forked from eclipse-mosquitto/mosquitto
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathChangeLog.txt
1740 lines (1506 loc) · 73.4 KB
/
ChangeLog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1.5 - 20180502
==============
Security:
- Fix memory leak that could be caused by a malicious CONNECT packet. This
does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker)
Broker features:
- Add per_listener_settings to allow authentication and access control to be
per listener.
- Add limited support for reloading listener settings. This allows settings
for an already defined listener to be reloaded, but port numbers must not be
changed.
- Add ability to deny access to SUBSCRIBE messages as well as the current
read/write accesses. Currently for auth plugins only.
- Reduce calls to malloc through the use of UHPA.
- Outgoing messages with QoS>1 are no longer retried after a timeout period.
Messages will be retried when a client reconnects. This change in behaviour
can be justified by considering when the timeout may have occurred.
* If a connection is unreliable and has dropped, but without one end
noticing, the messages will be retried on reconnection. Sending
additional PUBLISH or PUBREL would not have changed anything.
* If a client is overloaded/unable to respond/has a slow connection then
sending additional PUBLISH or PUBREL would not help the client catch
up. Once the backlog has cleared the client will respond. If it is not
able to catch up, sending additional duplicates would not help either.
- Add use_subject_as_username option for certificate based client
authentication to use the entire certificate subject as a username, rather
than just the CN. Closes #469467.
- Change sys tree printing output. This format shouldn't be relied upon and
may change at any time. Closes #470246.
- Minimum supported libwebsockets version is now 1.3.
- Add systemd startup notification and services. Closes #471053.
- Reduce unnecessary malloc and memcpy when receiving a message and storing
it. Closes #470258.
- Support for Windows XP has been dropped.
- Bridge connections now default to using MQTT v3.1.1.
- mosquitto_db_dump tool can now output some stats on clients.
- Perform utf-8 validation on incoming will, subscription and unsubscription
topics.
- new $SYS/broker/store/messages/count (deprecates $SYS/broker/messages/stored)
- new $SYS/broker/store/messages/bytes
- max_queued_bytes feature to limit queues by real size rather than
than just message count. Closes Eclipse #452919 or Github #100
- Add support for bridges to be configured to only send notifications to the
local broker.
- Add set_tcp_nodelay option to allow Nagle's algorithm to be disabled on
client sockets. Closes #433.
- The behaviour of allow_anonymous has changed. In the old behaviour, the
default if not set was to allow anonymous access. The new behaviour is to
default is to allow anonymous access unless another security option is set.
For example, if password_file is set and allow_anonymous is not set, then
anonymous access will be denied. It is still possible to allow anonymous
access by setting it explicitly.
Broker fixes:
- Fix UNSUBSCRIBE with no topic is accepted on MQTT 3.1.1. Closes #665.
- Produce an error if two bridges share the same local_clientid.
- Miscellaneous fixes on Windows.
- queue_qos0_messages was not observing max_queued_** limits
- When using the include_dir configuration option sort the files
alphabetically before loading them. Closes #17.
- IPv6 is no longer disabled for websockets listeners.
- Remove all build timestamp information including $SYS/broker/timestamp.
Close #651.
- Correctly handle incoming strings that contain a NULL byte. Closes #693.
- Use constant time memcmp for password comparisons.
- Fix incorrect PSK key being used if it had leading zeroes.
- Fix memory leak if a client provided a username/password for a listener with
use_identity_as_username configured.
- Fix use_identity_as_username not working on websockets clients.
- Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on
a websockets client. Closes #490.
- Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507.
- Lines in the config file are no longer limited to 1024 characters long.
Closes #652.
- Fix $SYS counters of messages and bytes sent when message is sent over
a Websockets. Closes #250.
- Fix upgrade_outgoing_qos for retained message. Closes #534.
- Fix CONNACK message not being sent for unauthorised connect on websockets.
Closes #8.
- Maximum connections on Windows increased to 2048.
- When a client with an in-use client-id connects, if the old client has a
will, send the will message. Closes #26.
- Fix parsing of configuration options that end with a space. Closes #804.
Client library features:
- Outgoing messages with QoS>1 are no longer retried after a timeout period.
Messages will be retried when a client reconnects.
- DNS-SRV support is now disabled by default.
- Add mosquitto_subscribe_simple() This is a helper function to make
retrieving messages from a broker very straightforward. Examples of its use
are in examples/subscribe_simple.
- Add mosquitto_subscribe_callback() This is a helper function to make
processing messages from a broker very straightforward. An example of its use
is in examples/subscribe_simple.
- Connections now default to using MQTT v3.1.1.
- Add mosquitto_validate_utf8() to check whether a string is valid UTF-8
according to the UTF-8 spec and to the additional restrictions imposed by
the MQTT spec.
- Topic inputs are checked for UTF-8 validity.
- Add mosquitto_userdata function to allow retrieving the client userdata
member variable. Closes #111.
- Add mosquitto_pub_topic_check2(), mosquitto_sub_topic_check2(), and
mosquitto_topic_matches_sub2() which are identical to the similarly named
functions but also take length arguments.
- Add mosquitto_connect_with_flags_callback_set(), which allows a second
connect callback to be used which also exposes the connect flags parameter.
Closes #738 and #128.
- Add MOSQ_OPT_SSL_CTX option to allow a user specified SSL_CTX to be used
instead of the one generated by libmosquitto. This allows greater control
over what options can be set. Closes #715.
- Add MOSQ_OPT_SSL_CTX_WITH_DEFAULTS to work with MOSQ_OPT_SSL_CTX and have
the default libmosquitto SSL_CTX configuration applied to the user provided
SSL_CTX. Closes #567.
Client library fixes:
- Fix incorrect PSK key being used if it had leading zeroes.
- Initialise "result" variable as soon as possible in
mosquitto_topic_matches_sub. Closes #654.
- No need to close socket again if setting non-blocking failed. Closes #649.
- Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against
foo/+/#. Closes #670.
- SNI host support added.
Client features:
- Add -F to mosquitto_sub to allow the user to choose the output format.
- Add -U to mosquitto_sub for unsubscribing from topics.
- Add -c (clean session) to mosquitto_pub.
- Add --retained-only to mosquitto_sub to exit after receiving all retained
messages.
- Add -W to allow mosquitto_sub to stop processing incoming messages after a
timeout.
- Connections now default to using MQTT v3.1.1.
- Default to using port 8883 when using TLS.
- mosquitto_sub doesn't continue to keep connecting if CONNACK tells it the
connection was refused.
Client fixes:
- Correctly handle empty files with "mosquitto_pub -l". Closes #676.
Build:
- Add WITH_STRIP option (defaulting to "no") that when set to "yes" will strip
executables and shared libraries when installing.
- Add WITH_STATIC_LIBRARIES (defaulting to "no") that when set to "yes" will
build and install static versions of the client libraries.
- Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.
- Support for openssl versions 1.0.0 and 1.0.1 has been removed as these are
no longer supported by openssl.
Documentation:
- Replace mentions of deprecated 'c_rehash' with 'openssl rehash'.
1.4.15 - 20180228
=================
Security:
- Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more
file descriptors, then opening the configuration file will fail and security
settings will be set back to their default values.
- Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by
setting "remaining length" to be a large value. This is now mitigated by
limiting the size of remaining length to valid values. A "memory_limit"
configuration option has also been added to allow the overall memory used by
the broker to be limited.
Broker:
- Use constant time memcmp for password comparisons.
- Fix incorrect PSK key being used if it had leading zeroes.
- Fix memory leak if a client provided a username/password for a listener with
use_identity_as_username configured.
- Fix use_identity_as_username not working on websockets clients.
- Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on
a websockets client. Closes #490.
- Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507.
- Lines in the config file are no longer limited to 1024 characters long.
Closes #652.
- Fix $SYS counters of messages and bytes sent when message is sent over
a Websockets. Closes #250.
- Fix upgrade_outgoing_qos for retained message. Closes #534.
- Fix CONNACK message not being sent for unauthorised connect on websockets.
Closes #8.
Client library:
- Fix incorrect PSK key being used if it had leading zeroes.
- Initialise "result" variable as soon as possible in
mosquitto_topic_matches_sub. Closes #654.
- No need to close socket again if setting non-blocking failed. Closes #649.
- Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against
foo/+/#. Closes #670.
Clients:
- Correctly handle empty files with "mosquitto_pub -l". Closes #676.
Build:
- Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.
1.4.14 - 20170710
=================
Broker:
- Fix regression from 1.4.13 where persistence data was not being saved.
1.4.13 - 20170627
=================
Security:
- Fix CVE-2017-9868. The persistence file was readable by all local users,
potentially allowing sensitive information to be leaked.
This can also be fixed administratively, by restricting access to the
directory in which the persistence file is stored.
Broker:
- Fix for poor websockets performance.
- Fix lazy bridges not timing out for idle_timeout. Closes #417.
- Fix problems with large retained messages over websockets. Closes #427.
- Set persistence file to only be readable by owner, except on Windows. Closes
#468.
- Fix CONNECT check for reserved=0, as per MQTT v3.1.1 check MQTT-3.1.2-3.
- When the broker stop, wills for any connected clients are now "sent". Closes
#477.
- Auth plugins can be configured to disable the check for +# in
usernames/client ids with the auth_plugin_deny_special_chars option.
Partially closes #462.
- Restrictions for CVE-2017-7650 have been relaxed - '/' is allowed in
usernames/client ids. Remainder of fix for #462.
Clients:
- Don't use / in auto-generated client ids.
1.4.12 - 20170528
=================
Security:
- Fix CVE-2017-7650, which allows clients with username or client id set to
'#' or '+' to bypass pattern based ACLs or third party plugins. The fix
denies message sending or receiving of messages for clients with a '#' or
'+' in their username or client id and if the message is subject to a
pattern ACL check or plugin check.
