Merge branch 'main-v4.3' into fix-sub-search

2022-04-24 17:18:01 +08:00 · 2022-04-24 17:18:01 +08:00 · 9d4d918e2c
parent 29e453383a d052680793
commit 9d4d918e2c
487 changed files with 1331 additions and 1048 deletions
--- a/CHANGES-4.3.md
+++ b/CHANGES-4.3.md
@ -12,8 +12,15 @@ File format:
 ## v4.3.15
 ### Enhancements
 * Made possible for EMQX to boot from a Linux directory which has white spaces in its path.
 * Add support for JWT authorization [#7596]
  Now MQTT clients may be authorized with respect to a specific claim containing publish/subscribe topic whitelists.
 ### Bug fixes
-* List subscription topic (/api/v4/subscriptions), the result do not match with multiple conditions.
+* List subscription topic (/api/v4/subscriptions), the result do not match with multiple conditions.  
 ## v4.3.14
@ -36,6 +43,7 @@ File format:
  node. It will improves the efficiency of shared messages dispatching in certain
  scenarios, especially when the emqx-bridge-mqtt plugin is configured as shared
  subscription. [#7462]
 * Add some compression functions to rule-engine: gzip, gunzip, zip, unzip, zip_compress, zip_uncompress
 ### Bug fixes
@ -47,8 +55,9 @@ File format:
  default value of emqx_dashboard.conf after the node left cluster.
  Now we persist changed password to protect against reset. [#7518]
 * Silence grep/sed warnings in docker-entrypoint.sh. [#7520]
-* Generate `loaded_modules` and `loaded_plugins` files with default
+* Generate `loaded_modules` and `loaded_plugins` files with default values when no such files exists. [#7520]
-  values when no such files exists. [#7520]
+* Fix the configuration `server_name_indication` set to disable does not take effect.
 * Fix backup files are not deleted and downloaded correctly when the API path has ISO8859-1 escape characters.
 ## v4.3.13
--- a/2
+++ b/2
@ -1,5 +1,5 @@
 EMQX, a highly scalable, highly available distributed MQTT messaging broker for IoT.
-Copyright (c) 2017-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+Copyright (c) 2017-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 This product contains code developed at EMQ Technologies Co., Ltd.
 Visit https://www.emqx.come to learn more.
--- a/apps/emqx_auth_http/src/emqx_acl_http.erl
+++ b/apps/emqx_auth_http/src/emqx_acl_http.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_http/src/emqx_auth_http.app.src
+++ b/apps/emqx_auth_http/src/emqx_auth_http.app.src
@ -1,6 +1,6 @@
 {application, emqx_auth_http,
 [{description, "EMQ X Authentication/ACL with HTTP API"},
-  {vsn, "4.3.4"}, % strict semver, bump manually!
+  {vsn, "4.3.5"}, % strict semver, bump manually!
  {modules, []},
  {registered, [emqx_auth_http_sup]},
  {applications, [kernel,stdlib,ehttpc]},
--- a/apps/emqx_auth_http/src/emqx_auth_http.appup.src
+++ b/apps/emqx_auth_http/src/emqx_auth_http.appup.src
@ -1,6 +1,9 @@
 %% -*- mode: erlang -*-
 {VSN,
-  [{"4.3.3",
+  [{"4.3.4",
    [{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}
    ]},
   {"4.3.3",
    [{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]},
   {"4.3.2",
@ -11,7 +14,9 @@
   {<<"4.3.[0-1]">>,
    [{restart_application,emqx_auth_http}]},
   {<<".*">>,[]}],
-  [{"4.3.3",
+  [{"4.3.4",
    [{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}]},
   {"4.3.3",
    [{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]},
   {"4.3.2",
--- a/apps/emqx_auth_http/src/emqx_auth_http.erl
+++ b/apps/emqx_auth_http/src/emqx_auth_http.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_http/src/emqx_auth_http_app.erl
+++ b/apps/emqx_auth_http/src/emqx_auth_http_app.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@ -71,6 +71,7 @@ translate_env(EnvName) ->
                                     end,
                            SNI = case application:get_env(?APP, server_name_indication, undefined) of
                                    "disable" -> disable;
                                    "" -> undefined;
                                    SNI0 -> SNI0
                                  end,
                            TLSOpts = lists:filter(
--- a/apps/emqx_auth_http/src/emqx_auth_http_cli.erl
+++ b/apps/emqx_auth_http/src/emqx_auth_http_cli.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_http/src/emqx_auth_http_sup.erl
+++ b/apps/emqx_auth_http/src/emqx_auth_http_sup.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl
+++ b/apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl
@ -1,4 +1,4 @@
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_jwt/README.md
+++ b/apps/emqx_auth_jwt/README.md
@ -46,6 +46,11 @@ auth.jwt.verify_claims = off
 ##  - %u: username
 ##  - %c: clientid
 # auth.jwt.verify_claims.username = %u
 ## Name of the claim containg ACL rules
 ##
 ## Value: String
 #auth.jwt.acl_claim_name = acl
 ```
 Load the Plugin
@ -62,6 +67,33 @@ Example
 mosquitto_pub -t 'pub' -m 'hello' -i test -u test -P eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiYm9iIiwiYWdlIjoyOX0.bIV_ZQ8D5nQi0LT8AVkpM4Pd6wmlbpR9S8nOLJAsA8o
 ```
 ACL
 ---
 JWT may contain lists of topics allowed for subscribing/publishing (ACL rules):
 Payload example:
 ```json
 {
  "sub": "emqx",
  "name": "John Doe",
  "iat": 1516239022,
  "exp": 1516239122,
  "acl": {
    "sub": [
      "a/b",
      "c/+",
      "%u/%c"
    ],
    "pub": [
      "a/b",
      "c/+",
      "%u/%c"
    ]
  }
 }
 ```
 Algorithms
 ----------
--- a/apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf
+++ b/apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf
@ -47,3 +47,8 @@ auth.jwt.verify_claims = off
 ## For example, to verify that the username in the JWT payload is the same
 ## as the client (MQTT protocol) username
 #auth.jwt.verify_claims.username = %u
 ## Name of the claim containg ACL rules
 ##
 ## Value: String
 #auth.jwt.acl_claim_name = acl
--- a/apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema
+++ b/apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema
@ -47,3 +47,12 @@
              end, [], cuttlefish_variable:filter_by_prefix("auth.jwt.verify_claims", Conf))
   end
 end}.
