According to MVN Repository, the most recent version of the client library (1.3.3) was last updated in October 2023. It has three known security vulnerabilities. Is there any plan to address these vulnerabilities and, if so, is there any sense of when that might occur?
Hi Aaron,
Thank you for reaching out and bringing up your concerns regarding the security vulnerabilities in https://mvnrepository.com/artifact/com.hivemq/hivemq-mqtt-client/1.3.3
We want to assure you that we are actively working on addressing the identified CVEs, and a future release will include the necessary fixes. Unfortunately, we are unable to provide a specific release date at this time.
In the interim, if you need to mitigate these issues, we recommend building the library from the master branch, which contains the latest updates and fixes. You can find the master branch here:
We appreciate your understanding and patience as we work to resolve this.
Best regards,
Dasha from The HiveMQ Team 
Hello,
New MQTT client has been already released which fixes these CVEs.
https://github.com/hivemq/hivemq-mqtt-client/releases/tag/v1.3.4
Also available on https://central.sonatype.com/artifact/com.hivemq/hivemq-mqtt-client/versions
Cheers