Version 2.0.12 released.

Versions 2.0.12 of Mosquitto has been released. This is a security and bugfix release.

Security

  • An MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. This has been fixed.
  • Fix max_keepalive not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. This option allows CVE-2020-13849, which is for the MQTT v3.1.1 protocol itself rather than an implementation, to be addressed.
  • Using certain listener related configuration options e.g. cafile, that apply to the default listener without defining any listener would cause a remotely accessible listener to be opened that was not confined to the local machine but did have anonymous access enabled, contrary to the documentation. This has been fixed. Closes [#2283].
  • CVE-2021-34434: If a plugin had granted ACL subscription access to a durable/non-clean-session client, then removed that access, the client would keep its existing subscription. This has been fixed.
  • Incoming QoS 2 messages that had not completed the QoS flow were not being checked for ACL access when a clean session=False client was reconnecting. This has been fixed.

Broker

  • Fix possible out of bounds memory reads when reading a corrupt/crafted configuration file. Unless your configuration file is writable by untrusted users this is not a risk. Closes #567213.
  • Fix max_connections option not being correctly counted.
  • Fix TLS certificates and TLS-PSK not being able to be configured at the same time.
  • Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured.
  • Fix max_keepalive not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. This option allows CVE-2020-13849, which is for the MQTT v3.1.1 protocol itself rather than an implementation, to be addressed.
  • Fix broker not quiting if e.g. the password_file is specified as a directory. Closes #2241.
  • Fix listener mount_point not being removed on outgoing messages. Closes #2244.
  • Strict protocol compliance fixes, plus test suite.
  • Fix $share subscriptions not being recovered for durable clients that reconnect.
  • Update plugin configuration documentation. Closes #2286.

Client library

  • If a client uses TLS-PSK then force the default cipher list to use "PSK" ciphers only. This means that a client connecting to a broker configured with x509 certificates only will now fail. Prior to this, the client would connect successfully without verifying certificates, because they were not configured.
  • Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured.
  • Threaded mode is deconfigured when the mosquitto_loop_start() thread ends, which allows mosquitto_loop_start() to be called again. Closes #2242.
  • Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL. Closes #2289.
  • Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true. Closes #2288.

Apps

  • Fix mosquitto_ctrl dynsec setDefaultACLAccess command not working.

Clients

  • mosquitto_sub and mosquitto_rr now open stdout in binary mode on Windows so binary payloads are not modified when printing.
  • Document TLS certificate behaviour when using -p 8883.

Build

  • Fix installation using WITH_TLS=no. Closes #2281.
  • Fix builds with libressl 3.4.0. Closes #2198.
  • Remove some unnecessary code guards related to libressl.
  • Fix printf format build warning on MIPS. Closes #2271.

Version 2.0.11 released.

Versions 2.0.11 and 1.6.15 of Mosquitto has been released. These are a security and bugfix releases.

2.0.11

Security

  • If an authenticated client connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur. Affects versions 1.6 to 2.0.10 inclusive.

Broker

  • Fix possible crash having just upgraded from 1.6 if per_listener_settings true is set, and a SIGHUP is sent to the broker before a client has reconnected to the broker. Closes #2167.
  • Fix bridge not reconnectng if the first reconnection attempt fails. Closes #2207.
  • Improve QoS 0 outgoing packet queueing.
  • Fix non-reachable bridge blocking the broker on Windows. Closes #2172.
  • Fix possible corruption of pollfd array on Windows when bridges were reconnecting. Closes #2173.
  • Fix QoS 0 messages not being queued when queue_qos0_messages was enabled. Closes #2224.

Clients

  • If sending mosquitto_sub output to a pipe, mosquitto_sub will now detect that the pipe has closed and disconnect. Closes #2164.
  • Fix mosquitto_pub -l quitting if a message publication is attempted when the broker is temporarily unavailable. Closes #2187.

1.6.15

Security

  • If an authenticated client connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur. Affects versions 1.6 to 2.0.10 inclusive.

Version 2.0.10 released.

Versions 2.0.10 of Mosquitto has been released. This is a security and bugfix release.

Security

  • CVE-2021-23980: If an authenticated client connected with MQTT v5 sent a malformed CONNACK message to the broker a NULL pointer dereference occurred, most likely resulting in a segfault. This will be updated with the CVE number when it is assigned. Affects versions 2.0.0 to 2.0.9 inclusive.

Broker

  • Don't overwrite new receive-maximum if a v5 client connects and takes over an old session. Closes #2134.
  • Fix CVE-xxxx-xxxx. Closes #2163.

Clients

  • Set receive-maximum to not exceed the -C message count in mosquitto_sub and mosquitto_rr, to avoid potentially lost messages. Closes #2134.
  • Fix TLS-PSK mode not working with port 8883. Closes #2152.

Client library

  • Fix possible socket leak. This would occur if a client was using mosquitto_loop_start(), then if the connection failed due to the remote server being inaccessible they called mosquitto_loop_stop(, true) and recreated the mosquitto object.

Build

  • A variety of minor build related fixes, like functions not having previous declarations.
  • Fix CMake cross compile builds not finding opensslconf.h. Closes #2160.
  • Fix build on Solaris non-sparc. Closes #2136.

