Release Notes
We will never stop improving Eclipse Mosquitto. Stay up to date with our release notes.
If you have found any bugs or have feature requests, please submit these here.
Mosquitto MQTT Broker & MMC 2.6
Features
Client certificate authority management: The MMC is now able to store client certificate authorities and deploy them on all connected broker supporting the respective MQTT API endpoints. This allows the MMC to be the central unit around uploading and organizing client certificate authorities. This is the first step forward on supporting UI support for client certificate management. This feature will be further expanded in a future release.
Client Inspect: We have extended the client inspect plugin information. Now it is possible to check queue sizes (only important for QoS 1 & 2) and directly disconnect a client via the UI.
HA Cluster: Added new mode. The new Dynamic Security Synchronisation Cluster Mode provides a different type of HA cluster that synchronises the Dynamic Security authentication and authorisation settings throughout the cluster. Each node in the cluster is active and available for clients to connect to, but there is no inter-node MQTT communication.
Changes
General UI changes: The whole MMC has gotten a face-lift. All pages have been reworked to fit in the new UI.
Sidebar: The sidebar was rearranged to visually separate broker specific and global options. Broker specific pages can be found on the top and other are can be found at the bottom of the navigation bar.
Status Page: Is now called "Home" and went through a face-lift. A chart was added showing the currently connected clients and the maximum allowed client connections.
Breaking: Changed the "themes" structure in the config.json of the Management Center.
Bug Fixes
How to Upgrade
Configuration changes for version 2.6.0: docker-compose.yml:
- Image reference for Mosquitto: "registry.cedalo.com/mosquitto/mosquitto:2.6"
- Image reference for MMC: "registry.cedalo.com/mosquitto/management-center:2.6"
- Additional MMC environment variables: CEDALO_MC_PROXY_CONFIG_CERTS: path-to-mmc-config-folder/certs.db mosquitt/config/mosquitto.conf:
- plugin path-to-library-folder/cedalo_certificate_management.so
management-center/config/config.json:
- Additional plugins: "cert-management" & "client-control"
- Themes update
Migration from 2.5 to 2.6:
When migrating by replacing the 2.5 setup with a 2.6 setup the following steps need to be done:
- Stop the current running 2.5 installation
- Replace the following files from the current 2.5 setup in the new setup:
- All files from the “config” folder in "management-center"
- IMPORTANT: Before overwriting the 2.6 “config” folder make a copy of the existing “config.json” file. The “theme” and “plugins” parts from the new config.json need to be transferred to the old “config.json”. Some changes in this file are required in the new version. Using the old file and updating it, ensures that your current configurations are mirgated, while ensuring the configuration works.
- The complete "data" folder from the "mosquitto" folder
- All files from the “config” folder in "management-center"
- Start new setup
Mosquitto MQTT Broker 2.0
Broker features:
New plugin interface which is more flexible, easier to develop for and easier to extend.
New dynamic security plugin, which allows clients, groups, and roles to be defined and updated as the broker is running.
Performance improvements, particularly for higher numbers of clients.
When running as root, if dropping privileges to the "mosquitto" user fails, then try "nobody" instead. This reduces the burden on users installing Mosquitto themselves.
Add support for Unix domain socket listeners.
Add
bridge_outgoing_retain
option, to allow outgoing messages from a bridge to have the retain bit completely disabled, which is useful when bridging to e.g. Amazon or Google.Add support for MQTT v5 bridges to handle the "retain-available" property being false.
Allow MQTT v5.0 outgoing bridges to fall back to MQTT v3.1.1 if connecting to a v3.x only broker.
DLT logging is now configurable at runtime with
log_dest
dlt. Closes #1735.Add
mosquitto_plugin_publish()
function, which can be used by plugins to publish messages.Add
mosquitto_client_protocol_version()
function which can be used by plugins to determine which version of MQTT a client has connected with.Add
mosquitto_kick_client_by_clientid()
andmosquitto_kick_client_by_username()
functions, which can be used by plugins to disconnect clients.Add support for handling
$CONTROL/
topics in plugins.Add support for
PBKDF2-SHA512
password hashing.Enabling certificate based TLS encryption is now through
certfile
andkeyfile
, notcapath
orcafile
.Added support for controlling
UNSUBSCRIBE
calls in v5 plugin ACL checks.Add "deny" acl type. Closes #1611.
The broker now sends the receive-maximum property for MQTT v5 CONNACKs.
Add the
bridge_max_packet_size
option. Closes #265.Add the
bridge_bind_address
option. Closes #1311.TLS certificates for the server are now reloaded on
SIGHUP
.Default for
max_queued_messages
has been changed to 1000.Add
ciphers_tls1.3
option, to allow setting TLS v1.3 ciphersuites. Closes #1825.Bridges now obey MQTT v5
server-keepalive
.Add bridge support for the MQTT v5
maximum-qos
property.Log client port on new connections. Closes #1911.
Broker fixes:
Send
DISCONNECT
withmalformed-packet
reason code on invalidPUBLISH
,SUBSCRIBE
, andUNSUBSCRIBE
packets.Document that
X509_free()
must be called after usingmosquitto_client_certificate()
. Closes #1842.Fix listener not being reassociated with client when reloading a persistence file and
per_listener_settings
true is set and the client did not set a username. Closes #1891.Fix bridge sock not being removed from sock hash on error. Closes #1897.
mosquitto_password
now forbids the:
character. Closes #1833.Fix
log_timestamp_format
not applying tolog_dest
topic. Closes #1862.Fix crash on Windows if loading a plugin fails. Closes #1866.
Fix file logging on Windows. Closes #1880.
Report an error if the config file is set to a directory. Closes #1814.
Fix bridges incorrectly setting Wills to manage remote notifications when
notifications_local_only
was set true. Closes #1902.