Release Planning for Samba 4.18: Difference between revisions
From SambaWiki
(Add new series) |
(Release Samba v4.18.9) |
||
| (20 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Samba 4.18 is the [[Samba_Release_Planning# |
Samba 4.18 is in the [[Samba_Release_Planning#Maintenance_Mode|'''Maintenance Mode''']]. |
||
==[[Blocker bugs|Release blocking bugs]]== |
==[[Blocker bugs|Release blocking bugs]]== |
||
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&query_format=advanced&target_milestone=4.18 All 4.18 regression bugs] |
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&query_format=advanced&target_milestone=4.18 All 4.18 regression bugs] |
||
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&query_format=advanced&target_milestone=4.18 Unresolved 4.18 regression bugs] |
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&query_format=advanced&target_milestone=4.18 Unresolved 4.18 regression bugs] |
||
== Samba 4.18.10 == |
|||
<small>('''Updated 29-November-2023''')</small> |
|||
* Wednesday, January 31 2024 - Planned release date for '''Samba 4.18.10'''. |
|||
== Samba 4.18.9 == |
|||
<small>('''Updated 29-November-2023''')</small> |
|||
* Wednesday, November 29 2023 - '''Samba 4.18.9''' has been released. |
|||
[https://www.samba.org/samba/history/samba-4.18.9.html Release Notes Samba 4.18.9] |
|||
== Samba 4.18.8 == |
|||
<small>('''Updated 10-October-2023''')</small> |
|||
* Tuesday, October 10 2023 - [https://download.samba.org/pub/samba/stable/samba-4.18.8.tar.gz Samba 4.18.8] has been released as a '''Security Release''' to address the following defects: |
|||
** [https://www.samba.org/samba/security/CVE-2023-3961.html CVE-2023-3961] (Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system.) |
|||
** [https://www.samba.org/samba/security/CVE-2023-4091.html CVE-2023-4091] (SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes") |
|||
** [https://www.samba.org/samba/security/CVE-2023-4154.html CVE-2023-4154] (An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions.) |
|||
** [https://www.samba.org/samba/security/CVE-2023-42669.html CVE-2023-42669] (Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service.) |
|||
** [https://www.samba.org/samba/security/CVE-2023-42670.html CVE-2023-42670] (Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC.) |
|||
[https://www.samba.org/samba/history/samba-4.18.8.html Release Notes Samba 4.18.8] |
|||
== Samba 4.18.7 == |
|||
<small>('''Updated 27-September-2023''')</small> |
|||
* Wednesday, September 27 2023 - '''Samba 4.18.7''' has been released. |
|||
[https://www.samba.org/samba/history/samba-4.18.7.html Release Notes Samba 4.18.7] |
|||
== Samba 4.18.6 == |
|||
<small>('''Updated 16-August-2023''')</small> |
|||
* Wednesday, August 16 2023 - '''Samba 4.18.6''' has been released. |
|||
[https://www.samba.org/samba/history/samba-4.18.6.html Release Notes Samba 4.18.6] |
|||
== Samba 4.18.5 == |
|||
<small>('''Updated 19-July-2023''')</small> |
|||
* Wednesday, July 19 2023 - [https://download.samba.org/pub/samba/stable/samba-4.18.5.tar.gz Samba 4.18.5] has been released as a '''Security Release''' to address the following defects: |
|||
** [https://www.samba.org/samba/security/CVE-2023-34967.html CVE-2023-34967] (Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process.) |
|||
** [https://www.samba.org/samba/security/CVE-2022-2127.html CVE-2022-2127] (When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it.) |
|||
