Versions 2.0.11 and 1.6.15 of Mosquitto has been released. These are a security
and bugfix releases.
2.0.11
Security
- If an authenticated client connected with MQTT v5 sent a crafted CONNECT
message to the broker a memory leak would occur.
Affects versions 1.6 to 2.0.10 inclusive.
Broker
- Fix possible crash having just upgraded from 1.6 if
per_listener_settingsis set, and a SIGHUP is sent to the broker before a client has
true
reconnected to the broker. Closes #2167. - Fix bridge not reconnectng if the first reconnection attempt fails.
Closes #2207. - Improve QoS 0 outgoing packet queueing.
- Fix non-reachable bridge blocking the broker on Windows. Closes #2172.
- Fix possible corruption of pollfd array on Windows when bridges were
reconnecting. Closes #2173. - Fix QoS 0 messages not being queued when
queue_qos0_messageswas enabled.
Closes #2224.
Clients
- If sending mosquitto_sub output to a pipe, mosquitto_sub will now detect
that the pipe has closed and disconnect. Closes #2164. - Fix
mosquitto_pub -lquitting if a message publication is attempted when
the broker is temporarily unavailable. Closes #2187.
1.6.15
Security
- If an authenticated client connected with MQTT v5 sent a crafted CONNECT
message to the broker a memory leak would occur.
Affects versions 1.6 to 2.0.10 inclusive.