NanoMQ 0.24.13 is out. This is the last formal version of 0.24. Since NanoMQ has been widely used in production robotics and vehicles, We are focusing on safety & security hardening, introducing openFuzz & ClusterFuzz to routine workflow.
Following is the full release blog written by Gemini. I am honest, will not take AI' work ^_^
Hello community! NanoMQ 0.24.13 is officially released! 🎉
This update (including the underlying NanoNNG library) brings the highly anticipated MQTT bridge anti-loop feature (supporting Mosquitto's try_private mechanism). It also includes significant enhancements and bug fixes regarding security (introducing Fuzzing tests), core protocol stack stability, and memory safety.
Here are the detailed release notes:
🌟 Highlights
- New MQTT v3.1.1 Bridge Anti-Loop Option (no_local_v4) When bridging NanoMQ with brokers like Mosquitto, message loop (echo) issues can frequently occur. In this release, we introduced the no_local_v4 (equivalent to Mosquitto's try_private) option in the bridge configuration.
How it works: When this configuration is enabled, NanoMQ will set the highest bit (Bridge Bit) of the protocol version number to 1 in the MQTT v3.1.1 CONNECT packet (sending 0x84 instead of the standard 0x04). This allows the remote broker to recognize it as a bridge connection and cooperate using native No Local mechanisms to prevent message loops.
Use case: Greatly simplifies routing configurations when integrating NanoMQ with third-party legacy MQTT brokers, effectively avoiding broadcast storms.
- Comprehensive Security Upgrades & Fuzzing Tests To build a rock-solid edge messaging bus, we have significantly enhanced our security and automated fuzzing capabilities:
OSS-Fuzz & ClusterFuzzLite Integration: Introduced advanced Fuzzing support, specifically adding a Fuzzer for MQTT PUBLISH packets to proactively discover potential memory and parsing vulnerabilities.
Clarified NanoMQ's CVE vulnerability reporting policy and guidelines (Updated SECURITY.md).
🐛 Bug Fixes & Stability Improvements We addressed several critical issues reported by the community in this iteration, covering topic routing, protocol parsing, and underlying network scheduling:
Protocol & Routing:
Topic Alias: Fixed two protocol violations in MQTT topic alias handling.
Will Message: Fixed an issue where encoding Will messages failed for MQTT V5.
Retain Message: Fixed the missing pipe_id in retain messages, and a bug where the retain flag was not properly reset for MQTT V3.1/V3.1.1.
Special Topic Subscriptions: Fixed the routing search logic for system/reserved topics starting with $.
Underlying Network & Session State (NanoNNG):
Fixed a send AIO error on macOS caused by handling no_local messages.
Fixed an abnormal keepalive mechanism in the underlying nmq_mqtt client.
Fixed regression bugs caused by context loss from AI-assisted coding.
Fixed a potential message stall issue caused by underlying packet accumulation.
Fixed nng action execution exceptions on the Windows platform.
Memory & Database:
Fixed an out-of-bounds read vulnerability in mqtt_parser, and optimized/consolidated the get_utf8_str parsing performance.
Fixed a bug in the SQLite QoS database where unused message entities were not properly removed.
⚙️ Build, Dependencies & CI/CD Updates Upgraded numerous GitHub Actions dependencies via Dependabot (including docker/build-push-action, actions/setup-node, codecov, etc.) to improve pipeline security and build speed.
Bumped the internal JWT authentication library l8w8jwt.
Introduced unit tests automatically generated by CodeRabbit AI to further improve code coverage.
Added a regression validation script for Issue #2246 in integration tests.
