hassio-addons/repository
1
0
Fork 0
mirror of https://github.com/hassio-addons/repository.git synced 2025-05-06 20:21:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

🎉 Release of add-on MQTT Server & Web client 0.3.1

Browse source
This commit is contained in:
Community Hass.io Add-ons Bot 2019-01-01 20:36:43 +00:00
parent 342628a036
commit 41a68cb1b2
4 changed files with 12 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

26
mqtt/CHANGELOG.md
View file

@ -1,24 +1,6 @@
This version contains an important security fix, and it is **strongly recommended** for **ALL** installations to be upgraded to this version **immediately**.
## Changes
### Bypass of Authentication
- Buypass LUA auth if leave_front_door_open
- Add missing pwfile to config
The authentication against Home Assistant can be bypassed by an anonymous and unauthorized user. The issue has been mitigated in the latest release.
To be clear on the subject: This is an add-on issue and not an issue with the Home Assistant authentication itself.
Exact details of the vulnerability are not disclosed in order to give our users the time to upgrade.
Thanks to Lars Larsson (@larsla) for responsibly reporting this vulnerability.
Versions Affected
Affects add-on versions v0.2.0 and newer.
Older releases are not affected.
### Changes
- 🚑 🔒 Fixes authentication bypass vulnerability
- 🚑 Set correct acl for readonly
- ⬆Upgrade Nginx to 1.14.2
- ⬆Upgrade Nginx-mod-http-lua to 1.14.2
[Full changelog](https://github.com/hassio-addons/addon-mqtt/compare/v0.2.2...v0.3.0)
[Full changelog](https://github.com/hassio-addons/addon-mqtt/compare/v0.3.0...v0.3.1)

8
mqtt/README.md
View file

@ -23,13 +23,13 @@ and inspect/publish messages using the built-in web client!
[buymeacoffee]: https://www.buymeacoffee.com/ludeeus
[discord-shield]: https://img.shields.io/discord/478094546522079232.svg
[discord]: https://discord.me/hassioaddons
[docs]: https://github.com/hassio-addons/addon-mqtt/blob/v0.3.0/README.md
[docs]: https://github.com/hassio-addons/addon-mqtt/blob/v0.3.1/README.md
[forum-shield]: https://img.shields.io/badge/community-forum-brightgreen.svg
[forum]: https://community.home-assistant.io/t/community-hass-io-add-ons-mqtt-server-web-client/70376
[hivemq]: https://www.hivemq.com/
[maintenance-shield]: https://img.shields.io/maintenance/yes/2018.svg
[maintenance-shield]: https://img.shields.io/maintenance/yes/2019.svg
[mosquitto]: https://mosquitto.org/
[project-stage-shield]: https://img.shields.io/badge/project%20stage-experimental-yellow.svg
[release-shield]: https://img.shields.io/badge/version-v0.3.0-blue.svg
[release]: https://github.com/hassio-addons/addon-mqtt/tree/v0.3.0
[release-shield]: https://img.shields.io/badge/version-v0.3.1-blue.svg
[release]: https://github.com/hassio-addons/addon-mqtt/tree/v0.3.1
[screenshot]: https://github.com/hassio-addons/addon-mqtt/raw/master/images/image.png

2
mqtt/config.json
View file

@ -1,6 +1,6 @@
{
"name": "MQTT Server & Web client",
"version": "0.3.0",
"version": "0.3.1",
"slug": "mqtt",
"timeout": 10,
"description": "Mosquitto MQTT Server bundled with Hivemq's web client",