Patches for other versions are available at
https://mosquitto.org/files/cve/2017-7650/
Broker:
- Fix mosquitto.db from becoming corrupted due to client messages being
persisted with no stored message. Closes #424.
- Fix bridge not restarting properly. Closes #428.
- Fix unitialized memory in gets_quiet on Windows. Closes #426.
- Fix building with WITH_ADNS=no for systems that don't use glibc. Closes
#415.
- Fixes to readme.md.
- Fix deprecation warning for OpenSSL 1.1. PR #416.
- Don't segfault on duplicate bridge names. Closes #446.
- Fix CVE-2017-7650.
1.4.11 - 20170220
=================
Broker:
- Fix crash when "lazy" type bridge attempts to reconnect. Closes #259.
- maximum_connections now applies to websockets listeners. Closes #271.
- Allow bridges to use TLS with IPv6.
- Don't error on zero length persistence files. Closes #316.
- For http only websockets clients, close files served over http in all cases
when the client disconnects. Closes #354.
- Fix error message when websockets http_dir directory does not exist.
- Improve password utility error message. Closes #379.
Clients:
- Use of --ciphers no longer requires you to also pass --tls-version.
Closes #380.
Client library:
- Clients can now use TLS with IPv6.
- Fix potential socket leakage when reconnecting. Closes #304.
- Fix potential negative timeout being passed to pselect. Closes #329.
1.4.10 - 20160816
=================
Broker:
- Fix TLS operation with websockets listeners and libwebsockts 2.x. Closes
#186.
- Don't disconnect client on HUP before reading the pending data. Closes #7.
- Fix some $SYS messages being incorrectly persisted. Closes #191.
- Support OpenSSL 1.1.0.
- Call fsync after persisting data to ensure it is correctly written. Closes
#189.
- Fix persistence saving of subscription QoS on big-endian machines.
- Fix will retained flag handling on Windows. Closes #222.
- Broker now displays an error if it is unable to open the log file. Closes
#234.
Client library:
- Support OpenSSL 1.1.0.
- Fixed the C++ library not allowing SOCKS support to be used. Closes #198.
- Fix memory leak when verifying a server certificate with a subjectAltName
section. Closes #237.
Build:
- Don't attempt to install docs when WITH_DOCS=no. Closes #184.
1.4.9 - 20160603
================
Broker:
- Ensure websockets clients that previously connected with clean session set
to false have their queued messages delivered immediately on reconnecting.
Closes #476314.
- Reconnecting client with clean session set to false doesn't start with mid=1
again.
- Will topic isn't truncated by one byte when using a mount_point any more.
- Network errors are printed correctly on Windows.
- Fix incorrect $SYS heap memory reporting when using ACLs.
- Bridge config parameters couldn't contain a space, this has been fixed.
Closes #150.
- Fix saving of persistence messages that start with a '/'. Closes #151.
- Fix reconnecting for bridges that use TLS on Windows. Closes #154.
- Broker and bridges can now cope with unknown incoming PUBACK, PUBREC,
PUBREL, PUBCOMP without disconnecting. Closes #57.
- Fix websockets listeners not being able to bind to an IP address. Closes
#170.
- mosquitto_passwd utility now correctly deals with unknown command line
arguments in all cases. Closes #169.
- Fix publishing of $SYS/broker/clients/maximum
- Fix order of #includes in lib/send_mosq.c to ensure struct mosquitto doesn't
differ between source files when websockets is being used. Closes #180.
- Fix possible rare crash when writing out persistence file and a client has
incomplete messages inflight that it has been denied the right to publish.
Client library:
- Fix the case where a message received just before the keepalive timer
expired would cause the client to miss the keepalive timer.
- Return value of pthread_create is now checked.
- _mosquitto_destroy should not cancel threads that weren't created by
libmosquitto. Closes #166.
- Clients can now cope with unknown incoming PUBACK, PUBREC, PUBREL, PUBCOMP
without disconnecting. Closes #57.
- Fix mosquitto_topic_matches_sub() reporting matches on some invalid
subscriptions.
Clients:
- Handle some unchecked malloc() calls. Closes #1.
Build:
- Fix string quoting in CMakeLists.txt. Closes #4.
- Fix building on Visual Studio 2015. Closes #136.
1.4.8 - 20160214
================
Broker:
- Wills published by clients connected to a listener with mount_point defined
now correctly obey the mount point. This was a potential security risk
because it allowed clients to publish messages outside of their restricted
mount point. This is only affects brokers where the mount_point option is in
use. Closes #487178.
- Fix detection of broken connections on Windows. Closes #485143.
- Close stdin etc. when daemonised. Closes #485589.
- Fix incorrect detection of FreeBSD and OpenBSD. Closes #485131.
