fix(container): update image public.ecr.aws/docker/library/eclipse-mosquitto ( 2.0.18 → 2.0.22 )

[renovate]

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

---

This PR contains the following updates:

Package	Update	Change
public.ecr.aws/docker/library/eclipse-mosquitto (source)	patch	2.0.18 -> 2.0.22

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

eclipse/mosquitto (public.ecr.aws/docker/library/eclipse-mosquitto)

v2.0.22

Compare Source

===================

Broker:

• Windows: Fix broker crash on startup if using log_dest stdout
• Bridge: Fix idle_timeout never occurring for lazy bridges.
• Fix case where max_queued_messages = 0 was not treated as unlimited.
  Closes #​3244.
• Fix --version exit code and output. Closes #​3267.
• Fix crash on receiving a $CONTROL message over a bridge, if
  per_listener_settings is set true and the bridge is carrying out topic
  remapping. Closes #​3261.
• Fix incorrect reference clock being selected on startup on Linux.
  Closes #​3238.
• Fix reporting of client disconnections being incorrectly attributed to "out
  of memory". Closes #​3253.
• Fix compilation when using WITH_OLD_KEEPALIVE. Closes #​3250.
• Add Windows linker file for the broker to the installer. Closes #​3269.
• Fix Websockets PING not being sent on Windows. Closes #​3272.
• Fix problems with secure websockets. Closes #​1211.
• Fix crash on exit when using WITH_EPOLL=no. Closes #​3302.
• Fix clients being incorrectly expired when they have keepalive ==
  max_keepalive. Closes #​3226, #​3286.

Dynamic security plugin:

• Fix mismatch memory free when saving config which caused memory tracking to
  be incorrect.

Client library:

• Fix C++ symbols being removed when compiled with link time optimisation.
  Closes #​3259.
• TLS error handling was incorrectly setting a protocol error for non-TLS
  errors. This would cause the mosquitto_loop_start() thread to exit if no
  broker was available on the first connection attempt. This has been fixed.
  Closes #​3258.
• Fix linker errors on some architectures using cmake. Closes #​3167.

Tests:

• Fix 08-ssl-connect-cert-auth-expired and 08-ssl-connect-cert-auth-revoked
  tests when running on a single CPU system. Closes #​3230.

v2.0.21

Compare Source

===================

Security:

• Fix leak on malicious SUBSCRIBE by authenticated client.
  Closes eclipse #​248.
• Further fix for CVE-2023-28366.

Broker:

• Fix clients sending a RESERVED packet not being quickly disconnected.
  Closes #​2325.
• Fix bind_interface producing an error when used with an interface that has
  an IPv6 link-local address and no other IPv6 addresses. Closes #​2696.
• Fix mismatched wrapped/unwrapped memory alloc/free in properties. Closes #​3192.
• Fix allow_anonymous false not being applied in local only mode. Closes #​3198.
• Add retain_expiry_interval option to fix expired retained message not
  being removed from memory if they are not subscribed to. Closes #​3221.
• Produce an error if invalid combinations of cafile/capath/certfile/keyfile
  are used. Closes #​1836. Closes #​3130.
• Backport keepalive checking from develop to fix problems in current
  implementation. Closes #​3138.

Client library:

• Fix potential deadlock in mosquitto_sub if -W is used. Closes #​3175.

Apps:

• mosquitto_ctrl dynsec now also allows -i to specify a clientid as well as
  -c. This matches the documentation which states -i. Closes #​3219.
  Client library:
• Fix threads linking on Windows for static libmosquitto library
  Closes #​3143

Build:

• Fix Windows builds not having websockets enabled.
• Add tzdata to docker images

Tests:

• Fix 08-ssl-connect-cert-auth-expired and 08-ssl-connect-cert-auth-revoked
  tests when under load. Closes #​3208.

v2.0.20

Compare Source

===================

Broker:

• Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers".
  Closes #​3128.
• Open files with appropriate access on Windows. Closes #​3119.
• Don't allow invalid response topic values.
• Fix some strict protocol compliance issues. Closes #​3052.

Client library:

• Fix cmake build on OS X. Closes #​3125.

Build:

• Fix build on NetBSD

v2.0.19

Compare Source

===================

Security:

• Fix mismatched subscribe/unsubscribe with normal/shared topics.
• Fix crash on bridge using remapped topic being sent a crafted packet.

Broker:

• Fix assert failure when loading a persistence file that contains
  subscriptions with no client id.
• Fix local bridges being incorrectly expired when
  persistent_client_expiration is in use.
• Fix use of CLOCK_BOOTTIME for getting time. Closes #​3089.
• Fix mismatched subscribe/unsubscribe with normal/shared topics.
• Fix crash on bridge using remapped topic being sent a crafted packet.

Client library:

• Fix some error codes being converted to string as "unknown". Closes #​2579.
• Clear SSL error state to avoid spurious error reporting. Closes #​3054.
• Fix "payload format invalid" not being allowed as a PUBREC reason code.
• Don't allow SUBACK with missing reason codes.

Build:

• Thread support is re-enabled on Windows.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[carpenike-bot]

--- kubernetes/cluster-0/apps/home/mosquitto/app Kustomization: flux-system/mosquitto HelmRelease: home/mosquitto

+++ kubernetes/cluster-0/apps/home/mosquitto/app Kustomization: flux-system/mosquitto HelmRelease: home/mosquitto

@@ -33,13 +33,13 @@

         annotations:
           reloader.stakater.com/auto: 'true'
         containers:
           main:
             image:
               repository: public.ecr.aws/docker/library/eclipse-mosquitto
-              tag: 2.0.18
+              tag: 2.0.21
             resources:
               limits:
                 memory: 16Mi
               requests:
                 cpu: 5m
                 memory: 4Mi
@@ -51,13 +51,13 @@

             command:
             - /bin/sh
             - -c
             image:
               pullPolicy: IfNotPresent
               repository: public.ecr.aws/docker/library/eclipse-mosquitto
-              tag: 2.0.18
+              tag: 2.0.21
         pod:
           securityContext:
             fsGroup: 568
             fsGroupChangePolicy: OnRootMismatch
             runAsGroup: 568
             runAsUser: 568

[carpenike-bot]

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
❌ COPYPASTE	jscpd	yes		2	no	1.48s
✅ REPOSITORY	git_diff	yes		no	no	0.04s
✅ REPOSITORY	secretlint	yes		no	no	3.87s
✅ YAML	prettier	1		0	0	0.55s
✅ YAML	yamllint	1		0	0	0.55s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff