rumqttc-0.25.1

rumqttc v0.25.1

This patch release focuses on fixing the broken WebSocket feature and includes dependency updates.

Highlights

WebSocket Fix: This release resolves a build issue that occurred when the websocket feature was enabled, caused by incompatibility with ws_stream_tungstenite v0.14.0. The dependency has been updated to v0.15.0, restoring full WebSocket functionality.

Changes

• Fixed: Build failure when compiling with the websocket feature enabled (#999)
• Added: New use-rustls-no-provider feature for more flexible TLS configuration (#988)
• Maintenance: Updated dependencies (#1006 )

Contributors

Welcome to our new contributors:

• @giridher-art
• @Matt3o12
• @MightyPork

Full Changelog: [rumqttc-0.25.0...rumqttc-0.25.1]

rumqttd-0.20.0

rumqttd 0.20.0

Key Features

• Async Authentication: Added support for async auth functions for more flexible authentication flows
• Enhanced Security:
  • Implemented constant-time password comparison to prevent timing attacks
  • Added SEC1 key support with improved certificate handling
• Public API Improvements: Made Server, Forward, and external_auth publicly available for better extensibility

Notable Fixes

• Fixed session present flag in CONNACK packets
• Corrected keepalive duration handling when reading from network
• Fixed event ordering returned on poll()
• Set default network timeout to Duration::MAX instead of zero
• Improved error handling for MQTT acknowledgment packets

Improvements

• Updated rustls and dependencies
• Added LinkTx::unsubscribe functionality
• Enhanced logging for peer-initiated disconnects
• Improved client_id recording in tracing spans
• Disabled default feature for metrics-exporter-prometheus

New Contributors

Welcome to @amokfa, @Inventor77, @xiaocq2001, @silvestrpredko, @Ddystopia, and @Ichmed! 🎉

Full Changelog: rumqttd-0.19.0...rumqttd-0.20.0

rumqttc-0.25.0

rumqttc v0.25.0 Release Notes

We're excited to announce the release of rumqttc v0.25.0! This release brings significant improvements, new features, and important bug fixes that enhance the stability and functionality of your MQTT applications.

🚀 What's New

Enhanced MQTT v5 Support

• Session Management: Added support for session_expiry_interval in MQTT v5 connections, giving you better control over session persistence
• Authentication Packets: Implemented MQTT v5 Auth packet support for enhanced authentication flows
• Connection Properties: Made DisconnectProperties struct public for better disconnect handling

Security & Performance Improvements

• Network Performance: Added TCP no_delay configuration option for reduced latency in time-sensitive applications
• Memory Optimization: Replaced Vec with FixedBitSet for QoS 2 packet tracking, reducing memory overhead
• Network Timeout: Set default network timeout to Duration::MAX instead of zero for better connection handling

Developer Experience Enhancements

• TLS Support: Added native TLS TlsConnector support for more flexible secure connections
• Client Configuration: New set_client_id method in MqttOptions for easier client ID management
• External Auth: Re-enabled public access to external authentication features

🔧 Important Bug Fixes

Connection Stability

• Fixed panic issues on connection closure
• Resolved MQTT v5 packet writing problems that prevented outgoing packets from reaching the network
• Improved event ordering in poll() method for more predictable behavior

Subscription Handling

• Filter Validation: Added proper validation for subscription filters
• Subscribe Many Fix: Resolved critical issue where subscribe_many always caused EmptySubscription errors

Packet Processing

• Write Operations: Ensured all write operations return correct byte counts
• PubAck Filtering: Fixed filtering of unexpected PubAck packets in event loop
• Error Handling: Removed SubAck/UnsubAck/PubAck/PubRec/PubRel/PubComp reason code errors from critical state errors

📚 Code Quality & Maintenance

Dependency Updates

We've updated several critical dependencies for security and performance:

• OpenSSL: 0.10.64 → 0.10.71
• H2: 0.4.2 → 0.4.4
• Rustls: 0.22.2 → 0.22.4
• Various Go dependencies in benchmarks

Refactoring Highlights

• Simplified Network implementation with Framed<.., Codec>
• Improved credential storage using Login in MqttOptions
• Enhanced unsolicited publish handling
• Better clippy compliance and code quality

🎯 Breaking Changes

While we've maintained backward compatibility where possible, please note:

• Some internal APIs have been refactored for better performance
• Error handling has been improved, which may affect error matching in your code
• Default network timeout behavior has changed

🤝 Community Contributions

A huge thank you to our 16 new contributors who made this release possible! We're thrilled to welcome these developers to the rumqtt community:

New Contributors:

• @amokfa - Fixed write operation byte counting
• @pranavgoel29 - Added subscription filter validation
• @xiaocq2001 - Added MQTT v5 session expiry and session resume improvements
• @wangwen-4220 - Fixed PubAck filtering in event loop
• @hippalus - Optimized QoS 2 packet tracking with FixedBitSet
• @FedorSmirnov89 - Added TCP no_delay configuration option
• @silvestrpredko - Re-enabled external auth public availability
• @FSMaxB - Fixed critical subscribe_many functionality
• @J-Kappes - Improved TLS documentation
• @CosminPerRam - Fixed EventLoop documentation spelling
• @Ddystopia - Fixed default network timeout behavior
• @edgale - Fixed function description typos
• @elrafoon - Added MqttOptions set_client_id method
• @jbeyerstedt - Made v5::Connection return types public

This diverse group of contributors brought improvements ranging from security enhancements and performance optimizations to API improvements and documentation fixes. Their combined efforts have made rumqttc more robust, secure, and user-friendly.

Special recognition goes to contributors who tackled complex issues like MQTT v5 protocol implementation, security vulnerabilities, and critical subscription handling bugs.

🔄 Migration Guide

For most users, upgrading should be straightforward:

1. Update your dependency: Change your Cargo.toml to use rumqttc = "0.25.0"
2. Review timeout handling: If you rely on specific timeout behavior, review the new default timeout settings
3. Check error handling: Update any code that specifically catches the removed reason code errors
4. Test MQTT v5 features: If using MQTT v5, test the improved session handling and auth features

🔗 Resources

• Full Changelog: View on
• Documentation: Check our updated docs for new features and API changes
• Issues: Report bugs or request features on our GitHub repository

---

This release represents months of community effort and testing. We're confident it will provide a more stable, secure, and feature-rich MQTT experience for your applications.

Happy coding! 🦀

rumqttc-0.24.0

What's New?

• 🧾 Expose EventLoop::clean to allow triggering shutdown and subsequent storage of pending requests by @de-sh in #741

You can now shutdown the Eventloop and drain Requests, which weren't received from the channel and keep them in pending while doing cleanup to prevent any data loss. Example usage in bytebeamio/uplink.

• 🔐 Support for all TLS key formats currently supported by Rustls: PKCS#1, PKCS#8, RFC5915 and new TLS Error variants: NoValidClientCertInChain, NoValidKeyInChain by @ijager in #752 and #752

With this, we now practically support all RSA and ECC keys in DER/SEC1 encoding.

• A websocket request modifier for v4 client by @swanandx in #772

• Surfaced AsyncClient's from_senders method to the Client as from_sender by @BKDaugherty in #779

---

Changes

• 🆔 Allow empty Client ID by @arunanshub in #791

MqttOptions::new now accepts empty client_id and MqttOptions::set_clean_session panics if client_id is empty and clean_session flag is set to false.

• Synchronous client methods take &self instead of &mut self by @BKDaugherty in #646

• Removed the Key enum by @ijager in #752

Users do not need to specify the TLS key variant in the TlsConfiguration anymore, this is inferred automatically. To update your code simply remove Key::ECC() or Key::RSA() from the initialization.

• Certificate for client authentication is optional in native-tls variant by @swanandx in #758

With this, the der & password fields are replaced by client_auth.

• Make v5 RetainForwardRule public, in order to allow setting it when constructing Filter values by @brianmay in #767

• Use VecDeque instead of IntoIter to fix unintentional drop of pending requests on EventLoop::clean by @de-sh in #780

• Fix typo - StateError::IncommingPacketTooLarge => StateError::IncomingPacketTooLarge by @swanandx in #786

• Update rustls and friends by @qwandor in #790

Update tokio-rustls to 0.25.0, rustls-native-certs to 0.7.0, rustls-webpki to 0.102.1, rusttls-pemfile to 2.0.0, async-tungstenite to 0.24.0, ws_stream_tungstenite to 0.12.0 and http to 1.0.0. This is a breaking change as types from some of these crates are part of the public API in

Fixes

• Lowered the MSRV to 1.64.0 by @RoastVeg in #762
• Request modifier function should be Send and Sync and removed unnecessary Box by @swanandx in #770

---

New Contributors 🎉

• @BKDaugherty made their first contribution in #646
• @RoastVeg made their first contribution in #762
• @ijager made their first contribution in #752

---

Full Changelog: rumqttd-0.19.0...rumqttc-0.24.0

rumqttd-0.19.0

What's New?

