The OpenWrt community is proud to announce the third service release of OpenWrt 21.02. It fixes security issues, improves device support, and brings a few bug fixes.

Download firmware images via the Firmware Selector, directly from our download servers or upgrade devices directly:

• https://firmware-selector.openwrt.org
• https://downloads.openwrt.org/releases/21.02.3/
• https://sysupgrade.openwrt.org

Main changes from OpenWrt 21.02.2

Only the main changes are listed below. See 21.02.3 changelog for the full list of changes.

Security fixes

• wolfssl: Fix multiple security problems (CVE-2022-25638, CVE-2022-25640)
• openssl: Fix security problem (CVE-2022-0778)
• zlib: Backport security fix for a reproducible crash in compressor

Device support

• Support for the following devices was added:
  • Yuncore XD3200
  • Yuncore A930
  • MikroTik RouterBOARD mAPL-2nD (mAP lite)
• ramips: Make memory detection more reliable
• ramips: Fix reboot for remaining 32 MB boards
• x86: Add pata_sis driver
• ipTIME mt7620 devices: Fix flash detection
• Turris Omnia: Improve detection of u-boot environment with U-boot 2021.09
• Ubiquiti UniFi: Fix label MAC address
• mvebu: udpu: Fix initramfs booting
• a20-olinuxino-lime2: Fix Ethernet link detection on
• TP-Link TL-WR1043ND v4: Fix TPLINK_HWREV field
• OCEDO Raccoon: Fix link for long cables
• Ubiquiti UniFi AP Outdoor+: Fix label MAC address
• TP-Link WPA8630Pv2: Move to ath79-tiny target
• Improve support for some GPON SFP modules

Various fixes and improvements

• Fix SSL certificate validation with some sites especially sites using Let’s Encrypt certificates
• hostapd fixes and improvemnts:
  • fix radius problem due to invalid attributes
  • Expose more data over ubus
• base-files: Call "sync" after initial setup
• imagebuilder: Fix broken image generation with external targets

Core components

• Update Linux kernel from 5.4.179 to 5.4.188
• Update openssl from 1.1.1m to 1.1.1n
• Update cypress-firmware from 5.4.18-2020_0402 to 5.4.18-2021_0812
• Update mac80211 from 5.10.85 to 5.10.110
• Update wolfssl from 5.1.1 to 5.2.0

Regressions

• None

Known issues

• Some IPv6 packets are dropped when software flow offloading is used: https://bugs.openwrt.org/index.php?do=details&task_id=3373
  • As a workaround, do not activate software flow offloading, it is deactivate by default.

Full release notes and upgrade instructions are available at https://openwrt.org/releases/21.02/notes-21.02.3

In particular, make sure to read the regressions and known issues before upgrading: https://openwrt.org/releases/21.02/notes-21.02.3#known_issues

For a detailed list of all changes since 21.02.2, refer to https://openwrt.org/releases/21.02/changelog-21.02.3

To download the 21.02.3 images, navigate to: https://downloads.openwrt.org/releases/21.02.2/

To stay informed of new OpenWrt releases and security advisories, there are new channels available:

• a low-volume mailing list for important announcements: https://lists.openwrt.org/mailman/listinfo/openwrt-announce
• a dedicated "announcements" section in the forum: https://forum.openwrt.org/c/announcements/14
• other announcement channels (such as RSS feeds) might be added in the future, they will be listed at https://openwrt.org/contact

As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters.

Sunshine!

The OpenWrt Community