Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump version number, update webpage.
- Loading branch information
Showing
11 changed files
with
136 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
1.5.7 - 201902xx | ||
1.5.7 - 20190213 | ||
================ | ||
|
||
Broker: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
<!-- | ||
.. title: Version 1.5.6 released | ||
.. slug: version-1-5-6-released | ||
.. date: 2019-02-08 13:00:00 UTC | ||
.. tags: Security,Releases | ||
.. category: | ||
.. link: | ||
.. description: | ||
.. type: text | ||
--> | ||
|
||
Mosquitto 1.5.6 has been released to address three potential security vulnerabilities. | ||
|
||
# CVE-2018-12551 | ||
|
||
If Mosquitto is configured to use a password file for authentication, any | ||
malformed data in the password file will be treated as valid. This typically | ||
means that the malformed data becomes a username and no password. If this | ||
occurs, clients can circumvent authentication and get access to the broker by | ||
using the malformed username. In particular, a blank line will be treated as a | ||
valid empty username. Other security measures are unaffected. **Users who have | ||
only used the `mosquitto_passwd` utility to create and modify their password | ||
files are unaffected by this vulnerability**. Affects version 1.0 to 1.5.5 | ||
inclusive. | ||
|
||
Patches for older versions are available at <https://mosquitto.org/files/cve/2018-12551> | ||
|
||
# CVE-2018-12550 | ||
|
||
If an ACL file is empty, or has only blank lines or comments, then mosquitto | ||
treats the ACL file as not being defined, which means that no topic access is | ||
denied. Although denying access to all topics is not a useful configuration, | ||
this behaviour is unexpected and could lead to access being incorrectly granted | ||
in some circumstances. Affects versions 1.0 to 1.5.5 inclusive. | ||
|
||
Patches for older versions are available at <https://mosquitto.org/files/cve/2018-12550> | ||
|
||
# CVE-2018-12546 | ||
|
||
If a client publishes a retained message to a topic that they have access to, | ||
and then their access to that topic is revoked, the retained message will still | ||
be delivered to future subscribers. This behaviour may be undesirable in some | ||
applications, so a configuration option `check_retain_source` has been | ||
introduced to enforce checking of the retained message source on publish. | ||
|
||
Patches for older versions are available at <https://mosquitto.org/files/cve/2018-12546> | ||
|
||
# Version 1.5.6 Changes | ||
|
||
The list of other fixes addressed in version 1.5.6 is: | ||
|
||
## Broker | ||
|
||
- Fixed comment handling for config options that have optional arguments. | ||
- Improved documentation around bridge topic remapping. | ||
- Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly. | ||
- Fix spaces not being allowed in the bridge `remote_username option`. Closes | ||
[#1131]. | ||
- Allow broker to always restart on Windows when using `log_dest file`. Closes | ||
[#1080]. | ||
- Fix Will not being sent for Websockets clients. Closes [#1143]. | ||
- Windows: Fix possible crash when client disconnects. Closes [#1137]. | ||
- Fixed durable clients being unable to receive messages when offline, when | ||
`per_listener_settings` was set to true. Closes [#1081]. | ||
- Add log message for the case where a client is disconnected for sending a | ||
topic with invalid UTF-8. Closes [#1144]. | ||
|
||
## Library | ||
|
||
- Fix TLS connections not working over SOCKS. | ||
- Don't clear SSL context when TLS connection is closed, meaning if a user | ||
provided an external SSL_CTX they have less chance of leaking references. | ||
|
||
## Build | ||
|
||
- Fix comparison of boolean values in CMake build. Closes [#1101]. | ||
- Fix compilation when openssl deprecated APIs are not available. | ||
Closes [#1094]. | ||
- Man pages can now be built on any system. Closes [#1139]. | ||
|
||
[#1080]: https://github.com/eclipse/mosquitto/issues/1080 | ||
[#1081]: https://github.com/eclipse/mosquitto/issues/1081 | ||
[#1094]: https://github.com/eclipse/mosquitto/issues/1094 | ||
[#1101]: https://github.com/eclipse/mosquitto/issues/1101 | ||
[#1131]: https://github.com/eclipse/mosquitto/issues/1131 | ||
[#1137]: https://github.com/eclipse/mosquitto/issues/1137 | ||
[#1139]: https://github.com/eclipse/mosquitto/issues/1139 | ||
[#1143]: https://github.com/eclipse/mosquitto/issues/1143 | ||
[#1144]: https://github.com/eclipse/mosquitto/issues/1144 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
<!-- | ||
.. title: Version 1.5.7 released | ||
.. slug: version-1-5-7-released | ||
.. date: 2019-02-13 23:50:00 UTC | ||
.. tags: Releases | ||
.. category: | ||
.. link: | ||
.. description: | ||
.. type: text | ||
--> | ||
|
||
This is a bugfix release. | ||
|
||
## Broker | ||
- Fix build failure when using `WITH_ADNS=yes` | ||
- Ensure that an error occurs if `per_listener_settings true` is given after | ||
other security options. Closes [#1149]. | ||
- Fix `include_dir` not sorting config files before loading. This was partially | ||
fixed in 1.5 previously. | ||
- Improve documentation around the `include_dir` option. Closes [#1154]. | ||
- Fix case where old unreferenced msg_store messages were being saved to the | ||
persistence file, bloating its size unnecessarily. Closes [#389]. | ||
|
||
## Library | ||
- Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL for | ||
invalid subscriptions like `topic/#abc`. This only affects the return value, | ||
not the match/no match result, which was already correct. | ||
|
||
## Build | ||
- Don't require C99 compiler. | ||
- Add rewritten build test script and remove some build warnings. | ||
|
||
|
||
[#389]: https://github.com/eclipse/mosquitto/issues/389 | ||
[#1149]: https://github.com/eclipse/mosquitto/issues/1149 | ||
[#1154]: https://github.com/eclipse/mosquitto/issues/1154 |