Difference between revisions of "Release Planning for Samba 4.14"

From SambaWiki
(change mode (security only))
(Change mode to end of life)
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
Samba 4.14 is the [[Samba_Release_Planning#Security_Fixes_Only_Mode|'''Security Fixes Only Mode''']].
+
Samba 4.14 has been marked [[Samba_Release_Planning#Discontinued_.28End_of_Life.29|'''discontinued''']].
 
 
==[[Blocker bugs|Release blocking bugs]]==
 
==[[Blocker bugs|Release blocking bugs]]==
 
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&query_format=advanced&target_milestone=4.14 All 4.14 regression bugs]
 
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&query_format=advanced&target_milestone=4.14 All 4.14 regression bugs]
 
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&query_format=advanced&target_milestone=4.14 Unresolved 4.14 regression bugs]
 
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&query_format=advanced&target_milestone=4.14 Unresolved 4.14 regression bugs]
  +
  +
  +
== Samba 4.14.14 ==
  +
  +
<small>('''Updated 27-July-2022''')</small>
  +
  +
* Wednesday, July 27 2022 - [https://download.samba.org/pub/samba/stable/samba-4.14.14.tar.gz Samba 4.14.14] has been released as a '''Security Release''' to address the following defects:
  +
** [https://www.samba.org/samba/security/CVE-2022-2031.html CVE-2022-2031] (Samba AD users can bypass certain restrictions associated with changing passwords)
  +
** [https://www.samba.org/samba/security/CVE-2022-32744.html CVE-2022-32744] (Samba AD users can forge password change requests for any user)
  +
** [https://www.samba.org/samba/security/CVE-2022-32745.html CVE-2022-32745] (Samba AD users can crash the server process with an LDAP add or modify request)
  +
** [https://www.samba.org/samba/security/CVE-2022-32746.html CVE-2022-32746] (Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request)
  +
** [https://www.samba.org/samba/security/CVE-2022-32742.html CVE-2022-32742] (Server memory information leak via SMB1)
  +
[https://www.samba.org/samba/history/samba-4.14.14.html Release Notes Samba 4.14.14]
   
 
== Samba 4.14.13 ==
 
== Samba 4.14.13 ==
   
<small>('''Updated 21-March-2022''')</small>
+
<small>('''Updated 4-April-2022''')</small>
   
* Monday, April 4 2022 - Planned release date for '''Samba 4.14.13'''. This will be the last bug fix release.
+
* Monday, April 4 2022 - [https://download.samba.org/pub/samba/stable/samba-4.14.13.tar.gz Samba 4.14.13] has been released. There will be security releases only beyond this point.
  +
[https://www.samba.org/samba/history/samba-4.14.13.html Release Notes Samba 4.14.13]
   
 
== Samba 4.14.12 ==
 
== Samba 4.14.12 ==

Latest revision as of 16:26, 13 September 2022

Samba 4.14 has been marked discontinued.

Release blocking bugs


Samba 4.14.14

(Updated 27-July-2022)

  • Wednesday, July 27 2022 - Samba 4.14.14 has been released as a Security Release to address the following defects:
    • CVE-2022-2031 (Samba AD users can bypass certain restrictions associated with changing passwords)
    • CVE-2022-32744 (Samba AD users can forge password change requests for any user)
    • CVE-2022-32745 (Samba AD users can crash the server process with an LDAP add or modify request)
    • CVE-2022-32746 (Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request)
    • CVE-2022-32742 (Server memory information leak via SMB1)
 Release Notes Samba 4.14.14

Samba 4.14.13

(Updated 4-April-2022)

  • Monday, April 4 2022 - Samba 4.14.13 has been released. There will be security releases only beyond this point.
Release Notes Samba 4.14.13

Samba 4.14.12

(Updated 31-January-2022)

  • Monday, January 31 2022 - Samba 4.14.12 has been released as a Security Release to address the following defects:
    • CVE-2021-44142 (Out-of-Bound Read/Write on Samba vfs_fruit module.)
    • CVE-2022-0336 (Re-adding an SPN skips subsequent SPN conflict checks.)
 Release Notes Samba 4.14.12

Samba 4.14.11

(Updated 15-December-2021)

Release Notes Samba 4.14.11

Samba 4.14.10

(Updated 09-November-2021)

  • Tuesday, November 9 2021 - Samba 4.14.10 has been released as a Security Release to address the following defects:
    • CVE-2020-25717 (A user in an AD Domain could become root on domain members)
    • CVE-2020-25718 (Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC)
    • CVE-2020-25719 (Samba AD DC did not always rely on the SID and PAC in Kerberos tickets)
    • CVE-2020-25721 (Kerberos acceptors need easy access to stable AD identifiers (eg objectSid))
    • CVE-2020-25722 (Samba AD DC did not do sufficient access and conformance checking of data stored)
    • CVE-2016-2124 (SMB1 client connections can be downgraded to plaintext authentication)
    • CVE-2021-3738 (Use after free in Samba AD DC RPC server)
    • CVE-2021-23192 (Subsequent DCE/RPC fragment injection vulnerability)
 Release Notes Samba 4.14.10

Samba 4.14.9

(Updated 27-October-2021)

  • Wednesday, October 27 2021 - Samba 4.14.9 has been released.
Release Notes Samba 4.14.9

Samba 4.14.8

(Updated 05-October-2021)

Release Notes Samba 4.14.8

Samba 4.14.7

(Updated 24-August-2021)

Release Notes Samba 4.14.7

Samba 4.14.6

(Updated 13-July-2021)

Release Notes Samba 4.14.6

Samba 4.14.5

(Updated 01-June-2021)

Release Notes Samba 4.14.5

Samba 4.14.4

(Updated 29-April-2021)

  • Thursday, April 29 2021 - Samba 4.14.4 has been released as a security release to address the following defect:
    • CVE-2021-20254 (Negative idmap cache entries can cause incorrect group entries in the Samba file server process token).
Release Notes Samba 4.14.4

Samba 4.14.3

(Updated 20-April-2021)

  • Tuesday, April 20 2021 - Samba 4.14.3 has been released.
 Release Notes Samba 4.14.3

Samba 4.14.2

(Updated 24-March-2021)

  • Wednesday, March 24 2021 - Samba 4.14.2 has been released as a security release
 Release Notes Samba 4.14.2

Samba 4.14.1

(Updated 24-March-2021)

  • Wednesday, March 24 2021 - Samba 4.14.1 has been released as a security release
 Release Notes Samba 4.14.1

Samba 4.14.0

(Updated 09-March-2021)

 Release Notes Samba 4.14.0

Samba 4.14.0rc4

(Updated 01-March-2021)

  https://download.samba.org/pub/samba/rc/samba-4.14.0rc4.WHATSNEW.txt

Samba 4.14.0rc3

(Updated 18-February-2021)

  https://download.samba.org/pub/samba/rc/samba-4.14.0rc3.WHATSNEW.txt

Samba 4.14.0rc2

(Updated 04-February-2021)

  https://download.samba.org/pub/samba/rc/samba-4.14.0rc2.WHATSNEW.txt

Samba 4.14.0rc1

(Updated 21-January-2021)

 https://download.samba.org/pub/samba/rc/samba-4.14.0rc1.WHATSNEW.txt