|
|
|
|
@ -29,7 +29,7 @@ Clients:
|
|
|
|
|
==================
|
|
|
|
|
|
|
|
|
|
Security:
|
|
|
|
|
- CVE-2021-23980: If an authenticated client connected with MQTT v5 sent a
|
|
|
|
|
- CVE-2021-28166: If an authenticated client connected with MQTT v5 sent a
|
|
|
|
|
malformed CONNACK message to the broker a NULL pointer dereference occurred,
|
|
|
|
|
most likely resulting in a segfault.
|
|
|
|
|
Affects versions 2.0.0 to 2.0.9 inclusive.
|
|
|
|
|
@ -37,7 +37,7 @@ Security:
|
|
|
|
|
Broker:
|
|
|
|
|
- Don't over write new receive-maximum if a v5 client connects and takes over
|
|
|
|
|
an old session. Closes #2134.
|
|
|
|
|
- Fix CVE-xxxx-xxxx. Closes #2163.
|
|
|
|
|
- Fix CVE-2021-28166. Closes #2163.
|
|
|
|
|
|
|
|
|
|
Clients:
|
|
|
|
|
- Set `receive-maximum` to not exceed the `-C` message count in mosquitto_sub
|
|
|
|
|
@ -1251,8 +1251,8 @@ Build:
|
|
|
|
|
==============
|
|
|
|
|
|
|
|
|
|
Security:
|
|
|
|
|
- Fix memory leak that could be caused by a malicious CONNECT packet. This
|
|
|
|
|
does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker)
|
|
|
|
|
- Fix memory leak that could be caused by a malicious CONNECT packet.
|
|
|
|
|
CVE-2017-7654. Closes #533493 (on Eclipse bugtracker)
|
|
|
|
|
|
|
|
|
|
Broker features:
|
|
|
|
|
- Add per_listener_settings to allow authentication and access control to be
|
|
|
|
|
|
Roger A. Light
4 years ago