- Update to version 2.0.10
Security:
* CVE-2021-28166: If an authenticated client connected with
MQTT v5 sent a malformed CONNACK message to the broker a NULL
pointer dereference occurred, most likely resulting in a
segfault. This will be updated with the CVE number when it is
assigned.
Affects versions 2.0.0 to 2.0.9 inclusive.
Broker:
* Don't over write new receive-maximum if a v5 client connects
and takes over an old session.
* Fix CVE-2021-28166. Closes #2163.
Clients:
* Set `receive-maximum` to not exceed the `-C` message count in
mosquitto_sub and mosquitto_rr, to avoid potentially lost
messages.
* Fix TLS-PSK mode not working with port 8883.
Client library:
* Fix possible socket leak. This would occur if a client was
using `mosquitto_loop_start()`, then if the connection failed
due to the remote server being inaccessible they called
`mosquitto_loop_stop(, true)` and recreated the mosquitto
object.
Build:
* A variety of minor build related fixes, like functions not
having previous declarations.