Version 2.0.17 released.

Version 2.0.17 of Mosquitto has been released. This is a bugfix release.

Broker: - Fix max_queued_messages 0 stopping clients from receiving messages. Closes #2879. - Fix max_inflight_messages not being set correctly. Closes #2876.

Apps: - Fix mosquitto_passwd -U backup file creation. Closes #2873.

Version 2.0.16 released.

Version 2.0.16 of Mosquitto has been released. This is a security and bugfix release.

Security

  • CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2 messages with the same message ID, but then never respond to the PUBREC commands.
  • CVE-2023-0809: Fix excessive memory being allocated based on malicious initial packets that are not CONNECT packets.
  • CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a will message that contains invalid property types.
  • Broker will now reject Will messages that attempt to publish to $CONTROL/.
  • Broker now validates usernames provided in a TLS certificate or TLS-PSK identity are valid UTF-8.
  • Fix potential crash when loading invalid persistence file.
  • Library will no longer allow single level wildcard certificates, e.g. *.com

Broker

  • Fix $SYS messages being expired after 60 seconds and hence unchanged values disappearing.
  • Fix some retained topic memory not being cleared immediately after used.
  • Fix error handling related to the bind_interface option.
  • Fix std* files not being redirected when daemonising, when built with assertions removed. Closes #2708.
  • Fix default settings incorrectly allowing TLS v1.1. Closes #2722.
  • Use line buffered mode for stdout. Closes #2354. Closes #2749.
  • Fix bridges with non-matching cleansession/local_cleansession being expired on start after restoring from persistence. Closes #2634.
  • Fix connections being limited to 2048 on Windows. The limit is now 8192, where supported. Closes #2732.
  • Broker will log warnings if sensitive files are world readable/writable, or if the owner/group is not the same as the user/group the broker is running as. In future versions the broker will refuse to open these files.
  • mosquitto_memcmp_const is now more constant time.
  • Only register with DLT if DLT logging is enabled.
  • Fix any possible case where a json string might be incorrectly loaded. This could have caused a crash if a textname or textdescription field of a role was not a string, when loading the dynsec config from file only.
  • Dynsec plugin will not allow duplicate clients/groups/roles when loading config from file, which matches the behaviour for when creating them.
  • Fix heap overflow when reading corrupt config with "log_dest file".

Client library

  • Use CLOCK_BOOTTIME when available, to keep track of time. This solves the problem of the client OS sleeping and the client hence not being able to calculate the actual time for keepalive purposes. Closes #2760.
  • Fix default settings incorrectly allowing TLS v1.1. Closes #2722.
  • Fix high CPU use on slow TLS connect. Closes #2794.

Clients

  • Fix incorrect topic-alias property value in mosquitto_sub json output.
  • Fix confusing message on TLS certificate verification. Closes #2746.

Apps

  • mosquitto_passwd uses mkstemp() for backup files.
  • mosquitto_ctrl dynsec init will refuse to overwrite an existing file, without a race-condition.

Version 2.0.15 released.

Versions 2.0.15 of Mosquitto has been released. This is a security and bugfix release.

Security

  • Deleting the group configured as the anonymous group in the Dynamic Security plugin, would leave a dangling pointer that could lead to a single crash. This is considered a minor issue - only administrative users should have access to dynsec, the impact on availability is one-off, and there is no associated loss of data. It is now forbidden to delete the group configured as the anonymous group.

Broker

  • Fix memory leak when a plugin modifies the topic of a message in MOSQ_EVT_MESSAGE.
  • Fix bridge restart_timeout not being honoured.
  • Fix potential memory leaks if a plugin modifies the message in the MOSQ_EVT_MESSAGE event.
  • Fix unused flags in CONNECT command being forced to be 0, which is not required for MQTT v3.1. Closes #2522.
  • Improve documentation of persistent_client_expiration option. Closes #2404.
  • Add clients to session expiry check list when restarting and reloading from persistence. Closes #2546.
  • Fix bridges not sending failure notification messages to the local broker if the remote bridge connection fails. Closes #2467. Closes #1488.
  • Fix some PUBLISH messages not being counted in $SYS stats. Closes #2448.
  • Fix incorrect return code being sent in DISCONNECT when a client session is taken over. Closes #2607.
  • Fix confusing "out of memory" error when a client is kicked in the dynamic security plugin. Closes #2525.
  • Fix confusing error message when dynamic security config file was a directory. Closes #2520.
  • Fix bridge queued messages not being persisted when local_cleansession is set to false and cleansession is set to true. Closes #2604.
  • Dynamic security: Fix modifyClient and modifyGroup commands to not modify the client/group if a new group/client being added is not valid. Closes #2598.
  • Dynamic security: Fix the plugin being able to be loaded twice. Currently only a single plugin can interact with a unique $CONTROL topic. Using multiple instances of the plugin would produce duplicate entries in the config file. Closes #2601. Closes #2470.
  • Fix case where expired messages were causing queued messages not to be delivered. Closes #2609.
  • Fix websockets not passing on the X-Forwarded-For header.