 {mapping, "auth.jwt.acl_claim_name", "emqx_auth_jwt.acl_claim_name", [
  {default, "acl"},
  {datatype, string}
 ]}.
 {translation, "emqx_auth_jwt.acl_claim_name", fun(Conf) ->
    list_to_binary(cuttlefish:conf_get("auth.jwt.acl_claim_name", Conf))
 end}.
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src
+++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src
@ -1,6 +1,6 @@
 {application, emqx_auth_jwt,
 [{description, "EMQ X Authentication with JWT"},
-  {vsn, "4.3.2"}, % strict semver, bump manually!
+  {vsn, "4.3.3"}, % strict semver, bump manually!
  {modules, []},
  {registered, [emqx_auth_jwt_sup]},
  {applications, [kernel,stdlib,jose]},
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src
+++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src
@ -1,15 +1,13 @@
-%% -*-: erlang -*-
+%% -*- mode: erlang -*-
 %% Unless you know what you are doing, DO NOT edit manually!!
 {VSN,
- [
+  [{"4.3.2",
-    {<<"4\\.3\\.[0-1]">>, [
+    [{restart_application,emqx_auth_jwt}]},
-      {load_module, emqx_auth_jwt_svr, brutal_purge, soft_purge, []}
+   {<<"4\\.3\\.[0-1]">>,
-    ]},
+    [{restart_application,emqx_auth_jwt}]},
-    {<<".*">>, []}
+   {<<".*">>,[]}],
- ],
+  [{"4.3.2",
- [
+    [{restart_application,emqx_auth_jwt}]},
-    {<<"4\\.3\\.[0-1]">>, [
+   {<<"4\\.3\\.[0-1]">>,
-      {load_module, emqx_auth_jwt_svr, brutal_purge, soft_purge, []}
+    [{restart_application,emqx_auth_jwt}]},
-    ]},
+   {<<".*">>,[]}]}.
    {<<".*">>, []}
 ]
 }.
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl
+++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@ -22,7 +22,8 @@
 -logger_header("[JWT]").
 -export([ register_metrics/0
-        , check/3
+        , check_auth/3
        , check_acl/5
        , description/0
        ]).
@ -46,16 +47,14 @@ register_metrics() ->
 %% Authentication callbacks
 %%--------------------------------------------------------------------
-check(ClientInfo, AuthResult, #{pid := Pid,
+check_auth(ClientInfo, AuthResult, #{from := From, checklists := Checklists}) ->
                                from := From,
                                checklists := Checklists}) ->
    case maps:find(From, ClientInfo) of
        error ->
            ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
        {ok, undefined} ->
            ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
        {ok, Token} ->
-            case emqx_auth_jwt_svr:verify(Pid, Token) of
+            case emqx_auth_jwt_svr:verify(Token) of
                {error, not_found} ->
                    ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
                {error, not_token} ->
@ -68,12 +67,38 @@ check(ClientInfo, AuthResult, #{pid := Pid,
            end
    end.
 check_acl(ClientInfo = #{jwt_claims := Claims},
          PubSub,
          Topic,
          _NoMatchAction,
          #{acl_claim_name := AclClaimName}) ->
    Deadline = erlang:system_time(second),
    case Claims of
        #{AclClaimName := Acl, <<"exp">> := Exp}
            when is_integer(Exp) andalso Exp >= Deadline ->
            verify_acl(ClientInfo, Acl, PubSub, Topic);
        _ -> ignore
    end.
 description() -> "Authentication with JWT".
 %%------------------------------------------------------------------------------
 %% Verify Claims
 %%--------------------------------------------------------------------
 verify_acl(ClientInfo, #{<<"sub">> := SubTopics}, subscribe, Topic) when is_list(SubTopics) ->
    verify_acl(ClientInfo, SubTopics, Topic);
 verify_acl(ClientInfo, #{<<"pub">> := PubTopics}, publish, Topic) when is_list(PubTopics) ->
    verify_acl(ClientInfo, PubTopics, Topic);
 verify_acl(_ClientInfo, _Acl, _PubSub, _Topic) -> {stop, deny}.
 verify_acl(_ClientInfo, [], _Topic) -> {stop, deny};
 verify_acl(ClientInfo, [AclTopic | AclTopics], Topic) ->
    case match_topic(ClientInfo, AclTopic, Topic) of
        true -> {stop, allow};
        false -> verify_acl(ClientInfo, AclTopics, Topic)
    end.
 verify_claims(Checklists, Claims, ClientInfo) ->
    case do_verify_claims(feedvar(Checklists, ClientInfo), Claims) of
        {error, Reason} ->
@ -97,3 +122,9 @@ feedvar(Checklists, #{username := Username, clientid := ClientId}) ->
                 ({K, <<"%c">>}) -> {K, ClientId};
                 ({K, Expected}) -> {K, Expected}
              end, Checklists).
 match_topic(ClientInfo, AclTopic, Topic) ->
    AclTopicWords = emqx_topic:words(AclTopic),
    TopicWords = emqx_topic:words(Topic),
    AclTopicRendered = emqx_access_rule:feed_var(ClientInfo, AclTopicWords),
    emqx_topic:match(TopicWords, AclTopicRendered).
