forked from eclipse-mosquitto/mosquitto
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangeLog.txt
2074 lines (1788 loc) · 86.6 KB
/
ChangeLog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1.6 - 20190417
==============
Broker features:
- Add support for MQTT v5
- Add support for OCSP stapling.
- Add support for ALPN on bridge TLS connections. Closes #924.
- Add support for Automotive DLT logging.
- Add TLS Engine support.
- Persistence file read/write performance improvements.
- General performance improvements.
- Add max_keepalive option, to allow a maximum keepalive value to be set for
MQTT v5 clients only.
- Add `bind_interface` option which allows a listener to be bound to a
specific network interface, in a similar fashion to the `bind_address` option.
Linux only.
- Add improved bridge restart interval based on Decorrelated Jitter.
- Add `dhparamfile` option, to allow DH parameters to be loaded for Ephemeral
DH support
- Disallow writing to $ topics where appropriate.
- Fix mosquitto_passwd crashing on corrupt password file. Closes #1207.
- Add explicit support for TLS v1.3.
- Drop support for TLS v1.0.
- Improved general support for broker generated client ids. Removed libuuid
dependency.
- auto_id_prefix now defaults to 'auto-'.
- QoS 1 and 2 flow control improvements.
Client library features:
- Add support for MQTT v5
- Add mosquitto_subscribe_multiple() for sending subscriptions to multiple
topics in one command.
- Add TLS Engine support.
- Add explicit support for TLS v1.3.
- Drop support for TLS v1.0.
- QoS 1 and 2 flow control improvements.
Client features:
- Add support for MQTT v5
- Add mosquitto_rr client, which can be used for "request-response" messaging,
by sending a request message and awaiting a response.
- Add TLS Engine support.
- Add support for ALPN on TLS connections. Closes #924.
- Add -D option for all clients to specify MQTT v5 properties.
- Add -E to mosquitto_sub, which causes it to exit immediately after having
its subscriptions acknowledged. Use with -c to create a durable client
session without requiring a message to be received.
- Add --remove-retained to mosquitto_sub, which can be used to clear retained
messages on a broker.
- Add --repeat and --repeat-delay to mosquitto_pub, which can be used to
repeat single message publishes at a regular interval.
- -V now accepts `5, `311`, `31`, as well as `mqttv5` etc.
- Add explicit support for TLS v1.3.
- Drop support for TLS v1.0.
Broker fixes:
- Improve error reporting when creating listeners.
- Fix build on SmartOS due to missing IPV6_V6ONLY. Closes #1212.
Client library fixes
- Add missing `mosquitto_userdata()` function.
Client fixes:
- mosquitto_pub wouldn't always publish all messages when using `-l` and
QoS>0. This has been fixed.
- mosquitto_sub was incorrectly encoding special characters when using %j
output format. Closes #1220.
1.5.8 - 20190228
================
Broker:
- Fix clients being disconnected when ACLs are in use. This only affects the
case where a client connects using a username, and the anonymous ACL list is
defined but specific user ACLs are not defined. Closes #1162.
- Make error messages for missing config file clearer.
- Fix some Coverity Scan reported errors that could occur when the broker was
already failing to start.
- Fix broken mosquitto_passwd on FreeBSD. Closes #1032.
- Fix delayed bridge local subscriptions causing missing messages.
Closes #1174.
Library:
- Use higher resolution timer for random initialisation of client id
generation. Closes #1177.
- Fix some Coverity Scan reported errors that could occur when the library was
already quitting.
1.5.7 - 20190213
================
Broker:
- Fix build failure when using WITH_ADNS=yes
- Ensure that an error occurs if `per_listener_settings true` is given after
other security options. Closes #1149.
- Fix include_dir not sorting config files before loading. This was partially
fixed in 1.5 previously.
- Improve documentation around the `include_dir` option. Closes #1154.
- Fix case where old unreferenced msg_store messages were being saved to the
persistence file, bloating its size unnecessarily. Closes #389.
Library:
- Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL for
invalid subscriptions like `topic/#abc`. This only affects the return value,
not the match/no match result, which was already correct.
Build:
- Don't require C99 compiler.
- Add rewritten build test script and remove some build warnings.
1.5.6 - 20190206
================
Security:
- CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be treated as
valid. This typically means that the malformed data becomes a username and no
password. If this occurs, clients can circumvent authentication and get access
to the broker by using the malformed username. In particular, a blank line
will be treated as a valid empty username. Other security measures are
unaffected. Users who have only used the mosquitto_passwd utility to create
and modify their password files are unaffected by this vulnerability.
Affects version 1.0 to 1.5.5 inclusive.
- CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined, which
means that no topic access is denied. Although denying access to all topics
is not a useful configuration, this behaviour is unexpected and could lead
to access being incorrectly granted in some circumstances. This is now
fixed. Affects versions 1.0 to 1.5.5 inclusive.
- CVE-2018-12546. If a client publishes a retained message to a topic that
they have access to, and then their access to that topic is revoked, the
retained message will still be delivered to future subscribers. This
behaviour may be undesirable in some applications, so a configuration option
`check_retain_source` has been introduced to enforce checking of the
retained message source on publish.
Broker:
- Fixed comment handling for config options that have optional arguments.
- Improved documentation around bridge topic remapping.
- Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly.
- Fix spaces not being allowed in the bridge remote_username option. Closes
#1131.
- Allow broker to always restart on Windows when using `log_dest file`. Closes
#1080.
- Fix Will not being sent for Websockets clients. Closes #1143.
- Windows: Fix possible crash when client disconnects. Closes #1137.
- Fixed durable clients being unable to receive messages when offline, when
per_listener_settings was set to true. Closes #1081.
- Add log message for the case where a client is disconnected for sending a
topic with invalid UTF-8. Closes #1144.
Library:
- Fix TLS connections not working over SOCKS.
- Don't clear SSL context when TLS connection is closed, meaning if a user
provided an external SSL_CTX they have less chance of leaking references.
Build:
- Fix comparison of boolean values in CMake build. Closes #1101.
- Fix compilation when openssl deprecated APIs are not available.
Closes #1094.
- Man pages can now be built on any system. Closes #1139.
1.5.5 - 20181211
================
Security:
- If `per_listener_settings` is set to true, then the `acl_file` setting was
ignored for the "default listener" only. This has been fixed. This does not
affect any listeners defined with the `listener` option. Closes #1073.
This is now tracked as CVE-2018-20145.
Broker:
- Add `socket_domain` option to allow listeners to disable IPv6 support.
This is required to work around a problem in libwebsockets that means
sockets only listen on IPv6 by default if IPv6 support is compiled in.
Closes #1004.
- When using ADNS, don't ask for all network protocols when connecting,
because this can lead to confusing "Protocol not supported" errors if the
network is down. Closes #1062.
- Fix outgoing retained messages not being sent by bridges on initial
connection. Closes #1040.
- Don't reload auth_opt_ options on reload, to match the behaviour of the
other plugin options. Closes #1068.
- Print message on error when installing/uninstalling as a Windows service.
- All non-error connect/disconnect messages are controlled by the
`connection_messages` option. Closes #772. Closes #613. Closes #537.
Library:
- Fix reconnect delay backoff behaviour. Closes #1027.
- Don't call on_disconnect() twice if keepalive tests fail. Closes #1067.
Client:
- Always print leading zeros in mosquitto_sub when output format is hex.
Closes #1066.
Build:
- Fix building where TLS-PSK is not available. Closes #68.
1.5.4 - 20181108
================
Security:
- When using a TLS enabled websockets listener with "require_certificate"
enabled, the mosquitto broker does not correctly verify client certificates.
This is now fixed. All other security measures operate as expected, and in
particular non-websockets listeners are not affected by this. Closes #996.
Broker:
- Process all pending messages even when a client has disconnected. This means
a client that send a PUBLISH then DISCONNECT quickly, then disconnects will
have its DISCONNECT message processed properly and so no Will will be sent.
Closes #7.
- $SYS/broker/clients/disconnected should never be negative. Closes #287.
- Give better error message if a client sends a password without a username.
Closes #1015.
- Fix bridge not honoring restart_timeout. Closes #1019.
- Don't disconnect a client if an auth plugin denies access to SUBSCRIBE.
Closes #1016.
Library:
- Fix memory leak that occurred if mosquitto_reconnect() was used when TLS
errors were present. Closes #592.
- Fix TLS connections when using an external event loop with
mosquitto_loop_read() and mosquitto_write(). Closes #990.
Build:
- Fix clients not being compiled with threading support when using CMake.
Closes #983.
- Header fixes for FreeBSD. Closes #977.
- Use _GNU_SOURCE to fix build errors in websockets and getaddrinfo usage.
Closes #862 and #933.
- Fix builds on QNX 7.0.0. Closes #1018.
1.5.3 - 20180925
================
Security:
- Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that
begins with $, but is not $SYS, then an assert that should be unreachable is
triggered and Mosquitto will exit.
Broker:
- Elevate log level to warning for situation when socket limit is hit.
- Remove requirement to use `user root` in snap package config files.
- Fix retained messages not sent by bridges on outgoing topics at the first
connection. Closes #701.
- Documentation fixes. Closes #520, #600.
- Fix duplicate clients being added to by_id hash before the old client was
removed. Closes #645.
