Community Add-on: MQTT Server & Web client

Tags: #<Tag:0x00007f1b96b32b90> #<Tag:0x00007f1b96b329d8>


I have this add on set up and running as the broker, because I prefer the ACL you’ve included here, however I’m struggling to figure out how to get Discovery turned on… is this a supported setting for the MQTT broker this plugin runs? Or am I going to have to fall back to the “standard” hassio MQTT to have the ability to discover components?


Discovery is done in the component, not in the broker.
Both should behave exactly the same way


Okay, I think I misunderstood how to configure MQTT, I had removed the mqtt entry from the configuration.yaml entirely, but I believe what I needed to do was point it at the new broker.


:warning::ambulance::lock: Release v0.3.0

This version contains an important security fix, and it is strongly recommend for ALL installations to be upgraded to this version immediately .

Bypass of Authentication

The authentication against Home Assistant can be bypassed by an anonymous and unauthorized user. The issue has been mitigated in the latest release.

To be clear on the subject: This is an add-on issue and not an issue with the Home Assistant authentication itself.

Exact details of the vulnerability are not disclosed in order to give our users the time to upgrade.

Thanks to Lars Larsson for responsibly reporting this vulnerability.

Versions Affected

Affects all releases that support authentication against Home Assistant, add-on versions v0.2.0 and higher.


  • :ambulance: :lock: Fixes authentication bypass vulnerability
  • :ambulance: Set correct acl for readonly
  • :arrow_up:Upgrade Nginx to 1.14.2
  • :arrow_up:Upgrade Nginx-mod-http-lua to 1.14.2

Full changelog


Hi, after the upgrade switch are connected at mqtt server, but i can’t control them.

before everything going fine, it’s possible to downgrade?



Unless you have a snapshot of it, or build it locally, no.
But it sounds like you have readonly: true for the user


Yess… Thanks man!!

But before the setting are the same but it works… strange!


That was a bug that was corrected in this version :slight_smile:


ah ok. Great!


The update isn’t showing for me. I have forced a full refresh of the browser and I have reloaded Supervisor, but it is still showing version 0.2.2 with no update available.


Anything in the supervisor log about it?


no but all my added repositories are gone!! noticed in the log that only 2 repos were updating themselves so popped into the add-on store and I only have 2 repositories listed so I’m betting that’s the problem. Re-adding them now

update: yep!! that did it. upgrading now.

Any idea what could have cause all the repos to disappear?


Nope, I have never seen that :frowning:


apparently it happened sometime around when I added HunterJim’s addon repo for XBoxOne. That was still there but the rest of my repos were gone.


Hi all,
I would like to connect to this broken from a nodemcu (wemos) client using ssl connection.
How do I manage that ?


Hello, I have just update at 1.31 l do not change everything in the setup, but every sonoff tasmota connect and disconnect from the mqtt server and nothing works… before every going well!!
If someone help me I would say thanks :wink:

The log say for every device

1546425166: New connection from on port 1883.
1546425166: Socket error on client unknown, disconnecting.


This one contained a fix for passwords, make sure your password are correct.


The password maybe correct, I try also make anonymous true, but nothing changes.


If you are using

Remove all mqtt_users, if you do not do that, it will have little to no effect.


I put another time the same password in the sonoff and it runs.
Thank you very much!!