Other ASUSWRT-MERLIN 3004.388.9

3004.388.9 (9-Apr-2025)
- NOTE: BCM4912 models such as the GT-AX6000 have now been
migrated to the 3006 firmware series.

- NEW: (re-added) VPN interface selector on the Speedtest page,
to test a VPN tunnel's throughput.
- UPDATED: Merged GPL 388_25373.
- UPDATED: dropbear to 2025.87.
- UPDATED: OpenVPN to 2.6.14.
- UPDATED: dnsmasq to 2.91.
- UPDATED: miniupnpd to 2.3.7 (20250207 snapshot)
- UPDATED: amtm to 5.2 (decoderman)
- CHANGED: VPN public IP retrieval now uses HTTP instead of STUN,
which should be more reliable through a VPN tunnel.
- CHANGED: Model name will be inserted in the filename of JFFS
backups.
- CHANGED: Improved refresh behaviour of the VPN Status page.
- CHANGED: Set rp_filter mode to "loose" on Wireguard client
interfaces.
Fixes gettunnelip.sh and onboard speedtest.
- CHANGED: Display public IP address for Wireguard clients.
- CHANGED: Make PCP requests also honor the Secure Mode setting
(Self-Hosting-Group)
- CHANGED: Settings/JFFS backup uploads file picker will filter by
file extension.
- CHANGED: Added dhd userspace tool to RT-AX88U and GT-AX11000.
- CHANGED: WAN IPv6 provided as second argument to the ddns-start
script.
- FIXED: CVE-2024-9143 in OpenSSL (Debian backport by RSDNTWK)
- FIXED: Missing icon for the GT-AX11000 on AiMesh page

- CHANGED: VPN killswitch will now only be active if the
VPN client itself is enabled. If you stop/start
the client yourself over SSH, you need to also
update the enabled/disabled nvram setting.
- FIXED: Security issues in AiCloud (backports from Asus)
- FIXED: CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 &
Implicit rejection for RSA PKCS#1 in openssl
(backport from Ubuntu by RSDNTWK)

- UPDATED: dnsmasq to 2.90 (resolves CVE 2023-50868 and CVE 2023-50387).
- FIXED: LACP support was missing on the XT12.

386.12_4 (21-Nov-2023)
- UPDATED: openvpn to 2.6.8 (fixes a crash introduced in 2.6.7)