Mosquitto 1.6.12 and 1.5.10 have been released.
Security
- In some circumstances, Mosquitto could leak memory when handling PUBLISH
messages. This is limited to incoming QoS 2 messages, and is related
to the combination of the broker having persistence enabled, a clean
session=false client, which was connected prior to the broker restarting,
then has reconnected and has now sent messages at a sufficiently high rate
that the incoming queue at the broker has filled up and hence messages are
being dropped. This is more likely to have an effect where
max_queued_messagesis a small value. This has now been fixed. Closes #1793.
The following fixes apply to 1.6.12 only.
Broker
- Build warning fixes when building with
WITH_BRIDGE=noandWITH_TLS=no.
Clients
- All clients exit with an error exit code on CONNACK failure. Closes #1778.
- Don't busy loop with
mosquitto_pub -lon a slow connection.