Eclipse Paho 1.0.0 (Luna) Release Review

End Date of the Review Period: 

Reviews run for a minimum of one week. The outcome of the review is decided on this date. This is the last day to make comments or ask questions about this review.

Wednesday, June 11, 2014

1.0.0 (Luna)


This is a simultaneous release with Luna, but not in the Luna repositories. 

The Paho client libraries have been in use for several years now by IBM and Mosquitto, amongst others, predating the Paho project itself.  We consider them mature and suitable for production use, which is why we are proposing to graduate the project with this release.

The main functional addition is the support of the latest version of the MQTT 3.1.1 specification, an OASIS standard.

API Certification: 

The project leadership certifies that the APIs in this release are "Eclipse Quality".

Architectural Issues: 

Each of the APIs in any of the languages has a similar look and feel, with one operation for each of the MQTT commands, connect, subscribe, unsubscribe, publish and disconnect.  So, the behaviour of each is similar, internally.

Static analyis of the C client library showed no serious logic errors, and only 3 possible minor errors.

Gerrit is used to review contributions on the git source repositories.  Build and test results are available on the Paho HIPP instance:, with builds triggered automatically by Gerrit submissions.


Security Issues: 

The C client library does make use of OpenSSL for secure connections.  However OpenSSL is not packaged or supplied with the Paho library - the version of OpenSSL provided by the host operating system is used.  So it is up to the user to use a version of OpenSSL which they are happy with. 

The Python MQTT client library also indirectly uses OpenSSL through the Python SSL libraries.  Python itself needs to be kept updated to get the latest OpenSSL fixes.

One issue was raised as a vulnerability (, but this is normally avoided as described in the bug.   An option to allow this will be added in a future release.


Non-Code Aspects: 

The Paho web pages have been updated to have a separate page for each MQTT client:

A number of MQTT/Paho articles have been written and linked to from the website:,

All of the APIs have samples to show how to get started with the API and reference documentation in a form suitable for that language (JavaDoc, Doxygen, etc).

Usability Details: 

Each of the APIs in any of the languages has a similar look and feel, with one operation for each of the MQTT commands, connect, subscribe, unsubscribe, publish and disconnect.   The success or failure of these operations is reported either synchronously via a return code, or asynchronously in a callback, depending on the API.   The basic styles of API have been developed over 8 years or more, from before Paho's existence, and continued within Paho, so we are confident of their basic usability.  We continue to get feedback and improve where necessary, for instance with the new embedded APIs.


This release will be the first to support the OASIS MQTT 3.1.1 standard



At the time of writing, there are 112 resolved/closed bugs for the Java, C, JavaScript and Python clients combined:

and 22 unresolved:

At EclipseCon 2014, an MQTT interoperability test day was held (  Test material from Paho was integral to the success of this day - although the test material is not part of this release. Four sessions at EclipseCon referenced MQTT and Paho: "Flying Sharks and M2M", "M2M Lightning Talks", "M2M, IOT, Device Management", "Powering Your Next Internet of Things App with MQTT". is a central focus of the MQTT community - Paho news is updated here too

We are working with the mbed ( community on embedded MQTT clients: The master source will reside in the Paho project.

Several Paho committers are members of the MQTT OASIS standardization committee:

MQTT and the Python client library:


This release is part of Luna.