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt_app.erl
+++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt_app.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@ -31,16 +31,20 @@
 start(_Type, _Args) ->
    {ok, Sup} = supervisor:start_link({local, ?MODULE}, ?MODULE, []),
-    {ok, Pid} = start_auth_server(jwks_svr_options()),
+    {ok, _} = start_auth_server(jwks_svr_options()),
    ok = emqx_auth_jwt:register_metrics(),
    AuthEnv0 = auth_env(),
    AuthEnv1 = AuthEnv0#{pid => Pid},
-    _ = emqx:hook('client.authenticate', {emqx_auth_jwt, check, [AuthEnv1]}),
+    AuthEnv = auth_env(),
-    {ok, Sup, AuthEnv1}.
+    _ = emqx:hook('client.authenticate', {emqx_auth_jwt, check_auth, [AuthEnv]}),
-stop(AuthEnv) ->
+    AclEnv = acl_env(),
-    emqx:unhook('client.authenticate', {emqx_auth_jwt, check, [AuthEnv]}).
+    _ = emqx:hook('client.check_acl', {emqx_auth_jwt, check_acl, [AclEnv]}),
    {ok, Sup}.
 stop(_State) ->
    emqx:unhook('client.authenticate', {emqx_auth_jwt, check_auth}),
    emqx:unhook('client.check_acl', {emqx_auth_jwt, check_acl}).
 %%--------------------------------------------------------------------
 %% Dummy supervisor
@ -69,6 +73,9 @@ auth_env() ->
     , checklists => Checklists
     }.
 acl_env() ->
    #{acl_claim_name => env(acl_claim_name, <<"acl">>)}.
 jwks_svr_options() ->
    [{K, V} || {K, V}
             <- [{secret, env(secret, undefined)},
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl
+++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@
 %% APIs
 -export([start_link/1]).
-export([verify/2]).
+-export([verify/1]).
 %% gen_server callbacks
 -export([ init/1
@ -44,8 +44,9 @@
                | {interval, pos_integer()}.
 -define(INTERVAL, 300000).
 -define(TAB, ?MODULE).
-record(state, {static, remote, addr, tref, intv}).
+-record(state, {addr, tref, intv}).
 %%--------------------------------------------------------------------
 %% APIs
@ -55,13 +56,13 @@
 start_link(Options) ->
    gen_server:start_link(?MODULE, [Options], []).
-spec verify(pid(), binary())
+-spec verify(binary())
    -> {error, term()}
     | {ok, Payload :: map()}.
-verify(S, JwsCompacted) when is_binary(JwsCompacted) ->
+verify(JwsCompacted) when is_binary(JwsCompacted) ->
    case catch jose_jws:peek(JwsCompacted) of
        {'EXIT', _} -> {error, not_token};
-        _ -> gen_server:call(S, {verify, JwsCompacted})
+        _ -> do_verify(JwsCompacted)
    end.
 %%--------------------------------------------------------------------
@ -70,12 +71,12 @@ verify(S, JwsCompacted) when is_binary(JwsCompacted) ->
 init([Options]) ->
    ok = jose:json_module(jiffy),
    _ = ets:new(?TAB, [set, protected, named_table]),
    {Static, Remote} = do_init_jwks(Options),
    true = ets:insert(?TAB, [{static, Static}, {remote, Remote}]),
    Intv = proplists:get_value(interval, Options, ?INTERVAL),
    {ok, reset_timer(
           #state{
              static = Static,
              remote = Remote,
              addr = proplists:get_value(jwks_addr, Options),
              intv = Intv})}.
@ -105,9 +106,6 @@ do_init_jwks(Options) ->
    Remote = K2J(jwks_addr, fun request_jwks/1),
    {[J ||J <- [OctJwk, PemJwk], J /= undefined], Remote}.
 handle_call({verify, JwsCompacted}, _From, State) ->
    handle_verify(JwsCompacted, State);
 handle_call(_Req, _From, State) ->
    {reply, ok, State}.
@ -116,7 +114,7 @@ handle_cast(_Msg, State) ->
 handle_info({timeout, _TRef, refresh}, State = #state{addr = Addr}) ->
    NState = try
-                 State#state{remote = request_jwks(Addr)}
+                 true = ets:insert(?TAB, {remote, request_jwks(Addr)})
             catch _:_ ->
                 State
             end,
@ -136,24 +134,10 @@ code_change(_OldVsn, State, _Extra) ->
 %% Internal funcs
 %%--------------------------------------------------------------------
-handle_verify(JwsCompacted,
+keys(Type) ->
-              State = #state{static = Static, remote = Remote}) ->
+    case ets:lookup(?TAB, Type) of
-    try
+        [{_, Keys}] -> Keys;
-        Jwks = case emqx_json:decode(jose_jws:peek_protected(JwsCompacted), [return_maps]) of
+        [] -> []
                   #{<<"kid">> := Kid} when Remote /= undefined ->
                       [J || J <- Remote, maps:get(<<"kid">>, J#jose_jwk.fields, undefined) =:= Kid];
                   _ -> Static
               end,
        case Jwks of
            [] -> {reply, {error, not_found}, State};
            _ ->
                {reply, do_verify(JwsCompacted, Jwks), State}
        end
    catch
        Class : Reason : Stk ->
            ?LOG(error, "Handle JWK crashed: ~p, ~p, stacktrace: ~p~n",
                        [Class, Reason, Stk]),
            {reply, {error, invalid_signature}, State}
    end.
