Eclipse Paho 1.4.0 (Photon) Release Review

End Date of the Review Period

Reviews run for a minimum of one week. The outcome of the review is decided on this date. This is the last day to make comments or ask questions about this review.


1.4.0 (Photon)


A new version of MQTT is being developed, nearing completion, 5.0.  This release of Paho will contain support for MQTT 5.0 for a number of components:

Plus service releases for other components.  MQTT 5.0 support for further components will be targeted in follow on releases.

API Certification

The project leadership certifies that the APIs in this release are "Eclipse Quality".

Architectural Issues

Unlike most other Eclipse projects, Paho is made up of a number of separate components that have no relation to each other apart from their focus on MQTT. The majourity of components in Paho are APIs for specific languages or runtime environments, however they are all goverend by the MQTT specification which defines the protocol between clients and servers, but not the APIs that implement it. In the case of the Paho client libraries, we are faced with two options; We could design the APIs to be very similar across all languages and platforms, or we could tailor them to the individual language they are written in so that consumers of the library feel more comforatable using them.

With Paho, we have chosen to follow the API styles set out by the individual languages that each component is written in / for. 

Security Issues

MQTT uses TCP as its underlying transport.  Each of the APIs allows the TCP connection to be secured with TLS/SSL using the facilities available on that  platform.  For example:

  • Java - JDK standard TLS/SSL libraries
  • .Net framework standard TLS/SSL libraries
  • Python built-in TLS/SSL libraries
  • C - OpenSSL
  • Embedded C - no TLS support included, but supports the use of any TLS library
  • GoLang - built-in TLS/SSL library: crypto/tls
  • JavaScript - Web Browser built-in TLS/SSL library

No TLS/SSL support is directly included in the Paho components, they use what is available in the external environment.  That external environment needs to be updated with recent TLS software to ensure TLS vulnerability fixes are included.

Non-Code Aspects

The Paho web pages have a separate getting started page for each component:

All of the APIs have samples demonstrating the use of the API and reference documentation in a form suitable for that language (JavaDoc, Doxygen, etc). There are plans to improve the documentation and example code though as well as a snippets page that allows developers to quickly find short examples for common MQTT tasks using the language / client of their choice.

The community wiki has been updated with links to all the Paho components (

Conforms To UI/UX Guidelines
Not verified
Usability Details

Each of the APIs in any of the languages has a similar capability, with one operation for each of the MQTT commands, connect, subscribe, unsubscribe, publish and disconnect.   The success or failure of these operations is reported either synchronously via a return code, or asynchronously in a callback, depending on the API.  

The basic styles of API have been developed over 8 years or more, from before Paho's existence, and continued within Paho, so we are confident of their basic usability. 

We continue to get feedback and improve where necessary, for instance with the new embedded APIs, which were designed in consultation with experienced developers.

We have also looked to improve areas of functionality within the clients to make using Paho easier for developers. One such example is the introduction of Automatic Reconnect & Offline buffering functionality that is now in the Java, Android and C clients. This means that developers no longer have to write their own code to handle lost connections in their applications or the buffering of messages whilst the client attempts to reconnect. We are always looking for new ways to reduce the amount of 'boilerplate code' that developers have to write especially if multiple developers have to write the same code in their applications.


Each of the MQTT components supports the MQTT v3.1.1 standard version of the protocol (  Some may also support the older 3.1 specification.

The MQTT-SN components implement version 1.2 of the MQTT-SN specification (

Some of the MQTT components now support the MQTT 5.0 specification available here:


In 2015 Paho migrated from the Eclipse Git / Gerrit / Bugzilla infrastructure to GitHub.  Since then there has been a continuing increase in issues being raised and code contributions (PRs). At the time of writing, the Paho components have been starred 4108 times in total (up from 1766) and users have forked the code 1969 times (up from 967).

In the year to December 2017 668 issues were opened and 490 closed. Issue, PR and mailing list activity has consistent external contributions and interest.  The number of committers now stands at 13, and the number of code authors is at least 88, (up from 50).

As of December 2017, Paho still has the second highest website traffic of any Eclipse IoT project behind Mosquitto.    This means that the MQTT projects have over 50% of all Eclipse IoT measured website traffic.  Paho had the highest measured downloads of any Eclipse IoT project in December 2017 with over 50,000 in that month (up from 20,000 the previous year). This statistic omits many downloads of Paho which can be obtained in other ways (external package repositories or source, for instance). 

They are only a rough guide, but these figures show continuing increase in activity and interest around Paho and MQTT year on year.

Some of the components are made available on the distribution mechanism suitable for that community: PyPi for Python, Maven central for Java, Linux repos for C.   We collaborate with the mbed ( community on embedded MQTT clients: The master source resides in the Paho project.

This release is part of Eclipse Photon