- Fix Windows version not starting if include_dir did not contain any files.
Closes #566.
- When an authentication plugin denied access to a SUBSCRIBE, the client would
be disconnected incorrectly. This has been fixed. Closes #1016.
Build:
- Various fixes to ease building.
1.5.2 - 20180919
================
Broker:
- Fix build when using WITH_ADNS=yes.
- Fix incorrect call to setsockopt() for TCP_NODELAY. Closes #941.
- Fix excessive CPU usage when the number of sockets exceeds the system limit.
Closes #948.
- Fix for bridge connections when using WITH_ADNS=yes.
- Fix round_robin false behaviour. Closes #481.
- Fix segfault on HUP when bridges and security options are configured.
Closes #965.
Library:
- Fix situation where username and password is used with SOCKS5 proxy. Closes
#927.
- Fix SOCKS5 behaviour when passing IP addresses. Closes #927.
Build:
- Make it easier to build without bundled uthash.h using "WITH_BUNDLED_DEPS=no".
- Fix build with OPENSSL_NO_ENGINE. Closes #932.
1.5.1 - 20180816
================
Broker:
- Fix plugin cleanup function not being called on exit of the broker.
Closes #900.
- Print more OpenSSL errors when loading certificates/keys fail.
- Use AF_UNSPEC etc. instead of PF_UNSPEC to comply with POSIX. Closes #863.
- Remove use of AI_ADDRCONFIG, which means the broker can be used on systems
where only the loopback interface is defined. Closes #869, Closes #901.
- Fix IPv6 addresses not being able to be used as bridge addresses.
Closes #886.
- All clients now time out if they exceed their keepalive*1.5, rather than
just reach it. This was inconsistent in two places.
- Fix segfault on startup if bridge CA certificates could not be read.
Closes #851.
- Fix problem opening listeners on Pi caused by unsigned char being default.
Found via #849.
- ACL patterns that do not contain either %c or %u now produce a warning in
the log. Closes #209.
- Fix bridge publishing failing when per_listener_settings was true. Closes
#860.
- Fix `use_identity_as_username true` not working. Closes #833.
- Fix UNSUBACK messages not being logged. Closes #903.
- Fix possible endian issue when reading the `memory_limit` option.
- Fix building for libwebsockets < 1.6.
- Fix accessor functions for username and client id when used in plugin auth
check.
Library:
- Fix some places where return codes were incorrect, including to the
on_disconnect() callback. This has resulted in two new error codes,
MOSQ_ERR_KEEPALIVE and MOSQ_ERR_LOOKUP.
- Fix connection problems when mosquitto_loop_start() was called before
mosquitto_connect_async(). Closes #848.
Clients:
- When compiled using WITH_TLS=no, the default port was incorrectly being set
to -1. This has been fixed.
- Fix compiling on Mac OS X <10.12. Closes #813 and #240.
Build:
- Fixes for building on NetBSD. Closes #258.
- Fixes for building on FreeBSD.
- Add support for compiling with static libwebsockets library.
1.5 - 20180502
==============
Security:
- Fix memory leak that could be caused by a malicious CONNECT packet. This
does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker)
Broker features:
- Add per_listener_settings to allow authentication and access control to be
per listener.
- Add limited support for reloading listener settings. This allows settings
for an already defined listener to be reloaded, but port numbers must not be
changed.
- Add ability to deny access to SUBSCRIBE messages as well as the current
read/write accesses. Currently for auth plugins only.
- Reduce calls to malloc through the use of UHPA.
- Outgoing messages with QoS>1 are no longer retried after a timeout period.
Messages will be retried when a client reconnects. This change in behaviour
can be justified by considering when the timeout may have occurred.
* If a connection is unreliable and has dropped, but without one end
noticing, the messages will be retried on reconnection. Sending
additional PUBLISH or PUBREL would not have changed anything.
* If a client is overloaded/unable to respond/has a slow connection then
sending additional PUBLISH or PUBREL would not help the client catch
up. Once the backlog has cleared the client will respond. If it is not
able to catch up, sending additional duplicates would not help either.
- Add use_subject_as_username option for certificate based client
authentication to use the entire certificate subject as a username, rather
than just the CN. Closes #469467.
- Change sys tree printing output. This format shouldn't be relied upon and
may change at any time. Closes #470246.
- Minimum supported libwebsockets version is now 1.3.
- Add systemd startup notification and services. Closes #471053.
- Reduce unnecessary malloc and memcpy when receiving a message and storing
it. Closes #470258.
- Support for Windows XP has been dropped.
- Bridge connections now default to using MQTT v3.1.1.
- mosquitto_db_dump tool can now output some stats on clients.
- Perform utf-8 validation on incoming will, subscription and unsubscription
topics.
