Many targets seem to be impacted.

I know we are all very serious on this forum, but I can't help envisioning the maintainers of OpenWRT as depicted in this YouTube video: https://www.youtube.com/watch?v=3_9LGSex1JY

Please feel free to remove if inappropriate.

I think, maybe one could use the commandline option switch "-P" and provide only TLSv3 ciphers as a workaround?

This is so true.

Many open source projects not updated for one or two hours= outdated and abandoned

I just noticed that the https-DNS-proxy package is extremely buggy and refuses to start itself when the device is restarted.
This is my config:

Most of the time it will look like this and appear to be running but not do anything at all. I notice this because a couple sites I visit are DNS blocked by my ISP.
I'll have to restart the service to make it run again, but that should not be the normal default behavior because the service is Enabled and should start by itself.

Sometimes however it will show itself as disabled but continue to work.... this is very confusing and I am unsure what the cause of this issue is.

Anyone else have these problems with that package?

My router:

Router Model: Xiaomi Mi Router 4A (100M International Edition V2)
Firmware Version: OpenWrt 24.10.0-rc4 r28211-d55754ce0d / LuCI openwrt-24.10 branch 24.357.59006~41cbd31

Netgear WAX202, used as a WDS repeater: successful upgrade from -rc2 via OWUT.