Eclipse Mosquitto™ 1.5.3

1.5.3

Description

Security

  • Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit.

Broker

  • Elevate log level to warning for situation when socket limit is hit.
  • Remove requirement to use `user root` in snap package config files.
  • Fix retained messages not sent by bridges on outgoing topics at the first connection. Closes #701.
  • Documentation fixes. Closes #520, #600.
  • Fix duplicate clients being added to by_id hash before the old client was removed. Closes #645.
  • Fix Windows version not starting if include_dir did not contain any files. Closes #566.

Build

  • Various fixes to ease building.
Security Issues

Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit.

https://bugs.eclipse.org/bugs/show_bug.cgi?id=539295

Conforms To UI/UX Guidelines
Not verified