Client library:
- mosq->want_write should be cleared immediately before a call to SSL_write,
to allow clients using mosquitto_want_write() to get accurate results.
1.4.7 - 20151221
================
Broker:
- Fix support for libwebsockets 1.22.
1.4.6 - 20151220
================
Broker:
- Add support for libwebsockets 1.6.
Client library:
- Fix _mosquitto_socketpair() on Windows, reducing the chance of delays when
publishing. Closes #483979.
Clients:
- Fix "mosquitto_pub -l" stripping the final character on a line. Closes
#483981.
1.4.5 - 20151108
================
Broker:
- Fix possible memory leak if bridge using SSL attempts to connect to a
host that is not up.
- Free unused topic tree elements (fix in 1.4.3 was incomplete). Closes
#468987.
Clients:
- "mosquitto_pub -l" now no longer limited to 1024 byte lines. Closes #478917.
1.4.4 - 20150916
================
Broker:
- Don't leak sockets when outgoing bridge with multiple addresses cannot
connect. Closes #477571.
- Fix cross compiling of websockets. Closes #475807.
- Fix memory free related crashes on openwrt. Closes #475707.
- Fix excessive calls to message retry check.
1.4.3 - 20150818
================
Broker:
- Fix incorrect bridge notification on initial connection. Closes #467096.
- Build fixes for OpenBSD.
- Fix incorrect behaviour for autosave_interval, most noticable for
autosave_interval=1. Closes #465438.
- Fix handling of outgoing QoS>0 messages for bridges that could not be sent
because the bridge connection was down.
- Free unused topic tree elements. Closes #468987.
- Fix some potential memory leaks. Closes #470253.
- Fix potential crash on libwebsockets error.
Client library:
- Add missing error strings to mosquitto_strerror.
- Handle fragmented TLS packets without a delay. Closes #470660.
- Fix incorrect loop timeout being chosen when using threaded interface and
keepalive = 0. Closes #471334.
- Increment inflight messages count correctly. Closes #474935.
Clients:
- Report error string on connection failure rather than error code.
1.4.2 - 20150507
================
Broker:
- Fix bridge prefixes only working for the first outgoing message. Closes
#464437.
- Fix incorrect bridge connection notifications on local broker.
- Fix persistent db writing on Windows. Closes #464779.
- ACLs are now checked before sending a will message.
- Fix possible crash when using bridges on Windows. Closes #465384.
- Fix parsing of auth_opt_ arguments with extra spaces/tabs.
- Broker will return CONNACK rc=5 when a username/password is not authorised.
This was being incorrectly set as rc=4.
- Fix handling of payload lengths>4096 with websockets.
Client library:
- Inflight message count wasn't being decreased for outgoing messages using
QoS 2, meaning that only up to 20 QoS 2 messages could be sent. This has
been fixed. Closes #464436.
- Fix CMake dependencies for C++ wrapper building. Closes #463884.
- Fix possibility of select() being called with a socket that is >FD_SETSIZE.
This is a fix for #464632 that will be followed up by removing the select()
call in a future version.
- Fix calls to mosquitto_connect*_async() not completing.
1.4.1 - 20150403
================
Broker:
- Fix possible crash under heavy network load. Closes #463241.
- Fix possible crash when using pattern ACLs.
- Fix problems parsing config strings with multiple leading spaces. Closes
#462154.
- Websockets clients are now periodically disconnected if they have not
maintained their keepalive timer. Closes #461619.
- Fix possible minor memory leak on acl parsing.
Client library:
- Inflight limits should only apply to outgoing messages. Closes #461620.
- Fix reconnect bug on Windows. Closes #463000.
- Return -1 on error from mosquitto_socket(). Closes #461705.
- Fix crash on multiple calls to mosquitto_lib_init/mosquitto_lib_cleanup.
Closes #462780.
- Allow longer paths on Windows. Closes #462781.
- Make _mosquitto_mid_generate() thread safe. Closes #463479.
1.4 - 20150218
==============
Important changes:
- Websockets support in the broker.
- Bridge behaviour on the local broker has changed due to the introduction of
the local_* options. This may affect you if you are using authentication
and/or ACLs with bridges.
- The default TLS behaviour has changed to accept all of TLS v1.2, v1.1 and
v1.0, rather than only only one version of the protocol. It is still
possible to restrict a listener to a single version of TLS.
- The Python client has been removed now that the Eclipse Paho Python client
has had a release.
- When a durable client reconnects, its queued messages are now checked
against ACLs in case of a change in username/ACL state since it last
connected.
- New use_username_as_clientid option on the broker, for preventing hijacking
of a client id.
- The client library and clients now have experimental SOCKS5 support.
- Wildcard TLS certificates are now supported for bridges and clients.
- The clients have support for config files with default options.
- Client and client libraries have support for MQTT v3.1.1.
- Bridge support for MQTT v3.1.1.
Broker:
- Websockets support in the broker.
- Add local_clientid, local_username, local_password for bridge connections to
authenticate to the local broker.
