OpenWrt 22.03.7 - Service Release - 25 July 2024

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.7, r20341-591b7e93d3
 -----------------------------------------------------

The OpenWrt community is proud to announce the newest stable release of the OpenWrt 22.03 stable version series. It fixes security issues, improves device support, and brings a few bug fixes.

Download firmware images via the Firmware Selector or directly from our download servers:

• Download firmware image for your device (firmware selector)
• Download firmware images directly from OpenWrt download servers

An upgrade from OpenWrt 21.02 or 22.03 to OpenWrt 22.03.7 is supported in many cases with the help of the sysupgrade utility which will also attempt to preserve the configuration. A configuration backup is advised nonetheless when upgrading to OpenWrt 22.03. (see “Upgrading” below).

The OpenWrt Project is a Linux operating system targeting embedded devices. It is a complete replacement for the vendor-supplied firmware of a wide range of wireless routers and non-network devices. See the Table of Hardware for supported devices. For more information about OpenWrt project organization, see the About OpenWrt pages.

Do you want to be informed about important changes such as new releases and security fixes?

We have a new mailing list for this, as well as RSS options: see Important changes and announcements.

The OpenWrt 22.03 series is end of life according to the OpenWrt security policy. The last release from the OpenWrt 22.03 series is 22.03.7, after this date we will not provide any updates for OpenWrt 22.03, not even for severe security problems. We encourage everyone to upgrade to OpenWrt 23.05 which will be supported till 2025.

Only the main changes are listed below. See changelog-22.03.7 for the full changelog.

• CVE-2023-52160: hostapd: Fix a authentication bypass problem in WPA Enterprise client mode.
• CVE-2023-36328: dropbear: libtommath: possible integer overflow
• CVE-2023-48795: dropbear: implement Strict KEX mode

• ath79: TP-Link TL-WDR3600 and TL-WDR4300: fix spurious reboot hangs
• ath79: Ubiquity Bullet M (XW): Fix Ethernet PHY link up
• bcm47xx: Linksys WRT320N v1: Fix switch setup
• ramips: Improve reliability of bootup by improving reset handling
• sunxi: Olinuxino Micro: fix network bringup

• mac80211: add missing config for third 160MHz width for 5GHz radio
• hostapd: fix 11r defaults when using SAE
• hostapd: fix 11r defaults when using WPA

• Update Linux kernel from 5.10.201 to 5.10.221
• Update ksmbd from 3.4.7 to 3.5.0
• Update mac80211 from 5.15.92-1 to 5.15.162-1
• Update wolfssl from 5.6.4 to 5.7.2
• Update mbedtls from 2.28.5 to 2.28.8
• Update wireless-regdb from 2023.09.01 to 2024.07.04
• Update intel-microcode from 20230808 to 20240531
• Update jsonfilter from 2018-02-04 to 2024-01-23

Sysupgrade can be used to upgrade a device from OpenWrt 21.02 or 22.03 to 22.03.7 and configuration will be preserved in most cases.

Sysupgrade from 19.07 to 22.03 is not supported.

There is no migration path for targets that switched from swconfig to DSA. In that case, sysupgrade will refuse to proceed with an appropriate error message:
Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed

See reporting bugs if you encounter issues with this release.

Devices featuring the MV88E6176 integrated switch are currently broken in 22.03: the switch behaves as a hub, meaning network packets will be sent to all ports. This bug is documented in (FS#11077). This problem is only seen with kernel 5.10. OpenWrt 21.02 and OpenWrt master are not affected.