- new $SYS/broker/store/messages/count (deprecates $SYS/broker/messages/stored)
- new $SYS/broker/store/messages/bytes
- max_queued_bytes feature to limit queues by real size rather than
than just message count. Closes Eclipse #452919 or Github #100
- Add support for bridges to be configured to only send notifications to the
local broker.
- Add set_tcp_nodelay option to allow Nagle's algorithm to be disabled on
client sockets. Closes #433.
- The behaviour of allow_anonymous has changed. In the old behaviour, the
default if not set was to allow anonymous access. The new behaviour is to
default is to allow anonymous access unless another security option is set.
For example, if password_file is set and allow_anonymous is not set, then
anonymous access will be denied. It is still possible to allow anonymous
access by setting it explicitly.
Broker fixes:
- Fix UNSUBSCRIBE with no topic is accepted on MQTT 3.1.1. Closes #665.
- Produce an error if two bridges share the same local_clientid.
- Miscellaneous fixes on Windows.
- queue_qos0_messages was not observing max_queued_** limits
- When using the include_dir configuration option sort the files
alphabetically before loading them. Closes #17.
- IPv6 is no longer disabled for websockets listeners.
- Remove all build timestamp information including $SYS/broker/timestamp.
Close #651.
- Correctly handle incoming strings that contain a NULL byte. Closes #693.
- Use constant time memcmp for password comparisons.
- Fix incorrect PSK key being used if it had leading zeroes.
- Fix memory leak if a client provided a username/password for a listener with
use_identity_as_username configured.
- Fix use_identity_as_username not working on websockets clients.
- Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on
a websockets client. Closes #490.
- Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507.
- Lines in the config file are no longer limited to 1024 characters long.
Closes #652.
- Fix $SYS counters of messages and bytes sent when message is sent over
a Websockets. Closes #250.
- Fix upgrade_outgoing_qos for retained message. Closes #534.
- Fix CONNACK message not being sent for unauthorised connect on websockets.
Closes #8.
- Maximum connections on Windows increased to 2048.
- When a client with an in-use client-id connects, if the old client has a
will, send the will message. Closes #26.
- Fix parsing of configuration options that end with a space. Closes #804.
Client library features:
- Outgoing messages with QoS>1 are no longer retried after a timeout period.
Messages will be retried when a client reconnects.
- DNS-SRV support is now disabled by default.
- Add mosquitto_subscribe_simple() This is a helper function to make
retrieving messages from a broker very straightforward. Examples of its use
are in examples/subscribe_simple.
- Add mosquitto_subscribe_callback() This is a helper function to make
processing messages from a broker very straightforward. An example of its use
is in examples/subscribe_simple.
- Connections now default to using MQTT v3.1.1.
- Add mosquitto_validate_utf8() to check whether a string is valid UTF-8
according to the UTF-8 spec and to the additional restrictions imposed by
the MQTT spec.
- Topic inputs are checked for UTF-8 validity.
- Add mosquitto_userdata function to allow retrieving the client userdata
member variable. Closes #111.
- Add mosquitto_pub_topic_check2(), mosquitto_sub_topic_check2(), and
mosquitto_topic_matches_sub2() which are identical to the similarly named
functions but also take length arguments.
- Add mosquitto_connect_with_flags_callback_set(), which allows a second
connect callback to be used which also exposes the connect flags parameter.
Closes #738 and #128.
- Add MOSQ_OPT_SSL_CTX option to allow a user specified SSL_CTX to be used
instead of the one generated by libmosquitto. This allows greater control
over what options can be set. Closes #715.
- Add MOSQ_OPT_SSL_CTX_WITH_DEFAULTS to work with MOSQ_OPT_SSL_CTX and have
the default libmosquitto SSL_CTX configuration applied to the user provided
SSL_CTX. Closes #567.
Client library fixes:
- Fix incorrect PSK key being used if it had leading zeroes.
- Initialise "result" variable as soon as possible in
mosquitto_topic_matches_sub. Closes #654.
- No need to close socket again if setting non-blocking failed. Closes #649.
- Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against
foo/+/#. Closes #670.
- SNI host support added.
Client features:
- Add -F to mosquitto_sub to allow the user to choose the output format.
- Add -U to mosquitto_sub for unsubscribing from topics.
- Add -c (clean session) to mosquitto_pub.
- Add --retained-only to mosquitto_sub to exit after receiving all retained
messages.
- Add -W to allow mosquitto_sub to stop processing incoming messages after a
timeout.
- Connections now default to using MQTT v3.1.1.
- Default to using port 8883 when using TLS.
- mosquitto_sub doesn't continue to keep connecting if CONNACK tells it the
connection was refused.
Client fixes:
- Correctly handle empty files with "mosquitto_pub -l". Closes #676.