 request_jwks(Addr) ->
@ -181,6 +165,26 @@ cancel_timer(State = #state{tref = TRef}) ->
    _ = erlang:cancel_timer(TRef),
    State#state{tref = undefined}.
 do_verify(JwsCompacted) ->
    try
        Remote = keys(remote),
        Jwks = case emqx_json:decode(jose_jws:peek_protected(JwsCompacted), [return_maps]) of
                   #{<<"kid">> := Kid} when Remote /= undefined ->
                       [J || J <- Remote, maps:get(<<"kid">>, J#jose_jwk.fields, undefined) =:= Kid];
                   _ -> keys(static)
               end,
        case Jwks of
            [] -> {error, not_found};
            _ ->
                do_verify(JwsCompacted, Jwks)
        end
    catch
        Class : Reason : Stk ->
            ?LOG(error, "verify JWK crashed: ~p, ~p, stacktrace: ~p~n",
                        [Class, Reason, Stk]),
            {error, invalid_signature}
    end.
 do_verify(_JwsCompated, []) ->
    {error, invalid_signature};
 do_verify(JwsCompacted, [Jwk|More]) ->
@ -214,11 +218,12 @@ check_claims(Claims) ->
 do_check_claim([], Claims) ->
    Claims;
 do_check_claim([{K, F}|More], Claims) ->
-    case maps:take(K, Claims) of
+    case Claims of
-        error -> do_check_claim(More, Claims);
+        #{K := V} ->
        {V, NClaims} ->
            case F(V) of
-                true -> do_check_claim(More, NClaims);
+                true -> do_check_claim(More, Claims);
                _ -> {false, K}
-            end
+            end;
        _ ->
            do_check_claim(More, Claims)
    end.
--- a/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl
+++ b/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@ -19,29 +19,18 @@
 -compile(export_all).
 -compile(nowarn_export_all).
-include_lib("emqx/include/emqx.hrl").
+-include_lib("emqx/include/emqx_mqtt.hrl").
 -include_lib("eunit/include/eunit.hrl").
 -include_lib("common_test/include/ct.hrl").
-define(APP, emqx_auth_jwt).
+all() -> emqx_ct:all(?MODULE).
-all() ->
+init_per_testcase(TestCase, Config) ->
-    [{group, emqx_auth_jwt}].
+    ?MODULE:TestCase(init, Config),
 groups() ->
    [{emqx_auth_jwt, [sequence], [ t_check_auth
                                 , t_check_claims
                                 , t_check_claims_clientid
                                 , t_check_claims_username
                                 , t_check_claims_kid_in_header
                                 ]}
    ].
 init_per_suite(Config) ->
    emqx_ct_helpers:start_apps([emqx_auth_jwt], fun set_special_configs/1),
    Config.
-end_per_suite(_Config) ->
+end_per_testcase(_Case, _Config) ->
    emqx_ct_helpers:stop_apps([emqx_auth_jwt]).
 set_special_configs(emqx) ->
@ -78,7 +67,9 @@ sign(Payload, Alg, Key) ->
 %% Testcases
 %%------------------------------------------------------------------------------
-t_check_auth(_) ->
+t_check_auth(init, _Config) ->
    application:unset_env(emqx_auth_jwt, verify_claims).
 t_check_auth(_Config) ->
    Plain = #{clientid => <<"client1">>, username => <<"plain">>, zone => external},
    Jwt = sign([{clientid, <<"client1">>},
                {username, <<"plain">>},
@ -102,10 +93,9 @@ t_check_auth(_) ->
    ?assertEqual({error, invalid_signature}, Result2),
    ?assertMatch({error, _}, emqx_access_control:authenticate(Plain#{password => <<"asd">>})).
-t_check_claims(_) ->
+t_check_claims(init, _Config) ->
-    application:set_env(emqx_auth_jwt, verify_claims, [{sub, <<"value">>}]),
+    application:set_env(emqx_auth_jwt, verify_claims, [{sub, <<"value">>}]).
-    application:stop(emqx_auth_jwt), application:start(emqx_auth_jwt),
+t_check_claims(_Config) ->
    Plain = #{clientid => <<"client1">>, username => <<"plain">>, zone => external},
    Jwt = sign([{client_id, <<"client1">>},
                {username, <<"plain">>},
@ -120,9 +110,9 @@ t_check_claims(_) ->
    ct:pal("Auth result for the invalid jwt: ~p~n", [Result2]),
    ?assertEqual({error, invalid_signature}, Result2).
-t_check_claims_clientid(_) ->
+t_check_claims_clientid(init, _Config) ->
-    application:set_env(emqx_auth_jwt, verify_claims, [{clientid, <<"%c">>}]),
+    application:set_env(emqx_auth_jwt, verify_claims, [{clientid, <<"%c">>}]).
-    application:stop(emqx_auth_jwt), application:start(emqx_auth_jwt),
+t_check_claims_clientid(_Config) ->
    Plain = #{clientid => <<"client23">>, username => <<"plain">>, zone => external},
    Jwt = sign([{clientid, <<"client23">>},
                {username, <<"plain">>},
@ -136,10 +126,9 @@ t_check_claims_clientid(_) ->
    ct:pal("Auth result for the invalid jwt: ~p~n", [Result2]),
    ?assertEqual({error, invalid_signature}, Result2).
-t_check_claims_username(_) ->
+t_check_claims_username(init, _Config) ->
-    application:set_env(emqx_auth_jwt, verify_claims, [{username, <<"%u">>}]),
+    application:set_env(emqx_auth_jwt, verify_claims, [{username, <<"%u">>}]).
