d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update security page

Browse Source
This commit is contained in:
Roger A. Light 2023-10-06 16:20:43 +01:00
parent b9a842a394
commit 15292b20b0
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
www/pages/security.md
View File

@ -19,7 +19,13 @@ follow the steps on [Eclipse Security] page to report it.
Listed with most recent first. Further information on security related issues Listed with most recent first. Further information on security related issues
can be found in the [security category]. can be found in the [security category].
* June 2023: [CVE-2023-28366]: Clients sending unacknowledged QoS 2 messages * August 2023: [CVE-2023-0809]: Fix excessive memory being allocated based on
malicious initial packets that are not CONNECT packets. Affecting versions
**1.5.0** to **2.0.15**. Fixed in **2.0.16**.
* August 2023: [CVE-2023-3592]: Fix memory leak when clients send v5 CONNECT
packets with a will message that contains invalid property types. Affecting
version **1.6.0** to **2.0.15** Fixed in **2.0.16**.
* August 2023: [CVE-2023-28366]: Clients sending unacknowledged QoS 2 messages
with duplicate message ids cause a memory leak. Affecting versions **1.3.2** with duplicate message ids cause a memory leak. Affecting versions **1.3.2**
to **2.0.15** inclusive, fixed in **2.0.16**. to **2.0.15** inclusive, fixed in **2.0.16**.
* August 2022: Deleting the anonymous group in the dynamic security plugin * August 2022: Deleting the anonymous group in the dynamic security plugin