Build:
- Add WITH_STRIP option (defaulting to "no") that when set to "yes" will strip
executables and shared libraries when installing.
- Add WITH_STATIC_LIBRARIES (defaulting to "no") that when set to "yes" will
build and install static versions of the client libraries.
- Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.
- Support for openssl versions 1.0.0 and 1.0.1 has been removed as these are
no longer supported by openssl.
Documentation:
- Replace mentions of deprecated 'c_rehash' with 'openssl rehash'.
1.4.15 - 20180228
=================
Security:
- Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more
file descriptors, then opening the configuration file will fail and security
settings will be set back to their default values.
- Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by
setting "remaining length" to be a large value. This is now mitigated by
limiting the size of remaining length to valid values. A "memory_limit"
configuration option has also been added to allow the overall memory used by
the broker to be limited.
Broker:
- Use constant time memcmp for password comparisons.
- Fix incorrect PSK key being used if it had leading zeroes.
- Fix memory leak if a client provided a username/password for a listener with
use_identity_as_username configured.
- Fix use_identity_as_username not working on websockets clients.
- Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on
a websockets client. Closes #490.
- Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507.
- Lines in the config file are no longer limited to 1024 characters long.
Closes #652.
- Fix $SYS counters of messages and bytes sent when message is sent over
a Websockets. Closes #250.
- Fix upgrade_outgoing_qos for retained message. Closes #534.
- Fix CONNACK message not being sent for unauthorised connect on websockets.
Closes #8.
Client library:
- Fix incorrect PSK key being used if it had leading zeroes.
- Initialise "result" variable as soon as possible in
mosquitto_topic_matches_sub. Closes #654.
- No need to close socket again if setting non-blocking failed. Closes #649.
- Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against
foo/+/#. Closes #670.
Clients:
- Correctly handle empty files with "mosquitto_pub -l". Closes #676.
Build:
- Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.
1.4.14 - 20170710
=================
Broker:
- Fix regression from 1.4.13 where persistence data was not being saved.
1.4.13 - 20170627
=================
Security:
- Fix CVE-2017-9868. The persistence file was readable by all local users,
potentially allowing sensitive information to be leaked.
This can also be fixed administratively, by restricting access to the
directory in which the persistence file is stored.
Broker:
- Fix for poor websockets performance.
- Fix lazy bridges not timing out for idle_timeout. Closes #417.
- Fix problems with large retained messages over websockets. Closes #427.
- Set persistence file to only be readable by owner, except on Windows. Closes
#468.
- Fix CONNECT check for reserved=0, as per MQTT v3.1.1 check MQTT-3.1.2-3.
- When the broker stop, wills for any connected clients are now "sent". Closes
#477.
- Auth plugins can be configured to disable the check for +# in
usernames/client ids with the auth_plugin_deny_special_chars option.
Partially closes #462.
- Restrictions for CVE-2017-7650 have been relaxed - '/' is allowed in
usernames/client ids. Remainder of fix for #462.
Clients:
- Don't use / in auto-generated client ids.
1.4.12 - 20170528
=================
Security:
- Fix CVE-2017-7650, which allows clients with username or client id set to
'#' or '+' to bypass pattern based ACLs or third party plugins. The fix
denies message sending or receiving of messages for clients with a '#' or
'+' in their username or client id and if the message is subject to a
pattern ACL check or plugin check.
Patches for other versions are available at
https://mosquitto.org/files/cve/2017-7650/
Broker:
- Fix mosquitto.db from becoming corrupted due to client messages being
persisted with no stored message. Closes #424.
- Fix bridge not restarting properly. Closes #428.
- Fix unitialized memory in gets_quiet on Windows. Closes #426.
- Fix building with WITH_ADNS=no for systems that don't use glibc. Closes
#415.
- Fixes to readme.md.
- Fix deprecation warning for OpenSSL 1.1. PR #416.
- Don't segfault on duplicate bridge names. Closes #446.
- Fix CVE-2017-7650.
1.4.11 - 20170220
=================
Broker:
- Fix crash when "lazy" type bridge attempts to reconnect. Closes #259.
- maximum_connections now applies to websockets listeners. Closes #271.
- Allow bridges to use TLS with IPv6.
- Don't error on zero length persistence files. Closes #316.
- For http only websockets clients, close files served over http in all cases
when the client disconnects. Closes #354.
- Fix error message when websockets http_dir directory does not exist.
- Improve password utility error message. Closes #379.
Clients:
- Use of --ciphers no longer requires you to also pass --tls-version.
Closes #380.
Client library:
- Clients can now use TLS with IPv6.
- Fix potential socket leakage when reconnecting. Closes #304.
- Fix potential negative timeout being passed to pselect. Closes #329.