- Default TLS mode now accepts TLS v1.2, v1.1 and v1.0.
- Support for ECDHE-ECDSA family ciphers.
- Fix bug #1324411, which could have had unexpected consequences for delayed
messages in rare circumstances.
- Add support for "session present" in CONNACK messages for MQTT v3.1.1.
- Remove strict protocol #ifdefs.
- Change $SYS/broker/clients/active -> $SYS/broker/clients/connected
- Change $SYS/broker/clients/inactive -> $SYS/broker/clients/disconnected
- When a durable client reconnects, its queued messages are now checked
against ACLs in case of a change in username/ACL state since it last
connected.
- libuuid is used to generate client ids, where it is available, when an MQTT
v3.1.1 client connects with a zero length client id.
- Anonymous clients are no longer accidently disconnected from the broker
after a SIGHUP.
- mosquitto_passwd now supports -b (batch mode) to allow the password to be
provided at the command line.
- Removed $SYS/broker/changeset. This was intended for use with debugging, but
in practice is of no use.
- Add support for use_username_as_clientid which can be used with
authentication to restrict ownership of client ids and hence prevent one
client disconnecting another by using the same client id.
- When "require_certificate" was false, the broker was incorrectly asking for
a certificate (but not checking it). This caused problems with some clients
and has been fixed so the broker no longer asks.
- When using syslog logging on non-Windows OSs, it is now possible to specify
the logging facility to one of local0-7 instead of the default "daemon".
- The bridge_attempt_unsubscribe option has been added, to allow the sending
of UNSUBSCRIBE requests to be disabled for topics with "out" direction.
Closes bug #456899.
- Wildcard TLS certificates are now supported for bridges.
- Support for "hour" client expiration lengths for the
persistent_client_expiration option. Closes bug #425835.
- Bridge support for MQTT v3.1.1.
- Root privileges are now dropped after starting listeners and loading
certificates/private keys, to allow private keys to have their permissions
restricted to the root user only. Closes bug #452914.
- Usernames and topics given in ACL files can now include a space. Closes bug
#431780.
- Fix hang if pattern acl contains a %u but an anonymous client connect.
Closes bug #455402.
- Fix man page installation with cmake. Closes bug #458843.
- When using "log_dest file" the output file is now flushed periodically.
Clients:
- Both clients can now load default configuration options from a file.
- Add -C option to mosquitto_sub to allow the client to quit after receiving a
certain count of messages. Closes bug #453850.
- Add --proxy SOCKS5 support for both clients.
- Pub client supports setting its keepalive. Closes bug #454852.
- Add support for config files with default options.
- Add support for MQTT v3.1.1.
Client library:
- Add experimental SOCKS5 support.
- mosquitto_loop_forever now quits after a fatal error, rather than blindly
retrying.
- SRV support is now not compiled in by default.
- Wildcard TLS certificates are now supported.
- mosquittopp now has a virtual destructor. Closes bug #452915.
- Add support for MQTT v3.1.1.
- Don't quit mosquitto_loop_forever() if broker not available on first
connect. Closes bug #453293, but requires more work.
1.3.5 - 20141008
================
Broker:
- Fix possible memory leak when using a topic that has a leading slash. Fixes
bug #1360985.
- Fix saving persistent database on Windows.
- Temporarily disable ACL checks on subscriptions when using MQTT v3.1.1. This
is due to the complexity of checking wildcard ACLs against wildcard
subscriptions. This does not have a negative impact on security because
checks are still made before a message is sent to a client.
Fixes bug #1374291.
- When using -v and the broker receives a SIGHUP, verbose logging was being
disabled. This has been fixed.
Client library:
- Fix mutex being incorrectly passed by value. Fixes bug #1373785.
1.3.4 - 20140806
================
Broker:
- Don't ask client for certificate when require_certificate is false.
- Backout incomplete functionality that was incorrectly included in 1.3.2.
1.3.3 - 20140801
================
Broker:
- Fix incorrect handling of anonymous bridges on the local broker.
1.3.2 - 20140713
================
Broker:
- Don't allow access to clients when authenticating if a security plugin
returns an application error. Fixes bug #1340782.
- Ensure that bridges verify certificates by default when using TLS.
- Fix possible crash when using pattern ACLs that do not include a %u and
clients that connect without a username.
- Fix subscriptions being deleted when clients subscribed to a topic beginning
with a $ but that is not $SYS.
- When a durable client reconnects, its queued messages are now checked
against ACLs in case of a change in username/ACL state since it last
connected.
- Fix bug #1324411, which could have had unexpected consequences for delayed
messages in rare circumstances.
- Anonymous clients are no longer accidently disconnected from the broker
after a SIGHUP.
Client library:
- Fix topic matching edge case.
- Fix callback deadlocks after calling mosquitto_disconnect(), when using the
threaded interfaces. Closes bug #1313725.
- Fix SRV support when building with CMake.
