Fixes for the following CVES:

• CVE-2018-12546
• CVE-2018-12550
• CVE-2018-12551

The list of other fixes addressed in version 1.5.6 is: Broker:

• Fixed comment handling for config options that have optional arguments.
• Improved documentation around bridge topic remapping.
• Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly.
• Fix spaces not being allowed in the bridge remote_username option. Closes #1131.
• Allow broker to always restart on Windows when using log_dest file. Closes #1080.
• Fix Will not being sent for Websockets clients. Closes #1143.
• Windows: Fix possible crash when client disconnects. Closes #1137.
• Fixed durable clients being unable to receive messages when offline, when per_listener_settings was set to true. Closes #1081.
• Add log message for the case where a client is disconnected for sending a topic with invalid UTF-8. Closes #1144.

Library:

• Fix TLS connections not working over SOCKS.
• Don't clear SSL context when TLS connection is closed, meaning if a user provided an external SSL_CTX they have less chance of leaking references.