🎉 Release of add-on MQTT Server & Web client 0.3.0

README.md

@@ -638,10 +638,10 @@ SOFTWARE.
 [lutron-cert-amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
 [lutron-cert-armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg
 [lutron-cert-i386-shield]: https://img.shields.io/badge/i386-yes-green.svg
-[addon-mqtt]: https://github.com/hassio-addons/addon-mqtt/tree/v0.2.2
-[addon-doc-mqtt]: https://github.com/hassio-addons/addon-mqtt/blob/v0.2.2/README.md
+[addon-mqtt]: https://github.com/hassio-addons/addon-mqtt/tree/v0.3.0
+[addon-doc-mqtt]: https://github.com/hassio-addons/addon-mqtt/blob/v0.3.0/README.md
 [mqtt-issue]: https://github.com/hassio-addons/addon-mqtt/issues
-[mqtt-version-shield]: https://img.shields.io/badge/version-v0.2.2-blue.svg
+[mqtt-version-shield]: https://img.shields.io/badge/version-v0.3.0-blue.svg
 [mqtt-pulls-shield]: https://img.shields.io/docker/pulls/hassioaddons/mqtt.svg
 [mqtt-aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
 [mqtt-amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg

mqtt/CHANGELOG.md

@@ -1,5 +1,24 @@
-# Changes
+This version contains an important security fix, and it is **strongly recommended** for **ALL** installations to be upgraded to this version **immediately**.
 
-- 🔨Enable AppArmor
+### Bypass of Authentication
 
-[Full changelog](https://github.com/hassio-addons/addon-mqtt/compare/v0.2.1...v0.2.2)
+The authentication against Home Assistant can be bypassed by an anonymous and unauthorized user. The issue has been mitigated in the latest release.
+
+To be clear on the subject: This is an add-on issue and not an issue with the Home Assistant authentication itself.
+
+Exact details of the vulnerability are not disclosed in order to give our users the time to upgrade.
+
+Thanks to Lars Larsson (@larsla) for responsibly reporting this vulnerability.
+
+Versions Affected
+Affects add-on versions v0.2.0 and newer.
+Older releases are not affected.
+
+### Changes
+
+- 🚑 🔒 Fixes authentication bypass vulnerability
+- 🚑 Set correct acl for readonly
+- ⬆️Upgrade Nginx to 1.14.2
+- ⬆️Upgrade Nginx-mod-http-lua to 1.14.2
+
+[Full changelog](https://github.com/hassio-addons/addon-mqtt/compare/v0.2.2...v0.3.0)

mqtt/README.md

@@ -39,13 +39,13 @@ If you are more interested in stable releases of our add-ons:
 [buymeacoffee]: https://www.buymeacoffee.com/ludeeus
 [discord-shield]: https://img.shields.io/discord/478094546522079232.svg
 [discord]: https://discord.me/hassioaddons
-[docs]: https://github.com/hassio-addons/addon-mqtt/blob/v0.2.2/README.md
+[docs]: https://github.com/hassio-addons/addon-mqtt/blob/v0.3.0/README.md
 [forum-shield]: https://img.shields.io/badge/community-forum-brightgreen.svg
 [forum]: https://community.home-assistant.io/t/community-hass-io-add-ons-mqtt-server-web-client/70376
 [hivemq]: https://www.hivemq.com/
 [maintenance-shield]: https://img.shields.io/maintenance/yes/2018.svg
 [mosquitto]: https://mosquitto.org/
 [project-stage-shield]: https://img.shields.io/badge/project%20stage-experimental-yellow.svg
-[release-shield]: https://img.shields.io/badge/version-v0.2.2-blue.svg
-[release]: https://github.com/hassio-addons/addon-mqtt/tree/v0.2.2
+[release-shield]: https://img.shields.io/badge/version-v0.3.0-blue.svg
+[release]: https://github.com/hassio-addons/addon-mqtt/tree/v0.3.0
 [screenshot]: https://github.com/hassio-addons/addon-mqtt/raw/master/images/image.png

mqtt/config.json

@@ -1,6 +1,6 @@
 {
   "name": "MQTT Server & Web client",
-  "version": "0.2.2",
+  "version": "0.3.0",
   "slug": "mqtt",
   "timeout": 10,
   "description": "Mosquitto MQTT Server bundled with Hivemq's web client",