3.7 KiB
3.7 KiB
Reporting security vulnerabilities
If you think you have found a security vulnerability in Mosquitto, please follow the steps on Eclipse Security page to report it.
Past vulnerabilities
Listed with most recent first. Further information on security related issues can be found in the security category.
- September 2019: CVE-2019-11779. Affecting versions 1.5 to 1.6.5 inclusive, fixed in 1.6.6 and 1.5.9. More details at version-166-released.
- September 2019: CVE-2019-11778. Affecting versions 1.6 to 1.6.4 inclusive, fixed in 1.6.5. More details at version-166-released.
- April 2019: No CVE assigned. Affecting versions 1.6 and 1.6.1, fixed in 1.6.2. More details at version-162-released.
- December 2018: CVE-2018-20145. Affecting versions 1.5 to 1.5.4 inclusive, fixed in 1.5.5.. More details at version-155-released.
- November 2018: No CVE assigned. Affecting versions 1.4 to 1.5.3 inclusive, fixed in 1.5.4. More details at version-154-released.
- September 2018: CVE-2018-12543 affecting versions 1.5 to 1.5.2 inclusive, fixed in 1.5.3.
- April 2018: CVE-2017-7655 affecting versions 1.0 to 1.4.15 inclusive, fixed in 1.5.
- April 2018: CVE-2017-7654 affecting versions 1.0 to 1.4.15 inclusive, fixed in 1.5. [security-advisory-cve-2017-7653-cve-2017-7654].
- April 2018: CVE-2017-7653 affecting versions 1.0 to 1.4.15 inclusive, fixed in 1.5.
- February 2018: CVE-2017-7651 affecting versions 0.15 to 1.4.14 inclusive, fixed in 1.4.15. More details at security-advisory-cve-2017-7651-cve-2017-7652.
- February 2018: CVE-2017-7652 affecting versions 1.0 to 1.4.14 inclusive, fixed in 1.4.15. More details at security-advisory-cve-2017-7651-cve-2017-7652.
- June 2017: CVE-2017-9868 affecting versions 0.15 to 1.4.12 inclusive, fixed in 1.4.13. More details at security-advisory-cve-2017-9868.
- May 2017: CVE-2017-7650 affecting versions 0.15 to 1.4.11 inclusive, fixed in 1.4.12. More details at security-advisory-cve-2017-7650.