• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

🧪 new features

• send-message-to-serverlog now also available as url-parameter ?smsg=foo 6dcb1ef
  • option smsg configures which HTTP-methods to allow; can be set to GET,POST but default is only POST because GET is dangerous (CSRF)

🩹 bugfixes

• #1227 dillo was not able to login because dillo is more standards-compliant than every other browser (nice) b4df8fa
• a web-scraper which got banned for making malicious requests could remain banned for one request longer than intended (wait why did I fix this) ba67b27
• ?ls was still a bit jank 0a3a807

🌠 fun facts

• this 6AM release was powered by void/mournfinale
• was going to name the release "dilla på dillo" but somehow google-translate thinks that means "fuck on fuck" which would have been inappropriate

⚠️ not the latest version!

Hi,

The OpenWrt community is proud to announce the third release candidate of the OpenWrt 25.12 stable series.

Download firmware images using the OpenWrt Firmware Selector:

• https://firmware-selector.openwrt.org?version=25.12.0-rc3

Download firmware images directly from our download servers:

• https://downloads.openwrt.org/releases/25.12.0-rc3/targets/

Please test this version

This is not the final version, this is a test version. Please report problems and bugs in our issue tracker.

Highlights in OpenWrt 25.12

OpenWrt 25.12.0-rc3 incorporates over 4300 commits since branching the previous OpenWrt 24.10 release and has been under development for over one year.

Only the main changes are listed below. See changelog-25.12.0-rc3 for the full changelog.

General changes

The hardware requirements did not change significantly, most devices supported by OpenWrt 24.10 should also work with OpenWrt 25.12.

Switch package manager from opkg to apk

OpenWrt has transitioned from the traditional opkg package manager to apk (Alpine Package Keeper).

This change brings several advantages:

• apk is still maintained, the OpenWrt opkg fork was not maintained any more.

apk supports most features of opkg. Only very few package names changed. The command line arguments of apk are different from the command line arguments of opkg.

For users migrating existing systems, an official opkg to apk cheatsheet is available to ease the transition and map common workflows.

Integration of attended sysupgrade

The attended sysupgrade LuCI application is now installed by default.

ASU allows devices to:

• Upgrade to new OpenWrt firmware versions
• Automatically rebuild firmware images with all currently installed packages
• Preserve system configuration during upgrades

This dramatically simplifies upgrades: with just a few clicks in LuCI and a short wait, a custom firmware image is built and installed without manual intervention.

Shell history is preserved

Shell command history is now preserved across sessions by storing it in a RAM-backed filesystem.

Benefits:

• Command history is no longer lost between logins
• No unnecessary writes to flash storage by default

For users who prefer persistent history storage, this behavior can be changed by editing: /etc/profile.d/busybox-history-file.sh

⚠️ Note: Storing history on flash will increase write cycles and may impact flash endurance over time.

Integration of video feed

The OpenWrt video feed with Qt5 and UI applications is integrated by default.

Wi-Fi scripts in ucode

The wifi scripts were rewritten in ucode.

Target changes

• Extend realtek target with support for more switch SoCs like 10G Ethernet switches.
• Extend qualcommax target with support for ipq50xx and ipq60xx SoCs.
• Added siflower target for Siflower SF21A6826/SF21H8898 SoCs
• Added sunxi/arm926ejs subtarget for Allwinner F1C100/200s SoCs

Many new devices added

OpenWrt 25.12 supports over 2180 devices. Support for over 160 new devices was added in addition to the device support by OpenWrt 24.10.

Core components update

Core components have the following versions in 25.12.0-rc3:

• Updated toolchain:
  • musl libc 1.2.5
  • glibc 2.41
  • gcc 14.3.0
  • binutils 2.44
• Updated Linux kernel
  • 6.12.66 for all targets
• main packages:
  • cfg80211/mac80211 from kernel 6.18.0
  • hostapd master snapshot from August 2025
  • dnsmasq 2.91
  • dropbear 2025.89
  • busybox 1.37.0

In addition to the listed applications, many others were also updated.

Upgrading to 25.12

Upgrading from 24.10 to 25.12 should be transparent on most devices, as most configuration data has either remained the same or will be translated correctly on first boot by the package init scripts.

• Sysupgrade from 23.05 to 25.12 is not officially supported.

