2065854 – Request to upgrade EPEL 8 mosquitto version to 2.0.x

Bug 2065854 - Request to upgrade EPEL 8 mosquitto version to 2.0.x

Summary: Request to upgrade EPEL 8 mosquitto version to 2.0.x

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	mosquitto
Sub Component:
Version:	epel8
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Rich Mattes
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-03-18 21:21 UTC by Jos Vos
Modified:	2023-10-24 18:45 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Jos Vos 2022-03-18 21:21:41 UTC

Description of problem:

EPEL 8 contains mosquitto 1.6.15.  Please upgrade mosquitto to the next major 2.0.x release.  Current release is 2.0.14 (already in Fedora).

Comment 1 Fabian Affolter 2022-04-06 15:24:53 UTC

Updating mosquitto to > 2 will most likely break existing installations as there are changes for the listener and the plugin systems.

Comment 2 comsec 2023-10-24 18:45:55 UTC

mosquitto 1.6 now has at least 3 new CVEs from August, fixed only in v2 series

https://mosquitto.org/security/

It's now crucial to have mosquitto v2 on EPEL8

You can name the package differently, for example mosquitto2, like redhat does with many incompatible releases.

This way mosquitto 1.6 will never be updated unintentionally

Note You need to log in before you can comment on or make changes to this bug.