MQTT Server & Web client - Home Assistant Community Add-ons
This is the final and last release of this add-on, which is now deprecated.
We strongly advise you to upgrade/migrate to using the Mosquitto add-on, as provided by the Home Assistant project.
This add-on will be removed from the add-on store soon.
0.92.0
of Home Assistant (or newer) to install this update.This release adds ingress support for the web client, this is enabled as default.
What this means is that if you have bookmarks, iframes, panels, proxy entries, port forwarding or anything else that uses the URL with port number to access the web client those will no longer work with the default configuration.
There is some good news! :)
By using ingress, there is no need for a separate login, you don't need to forward ports, it just works!
If you do not want to use these new features, you can disable ingress.
To disable ingress add a port in the Network configuration (example 5713) to the right of 80/tcp in the "disabled" field, after adding that hit "SAVE" then restart the addon.
The structure of the configuration for this addon has been changed. Make sure you control all settings and look in the addon log for clues if something fails.
ssl
option is now "global", meaning that it will enable:
Now that the important changes are taken care of, let's list the "boring" stuff.
What | From | To |
---|---|---|
mosquitto |
1.5.8 |
1.6.2 |
nginx |
1.14.2-r0 |
1.14.2-r1 |
lua-resty-http |
0.12-r1 |
0.13-r0 |
nginx-mod-http-lua |
1.14.2-r0 |
1.14.2-r1 |
base image |
3.0.1 |
3.1.0 |
Thanks again to @frenck for adding/changing most of what is in this release!
This release was created with reporeleaser :tada:
Mosquitto (1.5.8) and libwebsockets (2.4.2) are build from source in this version
This release was created with reporeleaser :tada:
This version contains an important security fix, and it is strongly recommended for ALL installations to be upgraded to this version immediately.
The authentication against Home Assistant can be bypassed by an anonymous and unauthorized user. The issue has been mitigated in the latest release.
To be clear on the subject: This is an add-on issue and not an issue with the Home Assistant authentication itself.
Exact details of the vulnerability are not disclosed in order to give our users the time to upgrade.
Thanks to Lars Larsson (@larsla) for responsibly reporting this vulnerability.
Versions Affected Affects all releases that support authentication against Home Assistant, add-on versions v0.2.0 and higher.