1.4.10 - 20160816
=================
Broker:
- Fix TLS operation with websockets listeners and libwebsockts 2.x. Closes
#186.
- Don't disconnect client on HUP before reading the pending data. Closes #7.
- Fix some $SYS messages being incorrectly persisted. Closes #191.
- Support OpenSSL 1.1.0.
- Call fsync after persisting data to ensure it is correctly written. Closes
#189.
- Fix persistence saving of subscription QoS on big-endian machines.
- Fix will retained flag handling on Windows. Closes #222.
- Broker now displays an error if it is unable to open the log file. Closes
#234.
Client library:
- Support OpenSSL 1.1.0.
- Fixed the C++ library not allowing SOCKS support to be used. Closes #198.
- Fix memory leak when verifying a server certificate with a subjectAltName
section. Closes #237.
Build:
- Don't attempt to install docs when WITH_DOCS=no. Closes #184.
1.4.9 - 20160603
================
Broker:
- Ensure websockets clients that previously connected with clean session set
to false have their queued messages delivered immediately on reconnecting.
Closes #476314.
- Reconnecting client with clean session set to false doesn't start with mid=1
again.
- Will topic isn't truncated by one byte when using a mount_point any more.
- Network errors are printed correctly on Windows.
- Fix incorrect $SYS heap memory reporting when using ACLs.
- Bridge config parameters couldn't contain a space, this has been fixed.
Closes #150.
- Fix saving of persistence messages that start with a '/'. Closes #151.
- Fix reconnecting for bridges that use TLS on Windows. Closes #154.
- Broker and bridges can now cope with unknown incoming PUBACK, PUBREC,
PUBREL, PUBCOMP without disconnecting. Closes #57.
- Fix websockets listeners not being able to bind to an IP address. Closes
#170.
- mosquitto_passwd utility now correctly deals with unknown command line
arguments in all cases. Closes #169.
- Fix publishing of $SYS/broker/clients/maximum
- Fix order of #includes in lib/send_mosq.c to ensure struct mosquitto doesn't
differ between source files when websockets is being used. Closes #180.
- Fix possible rare crash when writing out persistence file and a client has
incomplete messages inflight that it has been denied the right to publish.
Client library:
- Fix the case where a message received just before the keepalive timer
expired would cause the client to miss the keepalive timer.
- Return value of pthread_create is now checked.
- _mosquitto_destroy should not cancel threads that weren't created by
libmosquitto. Closes #166.
- Clients can now cope with unknown incoming PUBACK, PUBREC, PUBREL, PUBCOMP
without disconnecting. Closes #57.
- Fix mosquitto_topic_matches_sub() reporting matches on some invalid
subscriptions.
Clients:
- Handle some unchecked malloc() calls. Closes #1.
Build:
- Fix string quoting in CMakeLists.txt. Closes #4.
- Fix building on Visual Studio 2015. Closes #136.
1.4.8 - 20160214
================
Broker:
- Wills published by clients connected to a listener with mount_point defined
now correctly obey the mount point. This was a potential security risk
because it allowed clients to publish messages outside of their restricted
mount point. This is only affects brokers where the mount_point option is in
use. Closes #487178.
- Fix detection of broken connections on Windows. Closes #485143.
- Close stdin etc. when daemonised. Closes #485589.
- Fix incorrect detection of FreeBSD and OpenBSD. Closes #485131.
Client library:
- mosq->want_write should be cleared immediately before a call to SSL_write,
to allow clients using mosquitto_want_write() to get accurate results.
1.4.7 - 20151221
================
Broker:
- Fix support for libwebsockets 1.22.
1.4.6 - 20151220
================
Broker:
- Add support for libwebsockets 1.6.
Client library:
- Fix _mosquitto_socketpair() on Windows, reducing the chance of delays when
publishing. Closes #483979.
Clients:
- Fix "mosquitto_pub -l" stripping the final character on a line. Closes
#483981.
1.4.5 - 20151108
================
Broker:
- Fix possible memory leak if bridge using SSL attempts to connect to a
host that is not up.
- Free unused topic tree elements (fix in 1.4.3 was incomplete). Closes
#468987.
Clients:
- "mosquitto_pub -l" now no longer limited to 1024 byte lines. Closes #478917.
1.4.4 - 20150916
================
Broker:
- Don't leak sockets when outgoing bridge with multiple addresses cannot
connect. Closes #477571.
- Fix cross compiling of websockets. Closes #475807.
- Fix memory free related crashes on openwrt. Closes #475707.
- Fix excessive calls to message retry check.
1.4.3 - 20150818
================
Broker:
- Fix incorrect bridge notification on initial connection. Closes #467096.
- Build fixes for OpenBSD.
