1.6.7

Broker:

• Add workaround for working with libwebsockets 3.2.0.
• Fix potential crash when reloading config.

Client library:

• Don't use / in autogenerated client ids, to avoid confusing with topics.
• Fix mosquitto_max_inflight_messages_set() and mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...) behaviour.
• Fix regression on use of mosquitto_connect_async() not working.

Clients:

• mosquitto_sub: Fix -E incorrectly not working unless -d was also specified.
• Updated documentation around automatic client ids.

1.6.6

Security: * CVE-2019-11779 * Restrict topic hierarchy to 200 levels to prevent possible stack overflow.

Broker:

• Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
• mosquitto_passwd now returns 1 when attempting to update a user that does not exist.

1.6.5

Broker:

• Fix v5 DISCONNECT packets with remaining length == 2 being treated as a protocol error.
• Fix support for libwebsockets 3.x.
• Fix slow websockets performance when sending large messages.
• Fix bridges potentially not connecting on Windows.
• Fix clients authorised using use_identity_as_username or use_subject_as_username being disconnected on SIGHUP.
• Improve error messages in some situations when clients disconnect. Reduces the number of "Socket error on client X, disconnecting" messages.
• Fix Will for v5 clients not being sent if will delay interval was greater than the session expiry interval.
• Fix CRL file not being reloaded on HUP.
• Fix repeated "Error in poll" messages on Windows when only websockets listeners are defined.

Client library:

• Fix reconnect backoff for the situation where connections are dropped rather than refused.
• Fix missing locks on mosq->state.

Documentation:

• Improve details on global/per listener options in the mosquitto.conf man page.
• Clarify behaviour when clients exceed the message_size_limit.
• Improve documentation for max_inflight_bytes, max_inflight_messages, and max_queued_messages.