Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
镜像
Eclipse Foundation
Eclipse Mosquitto
提交
1ed275b1
E
Eclipse Mosquitto
项目概览
镜像
/
Eclipse Foundation
/
Eclipse Mosquitto
大约 1 年 前同步成功
通知
36
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
E
Eclipse Mosquitto
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
1ed275b1
编写于
8月 24, 2023
作者:
R
Roger A. Light
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Version 2.0.17 and below post
上级
f762a3fd
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
108 addition
and
0 deletion
+108
-0
www/posts/2023/08/version-2-0-16-released.md
www/posts/2023/08/version-2-0-16-released.md
+84
-0
www/posts/2023/08/version-2-0-17-released.md
www/posts/2023/08/version-2-0-17-released.md
+24
-0
未找到文件。
www/posts/2023/08/version-2-0-16-released.md
0 → 100644
浏览文件 @
1ed275b1
<!--
.. title: Version 2.0.16 released.
.. slug: version-2-0-16-released
.. date: 2023-08-16 12:57:38 UTC+1
.. tags: Releases
.. category:
.. link:
.. description:
.. type: text
-->
Version 2.0.16 of Mosquitto has been released. This is a security
and bugfix release.
# Security
-
[CVE-2023-28366]: Fix memory leak in broker when clients send multiple QoS 2
messages with the same message ID, but then never respond to the PUBREC
commands.
-
[CVE-2023-0809]: Fix excessive memory being allocated based on malicious
initial packets that are not CONNECT packets.
-
[CVE-2023-3592]: Fix memory leak when clients send v5 CONNECT packets with a
will message that contains invalid property types.
-
Broker will now reject Will messages that attempt to publish to $CONTROL/.
-
Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.
-
Fix potential crash when loading invalid persistence file.
-
Library will no longer allow single level wildcard certificates, e.g.
*
.com
# Broker
-
Fix $SYS messages being expired after 60 seconds and hence unchanged values
disappearing.
-
Fix some retained topic memory not being cleared immediately after used.
-
Fix error handling related to the
`bind_interface`
option.
-
Fix std
*
files not being redirected when daemonising, when built with
assertions removed. Closes [#2708].
-
Fix default settings incorrectly allowing TLS v1.1. Closes [#2722].
-
Use line buffered mode for stdout. Closes #2354. Closes [#2749].
-
Fix bridges with non-matching cleansession/local_cleansession being expired
on start after restoring from persistence. Closes [#2634].
-
Fix connections being limited to 2048 on Windows. The limit is now 8192,
where supported. Closes [#2732].
-
Broker will log warnings if sensitive files are world readable/writable, or
if the owner/group is not the same as the user/group the broker is running
as. In future versions the broker will refuse to open these files.
-
mosquitto_memcmp_const is now more constant time.
-
Only register with DLT if DLT logging is enabled.
-
Fix any possible case where a json string might be incorrectly loaded. This
could have caused a crash if a textname or textdescription field of a role was
not a string, when loading the dynsec config from file only.
-
Dynsec plugin will not allow duplicate clients/groups/roles when loading
config from file, which matches the behaviour for when creating them.
-
Fix heap overflow when reading corrupt config with "log_dest file".
# Client library
-
Use CLOCK_BOOTTIME when available, to keep track of time. This solves the
problem of the client OS sleeping and the client hence not being able to
calculate the actual time for keepalive purposes. Closes [#2760].
-
Fix default settings incorrectly allowing TLS v1.1. Closes [#2722].
-
Fix high CPU use on slow TLS connect. Closes [#2794].
# Clients
-
Fix incorrect topic-alias property value in mosquitto_sub json output.
-
Fix confusing message on TLS certificate verification. Closes [#2746].
# Apps
-
mosquitto_passwd uses mkstemp() for backup files.
-
`mosquitto_ctrl dynsec init`
will refuse to overwrite an existing file,
without a race-condition.
[
CVE-2023-0809
]:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0809
[
CVE-2023-28366
]:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27366
[
CVE-2023-3592
]:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3592
[
#2354
]:
https://github.com/eclipse/mosquitto/issues/2354
[
#2634
]:
https://github.com/eclipse/mosquitto/issues/2634
[
#2708
]:
https://github.com/eclipse/mosquitto/issues/2708
[
#2722
]:
https://github.com/eclipse/mosquitto/issues/2722
[
#2722
]:
https://github.com/eclipse/mosquitto/issues/2722
[
#2732
]:
https://github.com/eclipse/mosquitto/issues/2732
[
#2746
]:
https://github.com/eclipse/mosquitto/issues/2746
[
#2749
]:
https://github.com/eclipse/mosquitto/issues/2749
[
#2760
]:
https://github.com/eclipse/mosquitto/issues/2760
[
#2794
]:
https://github.com/eclipse/mosquitto/issues/2794
[
#1488
]:
https://github.com/eclipse/mosquitto/issues/1488
www/posts/2023/08/version-2-0-17-released.md
0 → 100644
浏览文件 @
1ed275b1
<!--
.. title: Version 2.0.16 released.
.. slug: version-2-0-16-released
.. date: 2023-08-16 12:57:38 UTC+1
.. tags: Releases
.. category:
.. link:
.. description:
.. type: text
-->
Version 2.0.16 of Mosquitto has been released. This is a bugfix release.
Broker:
-
Fix
`max_queued_messages 0`
stopping clients from receiving messages.
Closes [#2879].
-
Fix
`max_inflight_messages`
not being set correctly. Closes [#2876].
Apps:
-
Fix
`mosquitto_passwd -U`
backup file creation. Closes [#2873].
[
#2873
]:
https://github.com/eclipse/mosquitto/issues/2873
[
#2876
]:
https://github.com/eclipse/mosquitto/issues/2876
[
#2879
]:
https://github.com/eclipse/mosquitto/issues/2879
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录