-    application:stop(emqx_auth_jwt), application:start(emqx_auth_jwt),
+t_check_claims_username(_Config) ->
    Plain = #{clientid => <<"client23">>, username => <<"plain">>, zone => external},
    Jwt = sign([{client_id, <<"client23">>},
                {username, <<"plain">>},
@ -153,8 +142,9 @@ t_check_claims_username(_) ->
    ct:pal("Auth result for the invalid jwt: ~p~n", [Result3]),
    ?assertEqual({error, invalid_signature}, Result3).
-t_check_claims_kid_in_header(_) ->
+t_check_claims_kid_in_header(init, _Config) ->
-    application:set_env(emqx_auth_jwt, verify_claims, []),
+    application:set_env(emqx_auth_jwt, verify_claims, []).
 t_check_claims_kid_in_header(_Config) ->
    Plain = #{clientid => <<"client23">>, username => <<"plain">>, zone => external},
    Jwt = sign([{clientid, <<"client23">>},
                {username, <<"plain">>},
@ -164,3 +154,125 @@ t_check_claims_kid_in_header(_) ->
    Result0 = emqx_access_control:authenticate(Plain#{password => Jwt}),
    ct:pal("Auth result: ~p~n", [Result0]),
    ?assertMatch({ok, #{auth_result := success, jwt_claims := _}}, Result0).
 t_check_jwt_acl(init, _Config) ->
    application:set_env(emqx_auth_jwt, verify_claims, [{sub, <<"value">>}]).
 t_check_jwt_acl(_Config) ->
    Jwt = sign([{client_id, <<"client1">>},
                {username, <<"plain">>},
                {sub, value},
                {acl, [{sub, [<<"a/b">>]},
                       {pub, [<<"c/d">>]}]},
                {exp, os:system_time(seconds) + 10}],
               <<"HS256">>,
               <<"emqxsecret">>),
    {ok, C} = emqtt:start_link(
                [{clean_start, true},
                 {proto_ver, v5},
                 {client_id, <<"client1">>},
                 {password, Jwt}]),
    {ok, _} = emqtt:connect(C),
    ?assertMatch(
       {ok, #{}, [0]},
       emqtt:subscribe(C, <<"a/b">>, 0)),
    ?assertMatch(
       ok,
       emqtt:publish(C, <<"c/d">>, <<"hi">>, 0)),
    ?assertMatch(
       {ok, #{}, [?RC_NOT_AUTHORIZED]},
       emqtt:subscribe(C, <<"c/d">>, 0)),
    ok = emqtt:publish(C, <<"a/b">>, <<"hi">>, 0),
    receive
        {publish, #{topic := <<"a/b">>}} ->
            ?assert(false, "Publish to `a/b` should not be allowed")
    after 100 -> ok
    end,
    ok = emqtt:disconnect(C).
 t_check_jwt_acl_no_recs(init, _Config) ->
    application:set_env(emqx_auth_jwt, verify_claims, [{sub, <<"value">>}]).
 t_check_jwt_acl_no_recs(_Config) ->
    Jwt = sign([{client_id, <<"client1">>},
                {username, <<"plain">>},
                {sub, value},
                {acl, []},
                {exp, os:system_time(seconds) + 10}],
               <<"HS256">>,
               <<"emqxsecret">>),
    {ok, C} = emqtt:start_link(
                [{clean_start, true},
                 {proto_ver, v5},
                 {client_id, <<"client1">>},
                 {password, Jwt}]),
    {ok, _} = emqtt:connect(C),
    ?assertMatch(
       {ok, #{}, [?RC_NOT_AUTHORIZED]},
       emqtt:subscribe(C, <<"a/b">>, 0)),
    ok = emqtt:disconnect(C).
 t_check_jwt_acl_no_acl_claim(init, _Config) ->
    application:set_env(emqx_auth_jwt, verify_claims, [{sub, <<"value">>}]).
 t_check_jwt_acl_no_acl_claim(_Config) ->
    Jwt = sign([{client_id, <<"client1">>},
                {username, <<"plain">>},
                {sub, value},
                {exp, os:system_time(seconds) + 10}],
               <<"HS256">>,
               <<"emqxsecret">>),
    {ok, C} = emqtt:start_link(
                [{clean_start, true},
                 {proto_ver, v5},
                 {client_id, <<"client1">>},
                 {password, Jwt}]),
    {ok, _} = emqtt:connect(C),
    ?assertMatch(
       {ok, #{}, [?RC_NOT_AUTHORIZED]},
       emqtt:subscribe(C, <<"a/b">>, 0)),
    ok = emqtt:disconnect(C).
 t_check_jwt_acl_expire(init, _Config) ->
    application:set_env(emqx_auth_jwt, verify_claims, [{sub, <<"value">>}]).
 t_check_jwt_acl_expire(_Config) ->
    Jwt = sign([{client_id, <<"client1">>},
                {username, <<"plain">>},
                {sub, value},
                {acl, [{sub, [<<"a/b">>]}]},
                {exp, os:system_time(seconds) + 1}],
               <<"HS256">>,
               <<"emqxsecret">>),
    {ok, C} = emqtt:start_link(
                [{clean_start, true},
                 {proto_ver, v5},
                 {client_id, <<"client1">>},
                 {password, Jwt}]),
    {ok, _} = emqtt:connect(C),
    ?assertMatch(
       {ok, #{}, [0]},
       emqtt:subscribe(C, <<"a/b">>, 0)),
    ?assertMatch(
       {ok, #{}, [0]},
       emqtt:unsubscribe(C, <<"a/b">>)),
    timer:sleep(2000),
    ?assertMatch(
       {ok, #{}, [?RC_NOT_AUTHORIZED]},
       emqtt:subscribe(C, <<"a/b">>, 0)),
    ok = emqtt:disconnect(C).
