This is a security bugfix release. Any users of the mount_point feature are strongly advised to upgrade because versions prior to 1.4.8 allow clients to inject messages outside of their mount_point through the use of a Will.

Broker

  • Wills published by clients connected to a listener with mount_point defined now correctly obey the mount point. This was a potential security risk because it allowed clients to publish messages outside of their restricted mount point. This is only affects brokers where the mount_point option is in use. Closes #487178.
  • Fix detection of broken connections on Windows. Closes #485143.
  • Close stdin etc. when daemonised. Closes #485589.
  • Fix incorrect detection of FreeBSD and OpenBSD. Closes #485131.

Client library

  • mosq->want_write should be cleared immediately before a call to SSL_write, to allow clients using mosquitto_want_write() to get accurate results.

Comments

Comments powered by Disqus