Client library

  • Fix threads library detection on Windows under cmake. Bumps the minimum cmake version to 3.1, which is still ancient.
  • Fix use of MOSQ_OPT_TLS_ENGINE being unable to be used due to the openssl ctx not being initialised until starting to connect. Closes #2537.
  • Fix incorrect use of SSL_connect. Closes #2594.
  • Don't set SIGPIPE to ignore, use MSG_NOSIGNAL instead. Closes #2564.
  • Add documentation of struct mosquitto_message to header. Closes #2561.
  • Fix documentation omission around mosquitto_reinitialise. Closes #2489.
  • Fix use of MOSQ_OPT_SSL_CTX when used in conjunction with MOSQ_OPT_SSL_CTX_DEFAULTS. Closes #2463.
  • Fix failure to close thread in some situations. Closes #2545.

Clients

  • Fix mosquitto_pub incorrectly reusing topic aliases when reconnecting. Closes #2494.

Apps

  • Fix -o not working in mosquitto_ctrl, and typo in related documentation. Closes #2471.

Version 2.0.14 released.

Versions 2.0.14 of Mosquitto has been released. This is a bugfix release.

Broker

  • Fix bridge not respecting receive-maximum when reconnecting with MQTT v5.

Client library

  • Fix mosquitto_topic_matches_sub2() not using the length parameters. Closes #2364.
  • Fix incorrect subscribe_callback in mosquittopp.h. Closes #2367.

Version 2.0.13 released.

Version 2.0.13 of Mosquitto has been released. This is a bugfix release.

Broker

  • Fix max_keepalive option not being able to be set to 0.
  • Fix LWT messages not being delivered if per_listener_settings was set to true. Closes #2314.
  • Various fixes around inflight quota management. Closes #2306.
  • Fix problem parsing config files with Windows line endings. Closes #2297.
  • Don't send retained messages when a shared subscription is made.
  • Fix log being truncated in Windows.
  • Fix client id not showing in log on failed connections, where possible.
  • Fix broker sending duplicate CONNACK on failed MQTT v5 reauthentication. Closes #2339.
  • Fix mosquitto_plugin.h not including mosquitto_broker.h. Closes #2350.

Client library

  • Initialise sockpairR/W to invalid in mosquitto_reinitialise() to avoid closing invalid sockets in mosquitto_destroy() on error. Closes #2326.

Clients

  • Fix date format in mosquitto_sub output. Closes #2353.

Version 2.0.12 released.

Versions 2.0.12 of Mosquitto has been released. This is a security and bugfix release.

Security

  • An MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. This has been fixed.
  • Fix max_keepalive not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. This option allows CVE-2020-13849, which is for the MQTT v3.1.1 protocol itself rather than an implementation, to be addressed.
  • Using certain listener related configuration options e.g. cafile, that apply to the default listener without defining any listener would cause a remotely accessible listener to be opened that was not confined to the local machine but did have anonymous access enabled, contrary to the documentation. This has been fixed. Closes [#2283].
  • CVE-2021-34434: If a plugin had granted ACL subscription access to a durable/non-clean-session client, then removed that access, the client would keep its existing subscription. This has been fixed.
  • Incoming QoS 2 messages that had not completed the QoS flow were not being checked for ACL access when a clean session=False client was reconnecting. This has been fixed.

Broker

  • Fix possible out of bounds memory reads when reading a corrupt/crafted configuration file. Unless your configuration file is writable by untrusted users this is not a risk. Closes #567213.
  • Fix max_connections option not being correctly counted.
  • Fix TLS certificates and TLS-PSK not being able to be configured at the same time.
  • Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured.
  • Fix max_keepalive not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. This option allows CVE-2020-13849, which is for the MQTT v3.1.1 protocol itself rather than an implementation, to be addressed.
  • Fix broker not quiting if e.g. the password_file is specified as a directory. Closes #2241.
  • Fix listener mount_point not being removed on outgoing messages. Closes #2244.
  • Strict protocol compliance fixes, plus test suite.
  • Fix $share subscriptions not being recovered for durable clients that reconnect.
  • Update plugin configuration documentation. Closes #2286.

Client library

  • If a client uses TLS-PSK then force the default cipher list to use "PSK" ciphers only. This means that a client connecting to a broker configured with x509 certificates only will now fail. Prior to this, the client would connect successfully without verifying certificates, because they were not configured.
  • Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured.
  • Threaded mode is deconfigured when the mosquitto_loop_start() thread ends, which allows mosquitto_loop_start() to be called again. Closes #2242.
  • Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL. Closes #2289.
  • Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true. Closes #2288.

Apps

  • Fix mosquitto_ctrl dynsec setDefaultACLAccess command not working.

Clients

  • mosquitto_sub and mosquitto_rr now open stdout in binary mode on Windows so binary payloads are not modified when printing.
  • Document TLS certificate behaviour when using -p 8883.

Build

  • Fix installation using WITH_TLS=no. Closes #2281.
  • Fix builds with libressl 3.4.0. Closes #2198.
  • Remove some unnecessary code guards related to libressl.
  • Fix printf format build warning on MIPS. Closes #2271.

Version 2.0.11 released.

Versions 2.0.11 and 1.6.15 of Mosquitto has been released. These are a security and bugfix releases.

2.0.11

Security

  • If an authenticated client connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur. Affects versions 1.6 to 2.0.10 inclusive.

Broker

  • Fix possible crash having just upgraded from 1.6 if per_listener_settings true is set, and a SIGHUP is sent to the broker before a client has reconnected to the broker. Closes #2167.
  • Fix bridge not reconnectng if the first reconnection attempt fails. Closes #2207.
  • Improve QoS 0 outgoing packet queueing.
  • Fix non-reachable bridge blocking the broker on Windows. Closes #2172.
  • Fix possible corruption of pollfd array on Windows when bridges were reconnecting. Closes #2173.
  • Fix QoS 0 messages not being queued when queue_qos0_messages was enabled. Closes #2224.

Clients

  • If sending mosquitto_sub output to a pipe, mosquitto_sub will now detect that the pipe has closed and disconnect. Closes #2164.
  • Fix mosquitto_pub -l quitting if a message publication is attempted when the broker is temporarily unavailable. Closes #2187.

1.6.15

Security

  • If an authenticated client connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur. Affects versions 1.6 to 2.0.10 inclusive.

Version 2.0.10 released.

Versions 2.0.10 of Mosquitto has been released. This is a security and bugfix release.

Security

  • CVE-2021-23980: If an authenticated client connected with MQTT v5 sent a malformed CONNACK message to the broker a NULL pointer dereference occurred, most likely resulting in a segfault. This will be updated with the CVE number when it is assigned. Affects versions 2.0.0 to 2.0.9 inclusive.

Broker

  • Don't overwrite new receive-maximum if a v5 client connects and takes over an old session. Closes #2134.
  • Fix CVE-xxxx-xxxx. Closes #2163.

Clients

  • Set receive-maximum to not exceed the -C message count in mosquitto_sub and mosquitto_rr, to avoid potentially lost messages. Closes #2134.
  • Fix TLS-PSK mode not working with port 8883. Closes #2152.

Client library

  • Fix possible socket leak. This would occur if a client was using mosquitto_loop_start(), then if the connection failed due to the remote server being inaccessible they called mosquitto_loop_stop(, true) and recreated the mosquitto object.

Build

  • A variety of minor build related fixes, like functions not having previous declarations.
  • Fix CMake cross compile builds not finding opensslconf.h. Closes #2160.
  • Fix build on Solaris non-sparc. Closes #2136.

Version 2.0.9 released.

Versions 2.0.9, 1.6.14, and 1.5.11 of Mosquitto have been released. These are bugfix releases and include a minor security fix.

2.0.9

Security

  • If an empty or invalid CA file was provided to the client library for verifying the remote broker, then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Closes #2130.
  • If an empty or invalid CA file was provided to the broker for verifying the remote broker for an outgoing bridge connection then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Closes #2130.

Broker

  • Fix encrypted bridge connections incorrectly connecting when bridge_cafile is empty or invalid. Closes #2130.
  • Fix tls_version behaviour not matching documentation. It was setting the exact TLS version to use, not the minimium TLS version to use. Closes #2110.
  • Fix messages to $ prefixed topics being rejected. Closes #2111.
  • Fix QoS 0 messages not being delivered when max_queued_bytes was configured. Closes #2123.
  • Fix bridge increasing backoff calculation.
  • Improve handling of invalid combinations of listener address and bind interface configurations. Closes #2081.
  • Fix max_keepalive option not applying to clients connecting with keepalive set to 0. Closes #2117.

Client library

  • Fix encrypted connections incorrectly connecting when the CA file passed to mosquitto_tls_set() is empty or invalid. Closes #2130.
  • Fix connections retrying very rapidly in some situations.

Build

  • Fix cmake epoll detection.

1.6.14

Security

  • If an empty or invalid CA file was provided to the client library for verifying the remote broker, then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Closes #2130.
  • If an empty or invalid CA file was provided to the broker for verifying the remote broker for an outgoing bridge connection then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Closes #2130.

Broker

  • Fix encrypted bridge connections incorrectly connecting when bridge_cafile is empty or invalid. Closes #2130.

Client library

  • Fix encrypted connections incorrectly connecting when the CA file passed to mosquitto_tls_set() is empty or invalid. Closes #2130.
  • Fix connections retrying very rapidly in some situations.

Clients

  • Fix possible loss of data in mosquitto_pub -l when sending multiple long lines. Closes #2078.

1.5.11

Security

  • If an empty or invalid CA file was provided to the client library for verifying the remote broker, then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Closes #2130.
  • If an empty or invalid CA file was provided to the broker for verifying the remote broker for an outgoing bridge connection then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Closes #2130.

Broker

  • Fix encrypted bridge connections incorrectly connecting when bridge_cafile is empty or invalid. Closes #2130.

Client library

  • Fix encrypted connections incorrectly connecting when the CA file passed to mosquitto_tls_set() is empty or invalid. Closes #2130.