• Cron log level was fixed in busybox. system.@system[0].cronloglevel should be set to 7 for normal logging. 7 is the default now. If this option is not set, the default is used and no manual action is needed.

• Bananapi BPI-R4: Interfaces eth1 was renamed to sfp-lan or lan4 and the interface eth2 was renamed to sfp-wan to match the labels. You have to upgrade without saving the configuration.

Scratch installs/upgrades

If you wish to start from scratch (always the safest, but also the most work), simply download the pre-built image from the downloads site or from the Firmware Selector to your device. Make sure to create and save a backup, then install the image using sysupgrade -n /tmp/firmware.bin or the LuCI Backup/Flash Firmware, being sure to set "Keep settings and retain the current configuration" to its off position. Restore or reconstruct your configuration using the contents of the backup as a template.

Attended Sysupgrade options

Attended Sysupgrade (ASU) allows you to build a custom image that retains all of your installed packages and their configuration transparently. You need to use one of the three ASU clients that interface with the ASU server to produce this custom image:

• Firmware Selector - an online builder that requires you to manually supply it with the packages you wish to have installed. This package list is sent to the ASU server, and a new custom device image is created containing those packages. You may then download and install the image in LuCI Backup/Flash Firmware, but for this you would enable "Keep settings..."
• Luci Attended Sysupgrade - the web interface to the ASU server. This tool allows you to choose a new OpenWrt version, then collects the names of the packages on your device and sends them up to the ASU server. LuCI ASU then downloads the created image directly to your device and allows you to install it, without having to do any of the bookkeeping tasks involved with using the Firmware Selector.
• owut - a command line package that does the same job as LuCI ASU, but provides more diagnostics and better visibility into what's happening at the various steps before and during the build process.

Both the LuCI ASU app and owut are optional packages in 24.10, so if you have not installed them, they won't be there by default. Use either the LuCI Package Manager to install them, or you can do it from the command line with opkg:

$ opkg update
$ opkg install luci-app-attendedsysupgrade
$ opkg install owut

Note that you can install one or the other, or both together, they are completely independent packages.

Upgrades with Firmware Selector

The Firmware Selector does an excellent job of searching through the thousands of available device configurations and getting you to the right place. But, some devices have several variants and possibly different image formats, so if you're unsure about which one you need or which device you're dealing with or anything else, go to the |Firmware Selector support thread and ask away.

Upgrades with LuCI Attended Sysupgrade

The LuCI web interface should be fairly self explanatory. Since you have fairly limited options there that should be pretty obvious, but if anything is unclear or you're unsure about something, go to the LuCI Attended Sysupgrade support thread and ask.

Upgrades with owut

If you choose to use owut, the fact that it's a command line program means you'll need a little more explanation regarding best practices. In any situation, it's always safe to do a check to see what's going on.

$ owut check --verbose --version-to 25.12
... a lot of output ...

This check should show you all the details of what this upgrade entails with regards to the packages available, and will point out any issues with package versions and so on.

Assuming the results of the check look good, you can simply do an upgrade next.

$ owut upgrade --verbose --version-to 25.12
... even more output ...

If you are unsure of anything you see in the check, during the upgrade, or simply have questions, jump on over to the owut support thread on the forum and ask.

Known issues

• Users of Zyxel EX5601-T0 devices need to check their WAN interfaces as port was renamed from eth1 to wan.
• Microchip LAN969x devices are missing the network driver, so no network ports work.

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/25.12/notes-25.12.0-rc3

In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/25.12/notes-25.12.0-rc3#known_issues

For a detailed list of all changes since 25.12.0-rc2, refer to
https://openwrt.org/releases/25.12/changelog-25.12.0-rc3

To download the 25.12.0-rc3 images, navigate to:
https://downloads.openwrt.org/releases/25.12.0-rc3/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org?version=25.12.0-rc3

As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.

Have fun!

The OpenWrt Community

To stay informed of new OpenWrt releases and security advisories, there
are new channels available:

• a low-volume mailing list for important announcements:
  https://lists.openwrt.org/mailman/listinfo/openwrt-announce

• a dedicated "announcements" section in the forum:
  https://forum.openwrt.org/c/announcements/14

• other announcement channels (such as RSS feeds) might be added in the
  future, they will be listed at https://openwrt.org/contact

The Stable channel has been updated to 144.0.7559.96/.97 for Windows/Mac  and 144.0.7559.96 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.