Incoming QoS 2 messages that had not completed the QoS flow were not being
checked for ACL access when a clean session=False client was reconnecting.
Closes#575314.
An MQTT v5 client connecting with a large number of user-property properties
could cause excessive CPU usage, leading to a loss of performance and
possible denial of service. This has been fixed.
If a plugin had granted ACL subscription access to a
durable/non-clean-session client, then removed that access, the client would
keep its existing subscription. This has been fixed.
CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a
malformed CONNACK message to the broker a NULL pointer dereference occurred,
most likely resulting in a segfault. This will be updated with the CVE
number when it is assigned.
Affects versions 2.0.0 to 2.0.9 inclusive.
Closes#2163. Thanks to Bryan Pearson.
This is not specific to authentication, and allows plugins greater flexibility in what events they are interested in. It also adds message handling, and $CONTROL handling.
This adds the ability to separating bridge clean session settings between
the local and remote endpoints. Some broker implmentations refuse to allow
non-clean sessions, as they don't support storing messages to be sent to
the connecting broker. However, this doesn't mean that the local
broker can't be queueing messages to send _out_ to the remote broker.
This PR adds a new bridge connection setting, local_cleansession, that
allows controlling this split. Naming is chosen to be local_ in keeping
with the other local_ settings for bridges.
A test for the six cases of queued/not queued messages in both
directions is added, but v5 testing is currently disabled. The changes
to support the split are ~independent of protocol version.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Fix incoming messages not being removed for a client if the topic being
published to does not have any subscribers.
Closes#1322. Thanks to Yannic Schröder.
* Fix Will message for a persistent client incorrectly being sent when the client reconnects after a clean disconnect.
* Fix Will message for a persistent client not being sent on disconnect.
* Fix mosquitto_pub not using the `-c` option.
Thanks to Yannic Schröder.
Closes#1273.