Addon Mqtt Versions Save

MQTT Server & Web client - Home Assistant Community Add-ons

v1.2.0

4 years ago

⚠️ Deprecation notice!

This is the final and last release of this add-on, which is now deprecated.

We strongly advise you to upgrade/migrate to using the Mosquitto add-on, as provided by the Home Assistant project.

This add-on will be removed from the add-on store soon.

Changes

  • :pencil2: Maintaince -> Maintenance
  • :ambulance: Fixes path handling for SSL certificates
  • :hammer: Updates HA Auth URL in NGinx LUA script
  • :hammer: Use Hass.io DNS as NGinx resolver
  • :fireworks: Updates maintenance/license year to 2020
  • :books: Update add-on documentation to use new YAML configuration format
  • :hammer: Re-branding
  • :pencil2: Fixes some typos
  • :hammer: Update add-on config with new password & list features
  • :arrow_up: Upgrades add-on base image to v7.0.2
  • :warning: Adds deprecation notices

Full Changelog

v1.1.0

5 years ago

PSA

  • BEFORE you upgrade, make sure you read EVERYTHING in this release.
  • BIG shoutout to @frenck for a major refactor of this addon! :heart:
  • You need to have version 0.92.0 of Home Assistant (or newer) to install this update.
  • A link to the web client can be added to the sidebar by toggling "Add to sidebar"

Ingress

This release adds ingress support for the web client, this is enabled as default.

What this means is that if you have bookmarks, iframes, panels, proxy entries, port forwarding or anything else that uses the URL with port number to access the web client those will no longer work with the default configuration.

There is some good news! :)

By using ingress, there is no need for a separate login, you don't need to forward ports, it just works!

Disable ingress

If you do not want to use these new features, you can disable ingress.

To disable ingress add a port in the Network configuration (example 5713) to the right of 80/tcp in the "disabled" field, after adding that hit "SAVE" then restart the addon.

Configuration

The structure of the configuration for this addon has been changed. Make sure you control all settings and look in the addon log for clues if something fails.

  • You can no longer disable the web client.
  • The ssl option is now "global", meaning that it will enable:
    • HTTPS for the web client.
    • Port 4883 (MQTT with SSL) on the broker.
    • Port 4884 (Websockets with SSL) on the broker.

Changes

Now that the important changes are taken care of, let's list the "boring" stuff.

New functionality

  • Ingress support
  • "Add to sidebar" support
  • Get the hostname from your browser automatically.

Version updates

What From To
mosquitto 1.5.8 1.6.2
nginx 1.14.2-r0 1.14.2-r1
lua-resty-http 0.12-r1 0.13-r0
nginx-mod-http-lua 1.14.2-r0 1.14.2-r1
base image 3.0.1 3.1.0

Full changelog

One last thing

Thanks again to @frenck for adding/changing most of what is in this release!

v1.0.1

5 years ago

Changes

  • 0745b9b ? Fix issues with user creations
  • df56330 ? Cleanup logs
  • 4d9dd7a ? Fix quoting issues
  • fafe0ef ? Utilize bashio for user creation

Full Changelog

This release was created with reporeleaser :tada:

v1.0.0

5 years ago

Changes

Mosquitto (1.5.8) and libwebsockets (2.4.2) are build from source in this version

  • ff9fc8e :pencil2: Fixes spelling error in Dockerfile @frenck
  • 6b32edb :fire: Removes BountySource links @frenck
  • 33c2280 :fire: Removes Anchore.io links @frenck
  • ab03b1e :fireworks: Updates maintenance year to 2019 @frenck
  • 6fea2f2 :tractor: :rocket: Refactor of GitLab CI @frenck
  • 6c53e5f ?Configure Renovate (#21) @renovate[bot]
  • 472f7ee ⬆️ Upgrade baseimage to 3.0.1
  • d851ec6 ? Rewrite to use bashio
  • 0da2b50 ? Build libwesocket and mosquitto from source

Full Changelog

This release was created with reporeleaser :tada:

v0.3.1

5 years ago

Changes

  • Buypass LUA auth if leave_front_door_open
  • Add missing pwfile to config

Full changelog

v0.3.0

5 years ago

This version contains an important security fix, and it is strongly recommended for ALL installations to be upgraded to this version immediately.

Bypass of Authentication

The authentication against Home Assistant can be bypassed by an anonymous and unauthorized user. The issue has been mitigated in the latest release.

To be clear on the subject: This is an add-on issue and not an issue with the Home Assistant authentication itself.

Exact details of the vulnerability are not disclosed in order to give our users the time to upgrade.

Thanks to Lars Larsson (@larsla) for responsibly reporting this vulnerability.

Versions Affected Affects all releases that support authentication against Home Assistant, add-on versions v0.2.0 and higher.

Changes

  • ? ? Fixes authentication bypass vulnerability
  • ? Set correct acl for readonly
  • ⬆️Upgrade Nginx to 1.14.2
  • ⬆️Upgrade Nginx-mod-http-lua to 1.14.2

Full changelog

v0.2.2

5 years ago

Changes

  • ?Enable AppArmor

Full changelog

v0.2.1

5 years ago

Changes

  • ?Fix startup issues if the broker is disabled.

Full Changelog

v0.2.0

5 years ago

Changes

  • ✨ Adds HA Authentication to web interface
  • ?Remove apache2-utils
  • ⬆️Update nginx-mod-lua to v1.14.1.-r0
  • ⬆️Update nginx to v1.14.1-r1
  • ✨ Adds the posibility to add custom mosquitto configuration

Full changelog

v0.1.1

5 years ago

Changes

  • ?Fixes a startup issue where allow_anonymous was true and no users were defined.

Full changelog