--- a/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema
+++ b/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema
@ -73,6 +73,7 @@
                 {verify, cuttlefish:conf_get("auth.ldap.ssl.verify", Conf, undefined)},
                 {server_name_indication, case cuttlefish:conf_get("auth.ldap.ssl.server_name_indication", Conf, undefined) of
                                            "disable" -> disable;
                                            "" -> undefined;
                                            SNI -> SNI
                                          end}]
              end,
--- a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
+++ b/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
@ -1,6 +1,6 @@
 {application, emqx_auth_ldap,
 [{description, "EMQ X Authentication/ACL with LDAP"},
-  {vsn, "4.3.3"}, % strict semver, bump manually!
+  {vsn, "4.3.4"}, % strict semver, bump manually!
  {modules, []},
  {registered, [emqx_auth_ldap_sup]},
  {applications, [kernel,stdlib,eldap2,ecpool]},
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
@ -1,6 +1,10 @@
 %% -*-: erlang -*-
 {VSN,
- [ {"4.3.0",
+ [ {"4.3.3", [
      %% There are only changes to the schema file, so we don't need
      %% any commands here.
   ]},
   {"4.3.0",
    [ {load_module, emqx_acl_ldap, brutal_purge, soft_purge, []}
    , {load_module, emqx_auth_ldap_cli, brutal_purge, soft_purge, []}
    , {load_module, emqx_auth_ldap_app, brutal_purge, soft_purge, []}
@ -16,7 +20,7 @@
    ]},
   {<<".*">>, []}
 ],
- [
+ [ {"4.3.3", []},
   {"4.3.0",
    [ {load_module, emqx_acl_ldap, brutal_purge, soft_purge, []}
    , {load_module, emqx_auth_ldap_cli, brutal_purge, soft_purge, []}
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap_cli.erl
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap_cli.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap_sup.erl
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap_sup.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_ldap/test/emqx_auth_ldap_SUITE.erl
+++ b/apps/emqx_auth_ldap/test/emqx_auth_ldap_SUITE.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_ldap/test/emqx_auth_ldap_bind_as_user_SUITE.erl
+++ b/apps/emqx_auth_ldap/test/emqx_auth_ldap_bind_as_user_SUITE.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_api.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_api.erl
@ -1,5 +1,5 @@
 %c%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_db.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_db.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_migrator.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_migrator.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_api.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_api.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_sup.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_sup.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl
+++ b/apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mnesia/test/emqx_auth_mnesia_SUITE.erl
+++ b/apps/emqx_auth_mnesia/test/emqx_auth_mnesia_SUITE.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema
+++ b/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema
@ -141,6 +141,7 @@
                Filter([{verify, Verify},
                        {server_name_indication, case cuttlefish:conf_get(Prefix ++ ".server_name_indication", Conf, undefined) of
                                                   "disable" -> disable;
                                                   "" -> undefined;
                                                   SNI -> SNI
                                                 end},
                        {keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
--- a/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl
+++ b/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl
+++ b/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl
+++ b/apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo_sup.erl
+++ b/apps/emqx_auth_mongo/src/emqx_auth_mongo_sup.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl
+++ b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema
+++ b/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema
@ -109,6 +109,7 @@
                         end,
                SNI = case cuttlefish:conf_get("auth.mysql.ssl.server_name_indication", Conf, undefined) of
                        "disable" -> disable;
                        "" -> undefined;
                        SNI0 -> SNI0
                      end,
                Options ++ [{ssl, Filter([{server_name_indication, SNI},
--- a/apps/emqx_auth_mysql/src/emqx_acl_mysql.erl
+++ b/apps/emqx_auth_mysql/src/emqx_acl_mysql.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src
+++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src
@ -1,6 +1,6 @@
 {application, emqx_auth_mysql,
 [{description, "EMQ X Authentication/ACL with MySQL"},
-  {vsn, "4.3.1"}, % strict semver, bump manually!
+  {vsn, "4.3.2"}, % strict semver, bump manually!
  {modules, []},
  {registered, [emqx_auth_mysql_sup]},
  {applications, [kernel,stdlib,mysql,ecpool]},
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src
+++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src
@ -1,10 +1,15 @@
 %% -*- mode: erlang -*-
 {VSN,
-  [{"4.3.0",
+  [{"4.3.1", [
      %% There are only changes to the schema file, so we don't need
      %% any commands here.
   ]},
   {"4.3.0",
    [{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]},
   {<<".*">>,[]}],
-  [{"4.3.0",
+  [{"4.3.1", []},
   {"4.3.0",
    [{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]},
   {<<".*">>,[]}]
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl
+++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl
+++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql_cli.erl
+++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql_cli.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql_sup.erl
+++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql_sup.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE.erl
+++ b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
+++ b/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
@ -109,6 +109,7 @@
                        {verify,     Verify},
                        {server_name_indication, case cuttlefish:conf_get(Prefix ++ ".server_name_indication", Conf, undefined) of
                                                   "disable" -> disable;
                                                   "" -> undefined;
                                                   SNI -> SNI
                                                 end},
                        {versions, [list_to_existing_atom(Value)
--- a/apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl
+++ b/apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src
+++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src
@ -1,6 +1,6 @@
 {application, emqx_auth_pgsql,
 [{description, "EMQ X Authentication/ACL with PostgreSQL"},
-  {vsn, "4.3.1"}, % strict semver, bump manually!
+  {vsn, "4.3.2"}, % strict semver, bump manually!
  {modules, []},
  {registered, [emqx_auth_pgsql_sup]},
  {applications, [kernel,stdlib,epgsql,ecpool]},
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src
+++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src
@ -1,10 +1,15 @@
 %% -*- mode: erlang -*-
 {VSN,
-  [{"4.3.0",
+  [{"4.3.1", [
      %% There are only changes to the schema file, so we don't need
      %% any commands here.
  ]},
  {"4.3.0",
    [{load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]}]},
   {<<".*">>,[]}],
-  [{"4.3.0",
+  [{"4.3.1", []},
   {"4.3.0",
    [{load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]}]},
   {<<".*">>,[]}]
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl
+++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl
+++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_cli.erl
+++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_cli.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_sup.erl
+++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_sup.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE.erl
+++ b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_redis/priv/emqx_auth_redis.schema
+++ b/apps/emqx_auth_redis/priv/emqx_auth_redis.schema
@ -98,6 +98,7 @@
                     end,
           SNI = case cuttlefish:conf_get("auth.redis.ssl.server_name_indication", Conf, undefined) of
                   "disable" -> disable;
                   "" -> undefined;
                   SNI0 -> SNI0
                 end,
           [{options, [{ssl_options,
--- a/apps/emqx_auth_redis/src/emqx_acl_redis.erl
+++ b/apps/emqx_auth_redis/src/emqx_acl_redis.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_redis/src/emqx_auth_redis.app.src
+++ b/apps/emqx_auth_redis/src/emqx_auth_redis.app.src
@ -1,6 +1,6 @@
 {application, emqx_auth_redis,
 [{description, "EMQ X Authentication/ACL with Redis"},
-  {vsn, "4.3.1"}, % strict semver, bump manually!
+  {vsn, "4.3.2"}, % strict semver, bump manually!
  {modules, []},
  {registered, [emqx_auth_redis_sup]},
  {applications, [kernel,stdlib,eredis,eredis_cluster,ecpool]},
--- a/apps/emqx_auth_redis/src/emqx_auth_redis.appup.src
+++ b/apps/emqx_auth_redis/src/emqx_auth_redis.appup.src
@ -1,10 +1,15 @@
 %% -*- mode: erlang -*-
 {VSN,
-  [{"4.3.0",
+  [{"4.3.1", [
      %% There are only changes to the schema file, so we don't need
      %% any commands here.
   ]},
   {"4.3.0",
    [{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
   {<<".*">>,[]}],
-  [{"4.3.0",
+  [{"4.3.1", []},
   {"4.3.0",
    [{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
   {<<".*">>,[]}]
--- a/apps/emqx_auth_redis/src/emqx_auth_redis.erl
+++ b/apps/emqx_auth_redis/src/emqx_auth_redis.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_redis/src/emqx_auth_redis_app.erl
+++ b/apps/emqx_auth_redis/src/emqx_auth_redis_app.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_redis/src/emqx_auth_redis_cli.erl
+++ b/apps/emqx_auth_redis/src/emqx_auth_redis_cli.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_redis/src/emqx_auth_redis_sup.erl
+++ b/apps/emqx_auth_redis/src/emqx_auth_redis_sup.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE.erl
+++ b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/include/emqx_bridge_mqtt.hrl
+++ b/apps/emqx_bridge_mqtt/include/emqx_bridge_mqtt.hrl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema
+++ b/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema
@ -183,8 +183,12 @@
                    [{verify, verify_peer}];
               (verify, false) ->
                    [{verify, verify_none}];
-               (server_name_indication, "disabled") ->
+               (server_name_indication, "disable") ->
-                    [{server_name_indication, disabled}];
+                    [{server_name_indication, disable}];
               (server_name_indication, undefined) ->
                    [];
               (server_name_indication, "") ->
                    [];
               (server_name_indication, Hostname) ->
                    [{server_name_indication, Hostname}];
               (Opt, Val) ->
@ -210,8 +214,19 @@
            end,
    Subscriptions = fun(Name) ->
                        Configs = cuttlefish_variable:filter_by_prefix("bridge.mqtt." ++ Name ++ ".subscription", Conf),
-                        lists:zip([Topic || {_, Topic} <- lists:sort([{I, Topic} || {[_, _, _, "subscription", I, "topic"], Topic} <- Configs])],
+                        Configs = cuttlefish_variable:filter_by_prefix("bridge.mqtt." ++ Name ++ ".subscription", Conf),
-                                  [QoS || {_, QoS} <- lists:sort([{I, QoS} || {[_, _, _, "subscription", I, "qos"], QoS} <- Configs])])
+                        SubConfId = lists:usort([{T, I} || {[_, _, _, "subscription", I, "topic"], T} <- Configs]),
                        FindQoS = fun({T, I}) ->
                          QoSFilter = fun
                            ({[_, _, _, "subscription", Index, "qos"], QoS}) -> I == Index andalso {true, QoS};
                            (_Topic) -> false
                          end,
                          case lists:filtermap(QoSFilter, Configs) of
                            [] -> {T, 0};
                            QoSList -> {T, hd(QoSList)}
                          end
                        end,
                        [FindQoS(TopicAndIndex) || TopicAndIndex <- SubConfId]
                    end,
    IsNodeAddr = fun(Addr) ->
                      case string:tokens(Addr, "@") of
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_connect.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_connect.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src
@ -1,39 +1,29 @@
-%% -*-: erlang -*-
+%% -*- mode: erlang -*-
 %% Unless you know what you are doing, DO NOT edit manually!!