- Remove strict protocol #ifdefs.
General:
- Use $(STRIP) for stripping binaries when installing, to allow easier cross
compilation.
1.3.1 - 20140324
================
Broker:
- Prevent possible crash on client reconnect. Closes bug #1294108.
- Don't accept zero length unsubscription strings (MQTT v3.1.1 fix)
- Don't accept QoS 3 (MQTT v3.1.1 fix)
- Don't disconnect clients immediately on HUP to give chance for all data to
be read.
- Reject invalid un/subscriptions e.g. foo/+bar #/bar.
- Take more care not to disconnect clients that are sending large messages.
Client library:
- Fix socketpair code on the Mac.
- Fix compilation for WITH_THREADING=no.
- Break out of select() when calling mosquitto_loop_stop().
- Reject invalid un/subscriptions e.g. foo/+bar #/bar.
- Add mosquitto_threaded_set().
Clients:
- Fix keepalive value on mosquitto_pub.
- Fix possibility of mosquitto_pub not exiting after sending messages when
using -l.
1.3 - 20140316
==============
Broker:
- The broker no longer ignores the auth_plugin_init() return value.
- Accept SSLv2/SSLv3 HELLOs when using TLSv1, whilst keeping SSLv2 and SSLv3
disabled. This increases client compatibility without sacrificing security.
- The $SYS tree can now be disabled at runtime as well as at compile time.
- When remapping bridged topics, only check for matches when the message
direction is correct. This allows two identical topics to be remapped
differently for both in and out.
- Change "$SYS/broker/heap/current size" to "$SYS/broker/heap/current" for
easier parsing.
- Change "$SYS/broker/heap/maximum size" to "$SYS/broker/heap/maximum" for
easier parsing.
- Topics are no longer normalised from e.g a///topic to a/topic. This matches
the behaviour as clarified by the Oasis MQTT spec. This will lead to
unexpected behaviour if you were using topics of this form.
- Log when outgoing messages for a client begin to drop off the end of the
queue.
- Bridge clients are recognised as bridges even after reloading from
persistence.
- Basic support for MQTT v3.1.1. This does not include being able to bridge to
an MQTT v3.1.1 broker.
- Username is displayed in log if present when a client connects.
- Support for 0 length client ids (v3.1.1 only) that result in automatically
generated client ids on the broker (see option allow_zero_length_clientid).
- Ability to set the prefix of automatically generated client ids (see option
auto_id_prefix).
- Add support for TLS session resumption.
- When using TLS, the server now chooses the cipher to use when negotiating
with the client.
- Weak TLS ciphers are now disabled by default.
Client library:
- Fix support for Python 2.6, 3.0, 3.1.
- Add support for un/subscribing to multiple topics at once in un/subscribe().
- Clients now close their socket after sending DISCONNECT.
- Python client now contains its version number.
- C library mosquitto_want_write() now supports TLS clients.
- Fix possible memory leak in C/C++ library when communicating with
a broker that doesn't follow the spec.
- Return strerror() through mosquitto_strerror() to make error printing
easier.
- Topics are no longer normalised from e.g a///topic to a/topic. This matches
the behaviour as clarified by the Oasis MQTT spec. This will lead to
unexpected behaviour if you were using topics of this form.
- Add support for SRV lookups.
- Break out of select() on publish(), subscribe() etc. when using the threaded
interface. Fixes bug #1270062.
- Handle incoming and outgoing messages separately. Fixes bug #1263172.
- Don't terminate threads on mosquitto_destroy() when a client is not using
the threaded interface but does use their own thread. Fixes bug #1291473.
Clients:
- Add --ciphers to allow specifying which TLS ciphers to support.
- Add support for SRV lookups.
- Add -N to sub client to suppress printing of EOL after the payload.
- Add -T to sub client to suppress printing of a topic hierarchy.
1.2.3 - 20131202
================
Broker:
- Don't always attempt to call read() for SSL clients, irrespective of whether
they were ready to read or not. Reduces syscalls significantly.
- Possible memory leak fixes.
- Further fix for bug #1226040: multiple retained messages being delivered for
subscriptions ending in #.
- Fix bridge reconnections when using multiple bridge addresses.
Client library:
- Fix possible memory leak in C/C++ library when communicating with
a broker that doesn't follow the spec.
- Block in Python loop_stop() until all messages are sent, as the
documentation states should happen.
- Fix for asynchronous connections on Windows. Closes bug #1249202.
- Module version is now available in mosquitto.py.
Clients:
- mosquitto_sub now uses fwrite() instead of printf() to output messages, so
messages with NULL characters aren't truncated.
1.2.2 - 20131021
================
Broker:
- Fix compliance with max_inflight_messages when a non-clean session client
reconnects. Closes one of the issues on bug #1237389.
Client library:
- Fix incorrect inflight message accounting, which caused messages to go
unsent. Partial fix for bug #1237351.