👏 Thank You to Our Contributors! The progress of open-source projects relies on the dedication of every community member. A special thank you to the developers making their first code contributions to this release:
@saberrg (for adding OSS-Fuzz integration and the PUBLISH fuzzer)
@tricera-josua-palmstedt (for adding the try_private option to control connection bridge bits in NanoNNG)
Full change commit log:
What's Changed in NanoMQ
- Update SECURITY.md with CVE policy and guidelines by @JaylinYu in https://github.com/nanomq/nanomq/pull/2249
- Bump docker/build-push-action from 6.18.0 to 6.19.2 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2237
- Fix missing pipe_id in retain message by @alvin1221 in https://github.com/nanomq/nanomq/pull/2257
- Add test script for issue #2246 to integration tests. by @xinyi-xs in https://github.com/nanomq/nanomq/pull/2254
- Bump docker/metadata-action from 5.10.0 to 6.0.0 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2262
- Bump docker/setup-buildx-action from 3.12.0 to 4.0.0 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2265
- Fix failed to encode Will msg for MQTT V5 by @alvin1221 in https://github.com/nanomq/nanomq/pull/2261
- Bump extern/l8w8jwt from
d7f5b3btoee445f6by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2240 - fix 2 protocol violation in mqtt topic alias by @JaylinYu in https://github.com/nanomq/nanomq/pull/2269
- NEW [test] add OSS-Fuzz integration and MQTT PUBLISH fuzzer by @saberrg in https://github.com/nanomq/nanomq/pull/2238
- CMakelist fix for new JWT update & fix regression bug from AI coding by @JaylinYu in https://github.com/nanomq/nanomq/pull/2278
- Bump pnpm/action-setup from 4.2.0 to 5.0.0 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2273
- Bump codecov/codecov-action from 5.5.2 to 6.0.0 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2275
- Bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2277
- Bump actions/setup-node from 6.2.0 to 6.3.0 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2276
- Bump docker/login-action from 3.7.0 to 4.1.0 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2274
- FIx #2270 & New release is ready by @JaylinYu in https://github.com/nanomq/nanomq/pull/2280
- ci: rename action by @Rory-Z in https://github.com/nanomq/nanomq/pull/2282
- Add ClusterFuzzLite support. by @xinyi-xs in https://github.com/nanomq/nanomq/pull/2186
- add new no_local_v4. by @JaylinYu in https://github.com/nanomq/nanomq/pull/2290
- same PR with #2289 by @JaylinYu in https://github.com/nanomq/nanomq/pull/2292
- new 0.24.13 release by @JaylinYu in https://github.com/nanomq/nanomq/pull/2293
New Contributors
- @saberrg made their first contribution in https://github.com/nanomq/nanomq/pull/2238
Full Changelog: https://github.com/nanomq/nanomq/compare/0.24.11...0.24.13
What's Changed in NanoNNG
- fix reset retain flag for MQTT V3.1/V3.1.1 by @alvin1221 in https://github.com/nanomq/NanoNNG/pull/1466
- FIX [mqtt_qos_db(
SQLITE)] fix remove unused msg entity by @alvin1221 in https://github.com/nanomq/NanoNNG/pull/1465
- FIX [mqtt_qos_db(
- FIX [nmq_mqtt] fix keepalive mechanism by @alvin1221 in https://github.com/nanomq/NanoNNG/pull/1463
- Fix handle no_local msg on MacOS cause send aio error by @alvin1221 in https://github.com/nanomq/NanoNNG/pull/1470
- Add encoding method for publish message by @alvin1221 in https://github.com/nanomq/NanoNNG/pull/1471
- Fix searching logic for topics starting with '$' by @alvin1221 in https://github.com/nanomq/NanoNNG/pull/1473
- avoid msg stall by @JaylinYu in https://github.com/nanomq/NanoNNG/pull/1477
- FIX [mqtt_parser] out of bounds read by @JaylinYu in https://github.com/nanomq/NanoNNG/pull/1480
- MDF [mqtt_parser] optimize & consolidate get_utf8_str by @JaylinYu in https://github.com/nanomq/NanoNNG/pull/1485
- fix regression bug from AI by @JaylinYu in https://github.com/nanomq/NanoNNG/pull/1486
- Fix: Add try_private option to control connection bridge bit by @tricera-josua-palmstedt in https://github.com/nanomq/NanoNNG/pull/1469
- MDF [utils] fix nng action on windows by @JaylinYu in https://github.com/nanomq/NanoNNG/pull/1492
- Add no_local_v4 config param by @JaylinYu in https://github.com/nanomq/NanoNNG/pull/1493
- Fix expected protocol version in unit tests by @alvin1221 in https://github.com/nanomq/NanoNNG/pull/1494
- CodeRabbit Generated Unit Tests: Add generated unit tests by @coderabbitai[bot] in https://github.com/nanomq/NanoNNG/pull/1447
- sync changes by @JaylinYu in https://github.com/nanomq/NanoNNG/pull/1496
New Contributors
- @tricera-josua-palmstedt made their first contribution in https://github.com/nanomq/NanoNNG/pull/1469
Full Changelog: https://github.com/nanomq/NanoNNG/compare/0.24.11...0.24.13