- Fix incorrect behaviour for autosave_interval, most noticable for
autosave_interval=1. Closes #465438.
- Fix handling of outgoing QoS>0 messages for bridges that could not be sent
because the bridge connection was down.
- Free unused topic tree elements. Closes #468987.
- Fix some potential memory leaks. Closes #470253.
- Fix potential crash on libwebsockets error.
Client library:
- Add missing error strings to mosquitto_strerror.
- Handle fragmented TLS packets without a delay. Closes #470660.
- Fix incorrect loop timeout being chosen when using threaded interface and
keepalive = 0. Closes #471334.
- Increment inflight messages count correctly. Closes #474935.
Clients:
- Report error string on connection failure rather than error code.
1.4.2 - 20150507
================
Broker:
- Fix bridge prefixes only working for the first outgoing message. Closes
#464437.
- Fix incorrect bridge connection notifications on local broker.
- Fix persistent db writing on Windows. Closes #464779.
- ACLs are now checked before sending a will message.
- Fix possible crash when using bridges on Windows. Closes #465384.
- Fix parsing of auth_opt_ arguments with extra spaces/tabs.
- Broker will return CONNACK rc=5 when a username/password is not authorised.
This was being incorrectly set as rc=4.
- Fix handling of payload lengths>4096 with websockets.
Client library:
- Inflight message count wasn't being decreased for outgoing messages using
QoS 2, meaning that only up to 20 QoS 2 messages could be sent. This has
been fixed. Closes #464436.
- Fix CMake dependencies for C++ wrapper building. Closes #463884.
- Fix possibility of select() being called with a socket that is >FD_SETSIZE.
This is a fix for #464632 that will be followed up by removing the select()
call in a future version.
- Fix calls to mosquitto_connect*_async() not completing.
1.4.1 - 20150403
================
Broker:
- Fix possible crash under heavy network load. Closes #463241.
- Fix possible crash when using pattern ACLs.
- Fix problems parsing config strings with multiple leading spaces. Closes
#462154.
- Websockets clients are now periodically disconnected if they have not
maintained their keepalive timer. Closes #461619.
- Fix possible minor memory leak on acl parsing.
Client library:
- Inflight limits should only apply to outgoing messages. Closes #461620.
- Fix reconnect bug on Windows. Closes #463000.
- Return -1 on error from mosquitto_socket(). Closes #461705.
- Fix crash on multiple calls to mosquitto_lib_init/mosquitto_lib_cleanup.
Closes #462780.
- Allow longer paths on Windows. Closes #462781.
- Make _mosquitto_mid_generate() thread safe. Closes #463479.
1.4 - 20150218
==============
Important changes:
- Websockets support in the broker.
- Bridge behaviour on the local broker has changed due to the introduction of
the local_* options. This may affect you if you are using authentication
and/or ACLs with bridges.
- The default TLS behaviour has changed to accept all of TLS v1.2, v1.1 and
v1.0, rather than only only one version of the protocol. It is still
possible to restrict a listener to a single version of TLS.
- The Python client has been removed now that the Eclipse Paho Python client
has had a release.
- When a durable client reconnects, its queued messages are now checked
against ACLs in case of a change in username/ACL state since it last
connected.
- New use_username_as_clientid option on the broker, for preventing hijacking
of a client id.
- The client library and clients now have experimental SOCKS5 support.
- Wildcard TLS certificates are now supported for bridges and clients.
- The clients have support for config files with default options.
- Client and client libraries have support for MQTT v3.1.1.
- Bridge support for MQTT v3.1.1.
Broker:
- Websockets support in the broker.
- Add local_clientid, local_username, local_password for bridge connections to
authenticate to the local broker.
- Default TLS mode now accepts TLS v1.2, v1.1 and v1.0.
- Support for ECDHE-ECDSA family ciphers.
- Fix bug #1324411, which could have had unexpected consequences for delayed
messages in rare circumstances.
- Add support for "session present" in CONNACK messages for MQTT v3.1.1.
- Remove strict protocol #ifdefs.
- Change $SYS/broker/clients/active -> $SYS/broker/clients/connected
- Change $SYS/broker/clients/inactive -> $SYS/broker/clients/disconnected
- When a durable client reconnects, its queued messages are now checked
against ACLs in case of a change in username/ACL state since it last
connected.
- libuuid is used to generate client ids, where it is available, when an MQTT
v3.1.1 client connects with a zero length client id.
- Anonymous clients are no longer accidently disconnected from the broker
after a SIGHUP.
- mosquitto_passwd now supports -b (batch mode) to allow the password to be
provided at the command line.
- Removed $SYS/broker/changeset. This was intended for use with debugging, but
in practice is of no use.
- Add support for use_username_as_clientid which can be used with
authentication to restrict ownership of client ids and hence prevent one
client disconnecting another by using the same client id.
- When "require_certificate" was false, the broker was incorrectly asking for
a certificate (but not checking it). This caused problems with some clients
and has been fixed so the broker no longer asks.
- When using syslog logging on non-Windows OSs, it is now possible to specify
the logging facility to one of local0-7 instead of the default "daemon".
- The bridge_attempt_unsubscribe option has been added, to allow the sending
of UNSUBSCRIBE requests to be disabled for topics with "out" direction.
Closes bug #456899.
- Wildcard TLS certificates are now supported for bridges.
- Support for "hour" client expiration lengths for the
persistent_client_expiration option. Closes bug #425835.
- Bridge support for MQTT v3.1.1.
- Root privileges are now dropped after starting listeners and loading
certificates/private keys, to allow private keys to have their permissions
restricted to the root user only. Closes bug #452914.
- Usernames and topics given in ACL files can now include a space. Closes bug
#431780.
- Fix hang if pattern acl contains a %u but an anonymous client connect.
Closes bug #455402.
- Fix man page installation with cmake. Closes bug #458843.
- When using "log_dest file" the output file is now flushed periodically.
Clients:
- Both clients can now load default configuration options from a file.
- Add -C option to mosquitto_sub to allow the client to quit after receiving a
certain count of messages. Closes bug #453850.
- Add --proxy SOCKS5 support for both clients.
- Pub client supports setting its keepalive. Closes bug #454852.
- Add support for config files with default options.
- Add support for MQTT v3.1.1.
Client library:
- Add experimental SOCKS5 support.
- mosquitto_loop_forever now quits after a fatal error, rather than blindly
retrying.
- SRV support is now not compiled in by default.
- Wildcard TLS certificates are now supported.
- mosquittopp now has a virtual destructor. Closes bug #452915.
- Add support for MQTT v3.1.1.
- Don't quit mosquitto_loop_forever() if broker not available on first
connect. Closes bug #453293, but requires more work.
1.3.5 - 20141008
================
Broker:
- Fix possible memory leak when using a topic that has a leading slash. Fixes
bug #1360985.
- Fix saving persistent database on Windows.
- Temporarily disable ACL checks on subscriptions when using MQTT v3.1.1. This
is due to the complexity of checking wildcard ACLs against wildcard
subscriptions. This does not have a negative impact on security because
checks are still made before a message is sent to a client.
Fixes bug #1374291.
- When using -v and the broker receives a SIGHUP, verbose logging was being
disabled. This has been fixed.
Client library:
- Fix mutex being incorrectly passed by value. Fixes bug #1373785.
1.3.4 - 20140806
================
Broker:
- Don't ask client for certificate when require_certificate is false.
- Backout incomplete functionality that was incorrectly included in 1.3.2.
1.3.3 - 20140801
================
Broker:
- Fix incorrect handling of anonymous bridges on the local broker.
1.3.2 - 20140713
================
Broker:
- Don't allow access to clients when authenticating if a security plugin
returns an application error. Fixes bug #1340782.
- Ensure that bridges verify certificates by default when using TLS.
- Fix possible crash when using pattern ACLs that do not include a %u and
clients that connect without a username.
- Fix subscriptions being deleted when clients subscribed to a topic beginning
with a $ but that is not $SYS.
- When a durable client reconnects, its queued messages are now checked
against ACLs in case of a change in username/ACL state since it last
connected.
- Fix bug #1324411, which could have had unexpected consequences for delayed
messages in rare circumstances.
- Anonymous clients are no longer accidently disconnected from the broker
after a SIGHUP.
Client library:
- Fix topic matching edge case.
- Fix callback deadlocks after calling mosquitto_disconnect(), when using the
threaded interfaces. Closes bug #1313725.
- Fix SRV support when building with CMake.
- Remove strict protocol #ifdefs.
General:
- Use $(STRIP) for stripping binaries when installing, to allow easier cross
compilation.
1.3.1 - 20140324
================
Broker:
- Prevent possible crash on client reconnect. Closes bug #1294108.
- Don't accept zero length unsubscription strings (MQTT v3.1.1 fix)
- Don't accept QoS 3 (MQTT v3.1.1 fix)
- Don't disconnect clients immediately on HUP to give chance for all data to
be read.
- Reject invalid un/subscriptions e.g. foo/+bar #/bar.
- Take more care not to disconnect clients that are sending large messages.
Client library:
- Fix socketpair code on the Mac.
- Fix compilation for WITH_THREADING=no.
- Break out of select() when calling mosquitto_loop_stop().
- Reject invalid un/subscriptions e.g. foo/+bar #/bar.
- Add mosquitto_threaded_set().
Clients: