- Fix clients being disconnected when ACLs are in use. This only affects the case where a client connects using a username, and the anonymous ACL list is defined but specific user ACLs are not defined. Closes #1162.
- Make error messages for missing config file clearer.
- Fix some Coverity Scan reported errors that could occur when the broker was already failing to start.
- Fix broken mosquitto_passwd on FreeBSD. Closes #1032.
- Fix delayed bridge local subscriptions causing missing messages. Closes #1174.
- Use higher resolution timer for random initialisation of client id generation. Closes #1177.
- Fix some Coverity Scan reported errors that could occur when the library was already quitting.
Update to new upstream version 1.5.7
Fixes for the following CVES:
The list of other fixes addressed in version 1.5.6 is:
- Fixed comment handling for config options that have optional arguments.
- Improved documentation around bridge topic remapping.
- Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly.
- Fix spaces not being allowed in the bridge remote_username option. Closes #1131.
- Allow broker to always restart on Windows when using log_dest file. Closes #1080.
- Fix Will not being sent for Websockets clients. Closes #1143.
- Windows: Fix possible crash when client disconnects. Closes #1137.
- Fixed durable clients being unable to receive messages when offline, when per_listener_settings was set to true. Closes #1081.
- Add log message for the case where a client is disconnected for sending a topic with invalid UTF-8. Closes #1144.
- Fix TLS connections not working over SOCKS.
- Don't clear SSL context when TLS connection is closed, meaning if a user provided an external SSL_CTX they have less chance of leaking references.