- Fix potential memory corruption when sending QoS>0 messages at a high rate
using the threaded interface. Further fix for #1237351.
- Fix incorrect delay scaling when exponential_backoff=true in
mosquitto_reconnect_delay_set().
- Some pep8 fixes for Python.
1.2.1 - 20130918
================
Broker:
- The broker no longer ignores the auth_plugin_init() return value. Closes
bug #1215084.
- Use RTLD_GLOBAL when opening authentication plugins on posix systems. Fixes
resolving of symbols in libraries used by authentication plugins.
- Add/fix some config documentation.
- Fix ACLs for topics with $SYS.
- Clients loaded from the persistence file on startup were not being added to
the client hash, causing subtle problems when the client reconnected,
including ACLs failing. This has been fixed.
- Add note to mosquitto-tls man page stating that certificates need to be
unique. Closes bug #1221285.
- Fix incorrect retained message delivery when using wildcard subs in some
circumstances. Fixes bug #1226040.
Client library:
- Fix support for Python 2.6, 3.0, 3.1.
- Fix TLS subjectAltName verification and segfaults.
- Handle EAGAIN in Python on Windows. Closes bug #1220004.
- Fix compilation when using WITH_TLS=no.
- Don't fail reconnecting in Python when broker is temporarily unavailable.
1.2 - 20130708
==============
Broker:
- Replace O(n) username lookup on CONNECT with a roughly O(1) hashtable version.
- It is now possible to disable $SYS at compile time.
- Add dropped publish messages to load tree in $SYS. Closes bug #1183318.
- Add support for logging SUBSCRIBE/UNSUBSCRIBE events.
- Add "log_dest file" logging support.
- Auth plugin ACL check function now passes the client id as well as username
and password.
- The queue_qos0_messages option wasn't working correctly, this has now been
fixed. Closes bug #1125200.
- Don't drop all messages for disconnected durable clients when
max_queued_messages=0.
- Add support for "log_type all".
- Add support for "-v" option on the command line to provide the equivalent of
"log_type all" without needing a config file.
- Add the "upgrade_outgoing_qos" option, a non-standard feature.
- Persistence data is now written to a temporary file which is atomically
renamed on completion, so a crash during writing will not produce a corrupt
file.
- mosquitto.conf is now installed as mosquitto.conf.example
- Configuration file errors are now reported with filename and line number.
- The broker now uses a monotonic clock if available, to avoid changes in time
causing client disconnections or message retries.
- Clean session and keepalive status are now display the log when a client
connects.
- Add support for TLSv1.2 and TLSv1.1.
- Clients that connect with zero length will topics are now rejected.
- Add the ability to set a maximum allowed PUBLISH payload size.
- Fix an ACL with topic "#" incorrectly granting access to $SYS.
- Fix retained messages incorrectly being set on wildcard topics, leading to
duplicate retained messages being sent on subscription. Closes bug #1116233.
- Don't discard listener values when no "port" option given. Closes bug
#1131406.
- Client password check was always failing when security was being reapplied
after a config reload. This meant that all clients were being disconnected.
This has been fixed.
- Fix build when WITH_TLS=no. Closes bug #1174971.
- Fix single outgoing packets not being sent in a timely fashion if they were
not sent in one call to write(). Closes bug #1176796.
- Fix remapping of messages for clients connected to a listener with
mount_point set. Closes bug #1180765.
- Fix duplicate retained messages being sent for some wildcard patterns.
- If a client connects with a will topic to which they do not have write
access, they are now disconnected with CONNACK "not authorised".
- Fix retained messages on topic foo being incorrectly delivered to
subscriptions of /#
- Fix handling of SSL errors on SSL_accept().
- Fix handling of QoS 2 messages on client reconnect.
- Drop privileges now sets supplementary groups correctly.
- Fix load reporting interval (is now 60s).
- Be strict with malformed PUBLISH packets - clients are now disconnected
rather than the packet discarded. This goes inline with future OASIS spec
changes and makes other changes more straightforward.
- Process incoming messages denied by ACL properly so that clients don't keep
resending them.
- Add support for round_robin bridge option.
- Add bridge support for verifying remote server certificate subject against
the remote hostname.
- Fix problem with out of order calls to free() when restarting a lazy bridge.
- The broker now attempts to resolve bind_address and bridge addresses
immediately when parsing the config file in order to detect invalid hosts.
- Bridges now set their notification state before attempting to connect, so if
they fail to connect the state can still be seen.
- Fix bridge notification payload length - no need to send a null byte.
- mosquitto_passwd utility now reports errors more clearly.
- Fix "mosquitto_passwd -U".
Client library:
- Add support for TLSv1.2 and TLSv1.1, except for on the Python module.
- Add support for verifying remote server certificate subject against the
remote hostname.
- Add mosquitto_reconnect_async() support and make asynchronous connections
truely asynchronous rather than simply deferred. DNS lookups are still
blocking, so asynchronous connections require an IP address instead of
hostname.