• 🔐 Extensible external authentication by @nathansizemore in #761

You can hook custom function for authentication using client id, username and password. This custom function can be extended as per need, for e.g. fetching credentials from DB, using tokens or spawning processes, etc. see example for setup.

• 🔑 Add support for ECC keys when configuring TLS in rumqttd by @AlexandreCassagne in #743

Previously only RSA keys were accepted, but now you can specify any TLS key formats currently supported by rustls, like ECC, PKCS8 to name a few.

---

Changes

Configuration related

• v4 config is optional by @swanandx in #736

user can specify v4 and/or v5 config. Specifying [v4.x] in rumqttd.toml is no longer mandatory, those who wish to only use v5 can now only include [v5.x] in config.

• console configuration is optional by @swanandx in #737

specifying [console] in rumqttd.toml is now optional and can be safely removed if you don't wish to use console.

• CA certificate is optional if client auth is disabled

capath in tls config is only required is client authentication will be used ( see "verify-client-cert" feature below to know more ). Warning will be logged if the feature is disabled and capath is being ignored.

Feature related

• websocket feature is enabled by default by @swanandx in #734

rumqttd will log a warning if [ws.x] is specified in config but getting ignored due to websocket feature is disabled.

• "websockets" feature is removed in favour of "websocket"

• client auth is featured gated behind "verify-client-cert" by @de-sh in #756

mutual TLS ( mTLS ) or client authentication, which is done verifying by certificates provided client is now optional with use-rustls. capath specifying CA certificate must be present in config file if client auth is enabled.
To enable client auth, you need to enable verify-client-cert features ( disabled by default to match behavior of use-native-tls )

Others

• Console endpoint /config prints Router Config instead of returning console settings by @swanandx in #727
• Update tungstenite and dependencies to fix CVE by @swanandx in #730

Maintainance

• build(deps): bump webpki from 0.22.1 to 0.22.2 by @dependabot in #720

• build(deps): bump rustix from 0.38.17 to 0.38.19 by @dependabot in #735

• update tungstenite and other dependencies by @swanandx in #730

• build(deps): bump openssl from 0.10.57 to 0.10.60 by @dependabot in #759

• fix: clippy lints by @swanandx in #725

• feat: install cross from git and cleanup by @swanandx in #716

• chore: move rust-version from workspace to respective crates by @swanandx in #763

• fix rust-cache with proper key and global RUSTFLAG by @swanandx in #764

---

New Contributors 🎉

• @AlexandreCassagne made their first contribution in #743
• @nathansizemore made their first contribution in #761

---

Full Changelog: rumqttd-0.18.0...rumqttd-0.19.0

rumqttc 0.23.0

Added

• Added bind_device to NetworkOptions to enable TCPSocket.bind_device()
• Added MqttOptions::set_request_modifier for setting a handler for modifying a websocket request before sending it.

Fixed

• Allow keep alive values <= 5 seconds (#643)
• Verify "mqtt" is present in websocket subprotocol header.

Security

• Remove dependency on webpki. CVE
• Removed dependency vulnerability, see rustsec. Update of tungstenite dependency.

---

Other Changes

• Replace heavy futures dep by @mattfbacon in #645
• Allow modifying websocket requests. by @reitermarkus in #642
• docs: remove invalid docs disclaimer by @carlocorradini in #657
• Disable unsused features from flume dependency by @domenicquirl in #653
• build(deps): Bump dependencies to latest by @Dirreke in #666
• rumqttc: Add bind_device to NetworkOptions to enable TCPSocket.bind_device() by @seimonw in #654
• fix(Event Loop): Allow keep-alives <= 5 secs by @danieldougherty in #655
• feat(rumqttc): Replace multi line debug log with single line by @flxo in #688
• build(deps): bump rustls-webpki from 0.101.1 to 0.101.4 by @dependabot in #687
• build(deps): update dependencies by @swanandx in #690
• use patched ws_stream_tungstenite to remove webpki by @swanandx in #704
• chore: cargo update and replace deprecated functions by @swanandx in #710
• Call the bind_device function only if the bind_device network option … by @frank-hivewatch in #713
• fix: validate subprotocol mqtt by @Vilayat-Ali in #724
• fix: clippy lints by @swanandx in #725
• Validate "mqtt" exists in comma delimited subprotocol header by @swanandx in #726
• revert #726: only expect "mqtt" in response header by @de-sh in #729
• update tungstenite dependencies for security purpose by @Arend-Jan in #728

