[ https://issues.apache.org/jira/browse/AMQ-5160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14000820#comment-14000820 ]
Surf commented on AMQ-5160: --------------------------- [~dhirajsb] Sorry for late reply. I will definitely test and get back to you today. PR 22 looks more robust. > Wildcard subscriptions bypass Authentication / Authorization > ------------------------------------------------------------ > > Key: AMQ-5160 > URL: https://issues.apache.org/jira/browse/AMQ-5160 > Project: ActiveMQ > Issue Type: Bug > Components: MQTT > Affects Versions: 5.9.1 > Reporter: Surf > Priority: Critical > Labels: authentication, authorization, mqtt, security > Fix For: 5.10.0 > > Attachments: activemq.xml, groups.properties, login.config, > patch.txt, users.properties > > > I am using MQTT on AMQ 5.9.1 > After latest MQTT hardening from [~dhirajsb] , there is an issue of MQTT > retained messages. > Simple case: > Set Authentication / Authorization for two different TOPICS. > Send retained message to one topic. > Try to subscribe "#" with other second user. > It will show retained messages published by TOPIC 1. > here i have attached test configurations. -- This message was sent by Atlassian JIRA (v6.2#6252)