- Build with support for tcp-wrapper (-DUSE_LIBWRAP=ON)
- Update to version 2.0.9
Security:
* If an empty or invalid CA file was provided to the client
library for verifying the remote broker, then the initialx
connection would fail but subsequent connections would succeed
without verifying the remote broker certificate.
* If an empty or invalid CA file was provided to the broker for
verifying the remote broker for an outgoing bridge connection
then the initial connection would fail but subsequent
connections would succeed without verifying the
remote broker certificate.
Broker:
* Fix encrypted bridge connections incorrectly connecting when
`bridge_cafile` is empty or invalid.
* Fix `tls_version` behaviour not matching documentation. It was
setting the exact TLS version to use, not the minimium TLS
version to use.
* Fix messages to `$` prefixed topics being rejected.
* Fix QoS 0 messages not being delivered when max_queued_bytes
was configured.
* Fix bridge increasing backoff calculation.
* Improve handling of invalid combinations of listener address
and bind interface configurations.
* Fix `max_keepalive` option not applying to clients connecting
with keepalive set to 0.
Client library:
* Fix encrypted connections incorrectly connecting when the CA
file passed to `mosquitto_tls_set()` is empty or invalid.
* Fix connections retrying very rapidly in some situations.