Description of problem: EPEL 8 contains mosquitto 1.6.15. Please upgrade mosquitto to the next major 2.0.x release. Current release is 2.0.14 (already in Fedora).
Updating mosquitto to > 2 will most likely break existing installations as there are changes for the listener and the plugin systems.
mosquitto 1.6 now has at least 3 new CVEs from August, fixed only in v2 series https://mosquitto.org/security/ It's now crucial to have mosquitto v2 on EPEL8 You can name the package differently, for example mosquitto2, like redhat does with many incompatible releases. This way mosquitto 1.6 will never be updated unintentionally