 {VSN,
-  [
+  [{"4.3.4",
-    {"4.3.4", [
+    [{load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}]},
-      %% There are only changes to the schema file, so we don't need
+   {"4.3.3",
-      %% any commands here.
+    [{load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]},
-    ]},
+     {load_module,emqx_bridge_mqtt,brutal_purge,soft_purge,[]}]},
-    {"4.3.3", [
+   {<<"4\\.3\\.[1-2]">>,
-      {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []}
+    [{load_module,emqx_bridge_mqtt,brutal_purge,soft_purge,[]},
-    ]},
+     {load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}]},
-    {<<"4\\.3\\.[1-2]">>, [
+   {"4.3.0",
-      {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []},
+    [{load_module,emqx_bridge_mqtt,brutal_purge,soft_purge,[]},
-      {load_module, emqx_bridge_mqtt_actions, brutal_purge, soft_purge, []}
+     {load_module,emqx_bridge_worker,brutal_purge,soft_purge,[]},
-    ]},
+     {load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}]},
-    {"4.3.0", [
+   {<<".*">>,[]}],
-      {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []},
+  [{"4.3.4",
-      {load_module, emqx_bridge_worker, brutal_purge, soft_purge, []},
+    [{load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}]},
-      {load_module, emqx_bridge_mqtt_actions, brutal_purge, soft_purge, []}
+   {"4.3.3",
-    ]},
+    [{load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]},
-    {<<".*">>, []}
+     {load_module,emqx_bridge_mqtt,brutal_purge,soft_purge,[]}]},
-  ],
+   {<<"4\\.3\\.[1-2]">>,
-  [
+    [{load_module,emqx_bridge_mqtt,brutal_purge,soft_purge,[]},
-    {"4.3.4", [
+     {load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}]},
-    ]},
+   {"4.3.0",
-    {"4.3.3", [
+    [{load_module,emqx_bridge_mqtt,brutal_purge,soft_purge,[]},
-      {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []}
+     {load_module,emqx_bridge_worker,brutal_purge,soft_purge,[]},
-    ]},
+     {load_module,emqx_bridge_mqtt_actions,brutal_purge,soft_purge,[]}]},
-    {<<"4\\.3\\.[1-2]">>, [
+   {<<".*">>,[]}]}.
      {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []},
      {load_module, emqx_bridge_mqtt_actions, brutal_purge, soft_purge, []}
    ]},
    {"4.3.0", [
      {load_module, emqx_bridge_mqtt, brutal_purge, soft_purge, []},
      {load_module, emqx_bridge_worker, brutal_purge, soft_purge, []},
      {load_module, emqx_bridge_mqtt_actions, brutal_purge, soft_purge, []}
    ]},
    {<<".*">>, []}
  ]
 }.
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_actions.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_actions.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@ -240,6 +240,23 @@
                       zh => <<"SSL 加密算法"/utf8>>},
            description => #{en => <<"SSL Ciphers">>,
                             zh => <<"SSL 加密算法"/utf8>>}
        },
        verify => #{
            order => 19,
            type => boolean,
            default => false,
            title => #{en => <<"Verify Server Certfile">>,
                       zh => <<"校验服务器证书"/utf8>>},
            description => #{en => <<"Whether to verify the server certificate. By default, the client will not verify the server's certificate. If verification is required, please set it to true.">>,
                             zh => <<"是否校验服务器证书。 默认客户端不会去校验服务器的证书，如果需要校验，请设置成true。"/utf8>>}
        },
        server_name_indication => #{
            order => 20,
            type => string,
            title => #{en => <<"Server Name Indication">>,
                    zh => <<"服务器名称指示"/utf8>>},
            description => #{en => <<"Specify the hostname used for peer certificate verification, or set to disable to turn off this verification.">>,
                            zh => <<"指定用于对端证书验证时使用的主机名，或者设置为 disable 以关闭此项验证。"/utf8>>}
        }
    }).
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_app.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_app.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_cli.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_cli.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_sup.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_sup.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_msg.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_msg.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_rpc.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_rpc.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_worker.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_worker.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_tests.erl
+++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_tests.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/test/emqx_bridge_rpc_tests.erl
+++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_rpc_tests.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/test/emqx_bridge_stub_conn.erl
+++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_stub_conn.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2021-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/test/emqx_bridge_worker_SUITE.erl
+++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_worker_SUITE.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_bridge_mqtt/test/emqx_bridge_worker_tests.erl
+++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_worker_tests.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_coap/include/emqx_coap.hrl
+++ b/apps/emqx_coap/include/emqx_coap.hrl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_coap/src/emqx_coap_app.erl
+++ b/apps/emqx_coap/src/emqx_coap_app.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
+++ b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_coap/src/emqx_coap_pubsub_resource.erl
+++ b/apps/emqx_coap/src/emqx_coap_pubsub_resource.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_coap/src/emqx_coap_pubsub_topics.erl
+++ b/apps/emqx_coap/src/emqx_coap_pubsub_topics.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_coap/src/emqx_coap_registry.erl
+++ b/apps/emqx_coap/src/emqx_coap_registry.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_coap/src/emqx_coap_resource.erl
+++ b/apps/emqx_coap/src/emqx_coap_resource.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_coap/src/emqx_coap_server.erl
+++ b/apps/emqx_coap/src/emqx_coap_server.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_coap/src/emqx_coap_sup.erl
+++ b/apps/emqx_coap/src/emqx_coap_sup.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/apps/emqx_coap/src/emqx_coap_timer.erl
+++ b/apps/emqx_coap/src/emqx_coap_timer.erl
@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
--- a/Show More
+++ b/Show More