New Contributors 🎉

• @mattfbacon made their first contribution in #645
• @reitermarkus made their first contribution in #642
• @domenicquirl made their first contribution in #653
• @Dirreke made their first contribution in #666
• @seimonw made their first contribution in #654
• @danieldougherty made their first contribution in #655
• @frank-hivewatch made their first contribution in #713
• @Vilayat-Ali made their first contribution in #724
• @Arend-Jan made their first contribution in #728

rumqttd 0.18.0

What's Changed

This release fixes retained and will messages and adds support for will delay interval in MQTTv5. Rumqttd now have an enhanced release profile in Cargo.toml which would improve performance while reducing the binary size! Here are some of the other changes:

⚡ Added

• Will Delay Interval for MQTTv5 by @swanandx in #686

🚨 Changed

• Non-consuming builder pattern for constructing Connection by @swanandx in #708
• Removed Link and its implementation which were deprecated by @swanandx in #684

🛠️ Fixed

• Will messages by @swanandx in #686
• Retained Messages by @swanandx in #683
• Publish properties in qos2 publishes by @swanandx in #702

🔒 Security

• Remove dependency on webpki to fix CVE

🚧 Maintenance changes

• enhance cargo workspace and release build by @carlocorradini in #680
• configure cross to support x86_64 and aarch64 for linux/musl by @carlocorradini in #674
• etc.

Full Changelog: rumqttd-0.17.0...rumqttd-0.18.0

rumqttd-0.17.0

Whats New? 🤯

• 🆔 Subscription IDs support in broker by @swanandx in #632
• 🔥 Shared subscriptions with configurable strategy by @Nickztar in #668

We can configure strategy for shared subscriptions using rumqttd.toml The available strategies are as follows:
round_robin (Default): select clients in turns as per the order of their subscription.
random: randomly choose a client and sent it. ( note: once a client is chosen, we try to send as many msg as we can )
sticky: stick to a subscriber and keep sending it all the messages until its gone.

Maintenance changes 🚧

• build(deps): Bump dependencies to latest by @Dirreke in #666
• chore(github): removed stale by @carlocorradini in #675
• chore(mqttverifier): fix typo and better structure with jsdoc type by @carlocorradini in #679
• docs: add AUR package in README.md by @neruyzo in #681

New Contributors 🎉

• @Dirreke made their first contribution in #666
• @neruyzo made their first contribution in #681

Full Changelog: rumqttd-0.16.0...rumqttd-0.17.0

rumqttd 0.16.0

Blog Post discussing this release - https://bytebeam.io/blog/qos2-and-websockets-support-rumqttd/

Significant Changes

• QoS2 support (#604) 🚀
• Support for Websocket connections (#633) 🕸️

Changed

• Ability to configure segment size individually (#602)
• LinkBuilder for constructing LinkRx/LinkTx (#659)

Deprecated

• Link and its implementation, use LinkBuilder instead

Fixed

• Include reason code for UnsubAck in v5

New Contributors 🎉

• @Nickztar made their first contribution in #633
• @anirudhRowjee made their first contribution in #635

rumqttc 0.22.0

Added

• Added outgoing_inflight_upper_limit to MQTT5 MqttOptions. This sets the upper bound for the number of outgoing publish messages (#615)
• Added support for HTTP(s) proxy (#608)
  • Added proxy feature gate
  • Refactored eventloop::network_connect to allow setting proxy
  • Added proxy options to MqttOptions
• Update rustls to 0.21 and tokio-rustls to 0.24 (#606)
  • Adds support for TLS certificates containing IP addresses
  • Adds support for RFC8446 C.4 client tracking prevention

Changed

• MqttState::new takes max_outgoing_packet_size which was set in MqttOptions but not used (#622)