- Allow control of reconnection timeouts in mosquitto_loop_forever() and after
mosquitto_loop_start() by using mosquitto_reconnect_delay_set().
- Fix building on Android NDK.
- Re-raise unhandled errors in Python so as not to provide confusing error
messages later on.
- Python module supports IPv6 connections.
- mosquitto_sub_topic_tokenise() was behaving incorrectly if the last topic
hierarchy had only a single character. This has been fixed. Closes bug
#1163348.
- Fix possible crash after disconnects when using the threaded interface with
TLS.
- Allow build/install without Python. Closes bug #1174972.
- Add support for binding connection to a local interface.
- Implement maximum inflight messages handling.
- Fix Python client not handling will_payload==None.
- Fix potential memory leak when setting username/password.
- Fix handling of QoS 2 messages on reconnect.
- Improve handling of mosquitto_disconnect() with threaded mode.
Clients:
- Add support for TLSv1.2 and TLSv1.1.
- Sub client can now suppress printing of messages with the retain bit set.
- Add support for binding connection to a local interface.
- Implement maximum inflight messages handling for the pub client.
1.1.3 - 20130211
================
Broker:
- mosquitto_passwd utility now uses tmpfile() to generate its temporary data
storage file. It also creates a backup file that can be used to recover data
if an errors occur.
Other:
- Build script fixes to help packaging on Debian.
1.1.2 - 20130130
================
Client library:
- Fix tls_cert_reqs not being set to SSL_VERIFY_PEER by default. This meant
that clients were not verifying the server certificate when connecting over
TLS. This affects the C, C++ and Python libraries.
1.1.1 - 20130116
================
Broker:
- Fix crash on reload if using acl patterns.
Client library:
- Fix static C++ functions not being exported on Windows. Fixes bug #1098256.
1.1 - 20121219
==============
Broker:
- Add $SYS/broker/messages/dropped
- Add $SYS/broker/clients/expired
- Replace $SYS/broker/+/per second/+ with moving average versions published at
$SYS/broker/load/#
- Add $SYS/broker/load/sockets/+ and $SYS/broker/load/connections/+
- Documentation on password file format has been fixed.
- Disable SSL compression. This reduces memory usage significantly and removes
the possibility of CRIME type attacks.
- Enable SSL_MODE_RELEASE_BUFFERS mode to reduce SSL memory usage further.
- Add allow_duplicate_messages option.
- ACL files can now have comment lines with # as the first character.
- Display message on startup about which config is being loaded.
- Fix max_inflight_messages and max_queued_messages not being applied.
- Fix documentation error in mosquitto.conf.
- Ensure that QoS 2 queued messages are sent out in a timely manner.
- Local bridges now act on clean_session correctly.
- Local bridges with clean_session==false now remove unused subscriptions on
broker restart.
- The $SYS/broker/heap/# messages now no longer include "bytes" as part of the
string for ease of use.
Client library:
- Free memory used by OpenSSL in mosquitto_lib_cleanup() where possible.
- Change WebSocket subprotocol name to mqttv3.1 to make future changes easier
and for compatibility with other implementations.
- mosquitto_loop_read() and mosquitto_loop_write() now handle errors
themselves rather than having mosquitto_loop() handle their errors. This
makes using them in a separate event loop more straightforward.
- Add mosquitto_loop_forever() / loop_forever() function call to make simple
clients easier.
- Disable SSL compression. This reduces memory usage significantly and removes
the possibility of CRIME type attacks.
- Enable SSL_MODE_RELEASE_BUFFERS mode to reduce SSL memory usage further.
- mosquitto_tls_set() will now return an error or raise an exception
immediately if the CA certificate or client certificate/key cannot be
accessed.
- Fix potential memory leaks on connection failures.
- Don't produce return error from mosquitto_loop() if a system call is
interrupted. This prevents disconnects/reconnects in threaded mode and
simplifies non-threaded client handling.
- Ignore SIGPIPE to prevent unnecessary client quits in threaded mode.
- Fix document error for mosquitto_message_retry_set().
- Fix mosquitto_topic_matches_sub() for subscriptions with + as the final
character. Fixes bug #1085797.
- Rename all "obj" parameters to "userdata" for consistency with other
libraries.
- Reset errno before network read/write to ensure EAGAIN isn't mistakenly
returned.
- The message queue length is now tracked and used to determine the maximum
number of packets to process at once. This removes the need for the
max_packets parameter which is now unused.
- Fix incorrect error value in Python error_string() function. Fixes bug
#1086777.
- Reset last message in/out timer in Python module when we send a PINGREQ.
Fixes too-early disconnects.
Clients:
- Clients now display their own version number and library version number in
their help messages.
- Fix "mosquitto_pub -l -q 2" disconnecting before all messages were
transmitted.
- Fix potential out-of-bounds array access with client ids. Fixes bug
#1083182.
Other:
- mosquitto_passwd can now convert password files with plain text files to
hashed versions.