Update mosquitto to version 2.0.21 (#2466)

2025-05-12 19:30:42 +02:00 · 2025-04-01 16:18:37 +02:00 · 2025-04-01 16:18:37 +02:00 · b87ac99168
commit b87ac99168
parent 995a1fc4b5
2 changed files with 20 additions and 4 deletions
--- a/mosquitto/docker-compose.yml
+++ b/mosquitto/docker-compose.yml
@ -6,7 +6,7 @@ services:
      APP_PORT: 9001

  broker:
-    image: eclipse-mosquitto:2.0.20@sha256:8b396cec28cd5e8e1a3aba1d9abdbddd42c454c80f703e77c1bec56e152fa54e
+    image: eclipse-mosquitto:2.0.21@sha256:94f5a3d7deafa59fa3440d227ddad558f59d293c612138de841eec61bfa4d353
    restart: on-failure
    ports:
      - '1883:1883'
--- a/mosquitto/umbrel-app.yml
+++ b/mosquitto/umbrel-app.yml
@ -3,7 +3,7 @@ id: mosquitto
 name: Mosquitto
 tagline: An open source MQTT broker
 category: automation
-version: "2.0.20"
+version: "2.0.21"
 port: 9021
 description: >-
  Eclipse Mosquitto is an open source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 5.0, 3.1.1 and 3.1. Mosquitto is lightweight and is suitable for use on all devices from low power single board computers to full servers.
@ -23,7 +23,23 @@ gallery:
  - 1.jpg
  - 2.jpg
  - 3.jpg
-releaseNotes: ""
+releaseNotes: >-
+  ⚠️ Important security update that fixes vulnerabilities
+
+
+  This update includes several bug fixes and improvements:
+    - Fixed memory leak on malicious SUBSCRIBE and patched a CVE
+    - Improved handling of invalid or reserved packets
+    - Fixed issues with IPv6 interface binding and anonymous access settings
+    - Added option to expire unused retained messages from memory
+    - Improved error handling for SSL config file combinations
+    - Fixed client deadlock when using certain flags
+    - Enabled client ID setting in mosquitto_ctrl dynsec
+    - Added timezone data to Docker images
+    - Fixed SSL-related test failures under load
+
+
+  Full release notes can be found at https://mosquitto.org/blog/
 dependencies: []
 path: ""
-defaultUsername: ""
+defaultUsername: ""