Bug 2065854
| Summary: | Request to upgrade EPEL 8 mosquitto version to 2.0.x | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | Jos Vos <jos> |
| Component: | mosquitto | Assignee: | Jonathan Wright <jonathan> |
| Status: | NEW --- | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | epel8 | CC: | comsec, dbranchini, emanuele, linville, mail, richmattes |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jos Vos
2022-03-18 21:21:41 UTC
Updating mosquitto to > 2 will most likely break existing installations as there are changes for the listener and the plugin systems. mosquitto 1.6 now has at least 3 new CVEs from August, fixed only in v2 series https://mosquitto.org/security/ It's now crucial to have mosquitto v2 on EPEL8 You can name the package differently, for example mosquitto2, like redhat does with many incompatible releases. This way mosquitto 1.6 will never be updated unintentionally This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component. |