This is a security fix version of NanoMQ. Only the newly added feature is an in-memory cache of HTTP ACL. Start from 0.24.7. We introduced LLM Fuzzing & CoderabbitAI to enhance code security. Since NanoMQ has already been installed on millions of cars, the safety & security is always our first priority.
What's Changed in NanoMQ
- chore: enable dependabot updates by @reneleonhardt in https://github.com/nanomq/nanomq/pull/2157
- FIX [DevOps] try to fix MSVC workflow by @JaylinYu in https://github.com/nanomq/nanomq/pull/2159
- Bump gcc from 11 to 15 in /deploy/docker by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2160
- Bump github/codeql-action from 7434149006143a4d75b82a2f411ef15b03ccc2d7 to ec2ee575c053869d197f516146096427e08da443 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2168
- Bump Ubuntu from 22.04 to 24.04 in /deploy/docker by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2162
- Bump alpine from 3.16 to 3.22 in /deploy/docker by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2161
- fix a redundant property length byte in notification msg by @JaylinYu in https://github.com/nanomq/nanomq/pull/2175
- Fixed CI error. by @xinyi-xs in https://github.com/nanomq/nanomq/pull/2177
- Bump actions/setup-python from 6.0.0 to 6.1.0 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2172
- Fixed docker run failed. by @xinyi-xs in https://github.com/nanomq/nanomq/pull/2179
- Bump docker/metadata-action from 5.9.0 to 5.10.0 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2171
- Bump github/codeql-action from ec2ee575c053869d197f516146096427e08da443 to ecec1f88769052ebc45aa0affc53ea30d474cffa by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2173
- Fixed SQL compose unsafe issue。 by @xinyi-xs in https://github.com/nanomq/nanomq/pull/2185
- Bump emqx/translate-issue-action from 1.0.3 to 1.0.5 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2184
- Bump debian from 11-slim to 13-slim in /deploy/docker by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2163
- Bump actions/checkout from 4 to 6 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2164
- Bump nanomq_cli/nftp-codec from
028d167toe14f181by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2165 - Bump codecov/codecov-action from 5.5.1 to 5.5.2 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2180
- Bump alpine from 3.22 to 3.23 in /deploy/docker by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2182
- Bump actions/download-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2181
- Bump actions/setup-node from 6.0.0 to 6.1.0 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2188
- Bump github/codeql-action from ecec1f88769052ebc45aa0affc53ea30d474cffa to f67ec12472e1b361f5e1e2085f5e6f85a57e3cd6 by @dependabot[bot] in https://github.com/nanomq/nanomq/pull/2189
- ACL Cache is supported now by @wanghaEMQ in https://github.com/nanomq/nanomq/pull/2193
- update nng head & sync finx by @JaylinYu in https://github.com/nanomq/nanomq/pull/2194
- Add head use after free test. by @xinyi-xs in https://github.com/nanomq/nanomq/pull/2196
- new version released by @JaylinYu in https://github.com/nanomq/nanomq/pull/2200
New Contributors
- @reneleonhardt made their first contribution in https://github.com/nanomq/nanomq/pull/2157
Full Changelog: https://github.com/nanomq/nanomq/compare/0.24.6...0.24.7
What's Changed in NanoNNG
- for https://github.com/nanomq/nanomq/issues/2170 by @JaylinYu in https://github.com/nanomq/NanoNNG/pull/1382
- Fixed rule parse error. by @xinyi-xs in https://github.com/nanomq/NanoNNG/pull/1383
- FIX [transport/mqtt] fix CVE-2025-59947 by @JaylinYu in https://github.com/nanomq/NanoNNG/pull/1390
- FIX [mqtt_parser] fix a property len handle error in conn_handler by @JaylinYu in https://github.com/nanomq/NanoNNG/pull/1393
- Fix rule_sql_parse from-clause handling logic. by @xinyi-xs in https://github.com/nanomq/NanoNNG/pull/1392
- FIX [auth] Fix crash in HTTP auth when using %u/%P with anonymous connections by @RanMaoyi in https://github.com/nanomq/NanoNNG/pull/1394
- ACL Cache for HTTP Auth is supported by @wanghaEMQ in https://github.com/nanomq/NanoNNG/pull/1396
- sync fixes by @JaylinYu in https://github.com/nanomq/NanoNNG/pull/1397
Full Changelog: https://github.com/nanomq/NanoNNG/compare/0.24.6...0.24.7