The recent code that timeouts out new connections that have not negotiated the protocol within (a default) 2 seconds still leaves a gap where badly behaved applications can tie up the broker.
The timeout should really be till either heartbeats are activated in which case they will take over the role of timing out idle connections. Or until the connection is authenticated in which case the policy on admitting users should take care of limiting the connections.
|Field||Original Value||New Value|
|Affects Version/s||0.17 [ 12320179 ]|
|Component/s||C++ Broker [ 12311395 ]|
|Status||Open [ 1 ]||Resolved [ 5 ]|
|Fix Version/s||0.23 [ 12324273 ]|
|Resolution||Fixed [ 1 ]|
|Status||Resolved [ 5 ]||Closed [ 6 ]|