Version 2.0.9 released.

Versions 2.0.9, 1.6.14, and 1.5.11 of Mosquitto have been released. These are bugfix releases and include a minor security fix.

2.0.9

Security

  • If an empty or invalid CA file was provided to the client library for verifying the remote broker, then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Closes #2130.
  • If an empty or invalid CA file was provided to the broker for verifying the remote broker for an outgoing bridge connection then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Closes #2130.

Broker

  • Fix encrypted bridge connections incorrectly connecting when bridge_cafile is empty or invalid. Closes #2130.
  • Fix tls_version behaviour not matching documentation. It was setting the exact TLS version to use, not the minimium TLS version to use. Closes #2110.
  • Fix messages to $ prefixed topics being rejected. Closes #2111.
  • Fix QoS 0 messages not being delivered when max_queued_bytes was configured. Closes #2123.
  • Fix bridge increasing backoff calculation.
  • Improve handling of invalid combinations of listener address and bind interface configurations. Closes #2081.
  • Fix max_keepalive option not applying to clients connecting with keepalive set to 0. Closes #2117.

Client library

  • Fix encrypted connections incorrectly connecting when the CA file passed to mosquitto_tls_set() is empty or invalid. Closes #2130.
  • Fix connections retrying very rapidly in some situations.

Build

  • Fix cmake epoll detection.

1.6.14

Security

  • If an empty or invalid CA file was provided to the client library for verifying the remote broker, then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Closes #2130.
  • If an empty or invalid CA file was provided to the broker for verifying the remote broker for an outgoing bridge connection then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Closes #2130.

Broker

  • Fix encrypted bridge connections incorrectly connecting when bridge_cafile is empty or invalid. Closes #2130.

Client library

  • Fix encrypted connections incorrectly connecting when the CA file passed to mosquitto_tls_set() is empty or invalid. Closes #2130.
  • Fix connections retrying very rapidly in some situations.

Clients

  • Fix possible loss of data in mosquitto_pub -l when sending multiple long lines. Closes #2078.

1.5.11

Security

  • If an empty or invalid CA file was provided to the client library for verifying the remote broker, then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Closes #2130.
  • If an empty or invalid CA file was provided to the broker for verifying the remote broker for an outgoing bridge connection then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Closes #2130.

Broker

  • Fix encrypted bridge connections incorrectly connecting when bridge_cafile is empty or invalid. Closes #2130.

Client library

  • Fix encrypted connections incorrectly connecting when the CA file passed to mosquitto_tls_set() is empty or invalid. Closes #2130.

Version 2.0.8 released.

Version 2.0.8 of Mosquitto has been released. This is a bugfix release.

Broker

  • Fix incorrect datatypes in struct mosquitto_evt_tick. This changes the size and offset of two of the members of this struct, and changes the size of the struct. This is an ABI break, but is considered to be acceptable because plugins should never be allocating their own instance of this struct, and currently none of the struct members are used for anything, so a plugin should not be accessing them. It would also be safe to read/write from the existing struct parameters.
  • Give compile time warning if libwebsockets compiled without external poll support. Closes #2060.
  • Fix memory tracking not being available on FreeBSD or macOS. Closes #2096.

Client library

  • Fix mosquitto_{pub|sub}_topic_check() functions not returning MOSQ_ERR_INVAL on topic == NULL.

Clients

  • Fix possible loss of data in mosquitto_pub -l when sending multiple long lines. Closes #2078.

Build

  • Provide a mechanism for Docker users to run a broker that doesn't use authentication, without having to provide their own configuration file. Closes #2040.

Version 2.0.7 released.

Version 2.0.7 and 1.6.13 of Mosquitto have been released. These are bugfix releases.

2.0.7

Broker

  • Fix exporting of executable symbols on BSD when building via makefile.
  • Fix some minor memory leaks on exit only.
  • Fix possible memory leak on connect. Closes #2057.
  • Fix openssl engine not being able to load private key. Closes #2066.

Clients

  • Fix config files truncating options after the first space. Closes #2059.

Build

  • Fix man page building to not absolutely require xsltproc when using CMake. This now handles the case where we are building from the released tar, or building from git if xsltproc is available, or building from git if xsltproc is not available.

1.6.13

Broker:

  • Fix crash on Windows if loading a plugin fails. Closes #1866.
  • Fix DH group not being set for TLS connections, which meant ciphers using DHE couldn't be used. Closes #1925. Closes #1476.
  • Fix local bridges being disconnected on SIGHUP. Closes #1942.
  • Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2 messages. Closes #1968.
  • Fix listener not being reassociated with client when reloading a persistence file and per_listener_settings true is set and the client did not set a username. Closes #1891.
  • Fix file logging on Windows. Closes #1880.
  • Fix bridge sock not being removed from sock hash on error. Closes #1897.

Client library:

  • Fix build on Mac Big Sur. Closes #1905.
  • Fix DH group not being set for TLS connections, which meant ciphers using DHE couldn't be used. Closes #1925. Closes #1476.

Clients:

  • mosquitto_sub will now quit with an error if the %U option is used on Windows, rather than just quitting. Closes #1908.
  • Fix config files truncating options after the first space. Closes #2059.

Apps:

  • Perform stricter parsing of input username in mosquitto_passwd. Closes #570126 (Eclipse bugzilla).

Build:

  • Enable epoll support in CMake builds.

Version 2.0.6 released.

Version 2.0.6 of Mosquitto has been released. This is a bugfix release.

Broker

  • Fix calculation of remaining length parameter for websockets clients that send fragmented packets. Closes #1974.
  • Fix potential duplicate Will messages being sent when a will delay interval has been set.
  • Fix message expiry interval property not being honoured in mosquitto_broker_publish and mosquitto_broker_publish_copy.
  • Fix websockets listeners with TLS not responding. Closes #2020.
  • Add notes that libsystemd-dev or similar is needed if building with systemd support. Closes #2019.
  • Improve logging in obscure cases when a client disconnects. Closes #2017.
  • Fix reloading of listeners where multiple listeners have been defined with the same port but different bind addresses. Closes #2029.
  • Fix message_size_limit not applying to the Will payload. Closes #2022.
  • The error topic-alias-invalid was being sent if an MQTT v5 client published a message with empty topic and topic alias set, but the topic alias hadn't already been configured on the broker. This has been fixed to send a protocol error, as per section 3.3.4 of the specification.
  • Note in the man pages that SIGHUP reloads TLS certificates. Closes #2037.
  • Fix bridges not always connecting on Windows. Closes #2043.

Apps

  • Allow command line arguments to override config file options in mosquitto_ctrl. Closes #2010.
  • mosquitto_ctrl: produce an error when requesting a new password if both attempts do not match. Closes #2011.

Build

  • Fix cmake builds using WITH_CJSON=no not working if cJSON not found. Closes #2026.

Other

  • The SPDX identifiers for EDL-1.0 have been changed to BSD-3-Clause as per The Eclipse legal documentation generator. The licenses are identical.

Version 2.0.5 released.

Version 2.0.5 of Mosquitto has been released. This is a bugfix release.

Broker

  • Fix auth_method not being provided to the extended auth plugin event. Closes #1975.
  • Fix large packets not being completely published to slow clients. Closes #1977.
  • Fix bridge connection not relinquishing POLLOUT after messages are sent. Closes #1979.
  • Fix apparmor incorrectly denying access to /var/lib/mosquitto/mosquitto.db.new. Closes #1978.
  • Fix potential intermittent initial bridge connections when using poll().
  • Fix bind_interface option. Closes #1999.
  • Fix invalid behaviour in dynsec plugin if a group or client is deleted before a role that was attached to the group or client is deleted. Closes #1998.
  • Improve logging in dynsec addGroupRole command. Closes #2005.
  • Improve logging in dynsec addGroupClient command. Closes #2008.

Client library

  • Improve documentation around the _v5() and non-v5 functions, e.g. mosquitto_publish() and `mosquitto_publish_v5().

Build

  • install Makefile target should depend on all, not mosquitto, to ensure that man pages are always built. Closes #1989.
  • Fixes for lots of minor build warnings highlighted by Visual Studio.

Apps

  • Disallow control characters in mosquitto_passwd usernames.
  • Fix incorrect description in mosquitto_ctrl man page. Closes #1995.
  • Fix mosquitto_ctrl dynsec getGroup not showing roles. Closes #1997.

Version 2.0.3 released.

Version 2.0.3 of Mosquitto has been released. This is a bugfix release.

Security

  • Running mosquitto_passwd with the following arguments only mosquitto_passwd -b password_file username password would cause the username to be used as the password.

Broker

  • Fix excessive CPU use on non-Linux systems when the open file limit is set high. Closes #1947.
  • Fix LWT not being sent on client takeover when the existing session wasn't being continued. Closes #1946.
  • Fix bridges possibly not completing connections when WITH_ADNS is in use. Closes #1960.
  • Fix QoS 0 messages not being delivered if max_queued_messages was set to 0. Closes #1956.
  • Fix local bridges being disconnected on SIGHUP. Closes #1942.
  • Fix slow initial bridge connections for WITH_ADNS=no.

Clients

  • Fix mosquitto_sub being unable to terminate with Ctrl-C if a successful connection is not made. Closes #1957.

Apps

  • Fix mosquitto_passwd -b using username as password (not if -c is also used). Closes #1949.

Build

  • Fix install target when using WITH_CJSON=no. Closes #1938.
  • Fix generic docker build. Closes #1945.

Version 2.0.4 released.

Version 2.0.4 of Mosquitto has been released. This is a bugfix release.

Broker

  • Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2 messages. Closes #1968.
  • mosquitto_connect_bind_async() and mosquitto_connect_bind_v5() should not reset the bind address option if called with bind_address == NULL.
  • Fix dynamic security configuration possibly not being reloaded on Windows only. Closes #1962.
  • Add more log messages for dynsec load/save error conditions.
  • Fix websockets connections blocking non-websockets connections on Windows. Closes #1934.

Build

  • Fix man pages not being built when using CMake. Closes #1969.