FlashMQ 1.26.1 released

FlashMQ 1.26.1 is bug-fix release:

Security fixes

  • Fix division by zero crash in deferred retained message setting. This requires two config options to be set to non-default values: set_retained_message_defer_timeout_spread to zero and set_retained_message_defer_timeout to non-zero.

General fixes

  • Check for invalid ‘receive max’, QoS, ‘retain available’, ‘shared subscription available’ and ‘max packet size’ values in CONNACK packets (like non-binary booleans or zero-values as maximums). When encountered, they constitute protocol errors and the client is disconnected. Being in CONNACK, this means it applied only to bridges to other servers.
  • Check for invalid reason codes in PUBREC packets. This fixes protocol compliance by causing a disconnect, but doesn’t change any behavior.
  • Fix increasing QoS quota on receiving a PUBACK, PUBREC or PUBCUMP with message ID that is not in transit.
  • Fix checking MQTT5 property lengths not exceeding property sub-container. This fixes protocol compliance, but there was no integrity or security bug.
  • Added various thread-safety checks to prevent future bugs.
You Might Also Like