mosquitto/www/pages/security.md

<!--
.. title: Security
.. slug: security
.. date: 2018-02-07 10:52:50 UTC
.. tags:
.. category:
.. link:
.. description:
.. type: text
-->

# Reporting security vulnerabilities

If you think you have found a security vulnerability in Mosquitto, please
follow the steps on [Eclipse Security] page to report it.

# Past vulnerabilities

Listed with most recent first. Further information on security related issues
can be found in the [security category].

* February 2018: [CVE-2017-7651] affecting versions **0.15** to **1.4.14**
  inclusive, fixed in **1.4.15**. More details at
  [security-advisory-cve-2017-7651-cve-2017-7652].
* February 2018: [CVE-2017-7652] affecting versions **1.0** to **1.4.14**
  inclusive, fixed in **1.4.15**. More details at
  [security-advisory-cve-2017-7651-cve-2017-7652].
* June 2017: [CVE-2017-9868] affecting versions **0.15** to **1.4.12**
  inclusive, fixed in **1.4.13**. More details at
  [security-advisory-cve-2017-9868].
* May 2017: [CVE-2017-7650] affecting versions **0.15** to **1.4.11**
  inclusive, fixed in **1.4.12**. More details at
  [security-advisory-cve-2017-7650].


[security-advisory-cve-2017-7651-cve-2017-7652]: /2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
[CVE-2017-7651]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7651
[CVE-2017-7652]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652
[Eclipse Security]: https://www.eclipse.org/security/
[CVE-2017-7650]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7650
[security-advisory-cve-2017-7650]: /2017/05/security-advisory-cve-2017-7650/
[CVE-2017-9868]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9868
[security-advisory-cve-2017-9868]: /2017/06/security-advisory-cve-2017-9868/
[security category]: /blog/categories/security/
Add website. 2018-08-08 21:43:14 +00:00			`<!--`
			`.. title: Security`
			`.. slug: security`
			`.. date: 2018-02-07 10:52:50 UTC`
			`.. tags:`
			`.. category:`
			`.. link:`
			`.. description:`
			`.. type: text`
			`-->`

			`# Reporting security vulnerabilities`

			`If you think you have found a security vulnerability in Mosquitto, please`
			`follow the steps on [Eclipse Security] page to report it.`

			`# Past vulnerabilities`

			`Listed with most recent first. Further information on security related issues`
			`can be found in the [security category].`

			`* February 2018: [CVE-2017-7651] affecting versions 0.15 to 1.4.14`
			`inclusive, fixed in 1.4.15. More details at`
			`[security-advisory-cve-2017-7651-cve-2017-7652].`
			`* February 2018: [CVE-2017-7652] affecting versions 1.0 to 1.4.14`
			`inclusive, fixed in 1.4.15. More details at`
			`[security-advisory-cve-2017-7651-cve-2017-7652].`
			`* June 2017: [CVE-2017-9868] affecting versions 0.15 to 1.4.12`
			`inclusive, fixed in 1.4.13. More details at`
			`[security-advisory-cve-2017-9868].`
			`* May 2017: [CVE-2017-7650] affecting versions 0.15 to 1.4.11`
			`inclusive, fixed in 1.4.12. More details at`
			`[security-advisory-cve-2017-7650].`


			`[security-advisory-cve-2017-7651-cve-2017-7652]: /2018/02/security-advisory-cve-2017-7651-cve-2017-7652/`
			`[CVE-2017-7651]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7651`
			`[CVE-2017-7652]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652`
			`[Eclipse Security]: https://www.eclipse.org/security/`
			`[CVE-2017-7650]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7650`
			`[security-advisory-cve-2017-7650]: /2017/05/security-advisory-cve-2017-7650/`
			`[CVE-2017-9868]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9868`
			`[security-advisory-cve-2017-9868]: /2017/06/security-advisory-cve-2017-9868/`
			`[security category]: /blog/categories/security/`