** [https://www.samba.org/samba/security/CVE-2023-34968.html CVE-2023-34968] (As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results.) |
|||
** [https://www.samba.org/samba/security/CVE-2023-34966.html CVE-2023-34966] (An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request.) |
|||
** [https://www.samba.org/samba/security/CVE-2023-3347.html CVE-2023-3347] (SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory.) |
|||
[https://www.samba.org/samba/history/samba-4.18.5.html Release Notes Samba 4.18.5] |
|||
== Samba 4.18.4 == |
|||
<small>('''Updated 05-July-2023''')</small> |
|||
* Wednesday, July 5 2023 - '''Samba 4.18.4''' has been released. |
|||
[https://www.samba.org/samba/history/samba-4.18.4.html Release Notes Samba 4.18.4] |
|||
== Samba 4.18.3 == |
|||
<small>('''Updated 31-May-2023''')</small> |
|||
* Wednesday, May 31 2023 - '''Samba 4.18.3''' has been released. |
|||
[https://www.samba.org/samba/history/samba-4.18.3.html Release Notes Samba 4.18.3] |
|||
== Samba 4.18.2 == |
|||
<small>('''Updated 19-April-2023''')</small> |
|||
* Wednesday, April 19 2023 - '''Samba 4.18.2''' has been released. |
|||
[https://www.samba.org/samba/history/samba-4.18.2.html Release Notes Samba 4.18.2] |
|||
== Samba 4.18.1 == |
|||
<small>('''Updated 2023-March-29''')</small> |
|||
* Wednesday, March 29 2023 - [https://download.samba.org/pub/samba/stable/samba-4.18.1.tar.gz Samba 4.18.1] has been released as a '''Security Release''' to address the following defects: |
|||
** [https://www.samba.org/samba/security/CVE-2023-0225.html CVE-2023-0225] (An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.) |
|||
** [https://www.samba.org/samba/security/CVE-2023-0922.html CVE-2023-0922] (The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.) |
|||
** [https://www.samba.org/samba/security/CVE-2023-0614.html CVE-2023-0614] (The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing.) |
|||
[https://www.samba.org/samba/history/samba-4.18.1.html Release Notes Samba 4.18.1] |
|||
== Samba 4.18.0 == |
|||
<small>('''Updated 1-March-2023''')</small> |
|||
* Wednesday, March 8 2023 - '''Samba 4.18.0''' has been released. |
|||
[https://www.samba.org/samba/history/samba-4.18.0.html Release Notes Samba 4.18.0] |
|||
== Samba 4.18.0rc4 == |
|||
<small>('''Updated 1-March-2023''')</small> |
|||
* Wednesday, March 1 2023 - '''Samba 4.18.0rc4''' has been released. |
|||
[https://download.samba.org/pub/samba/rc/samba-4.18.0rc4.WHATSNEW.txt Release Notes Samba 4.18.0rc4] |
|||
== Samba 4.18.0rc3 == |
|||
<small>('''Updated 15-February-2023''')</small> |
|||
* Wednesday, February 15 2023 - '''Samba 4.18.0rc3''' has been released. |
|||
[https://download.samba.org/pub/samba/rc/samba-4.18.0rc3.WHATSNEW.txt Release Notes Samba 4.18.0rc3] |
|||
== Samba 4.18.0rc2 == |
|||
<small>('''Updated 1-February-2023''')</small> |
|||
* Wednesday, February 1 2023 - '''Samba 4.18.0rc2''' has been released. |
|||
[https://download.samba.org/pub/samba/rc/samba-4.18.0rc2.WHATSNEW.txt Release Notes Samba 4.18.0rc2] |
|||
== Samba 4.18.0rc1 == |
|||
<small>('''Updated 18-January-2023''')</small> |
|||
* Wednesday, January 18 2023 - '''Samba 4.18.0rc1''' has been released. |
|||
[https://download.samba.org/pub/samba/rc/samba-4.18.0rc1.WHATSNEW.txt Release Notes Samba 4.18.0rc1] |
|||
Latest revision as of 14:45, 29 November 2023
Samba 4.18 is in the Maintenance Mode.
Release blocking bugs
Samba 4.18.10
(Updated 29-November-2023)
- Wednesday, January 31 2024 - Planned release date for Samba 4.18.10.
Samba 4.18.9
(Updated 29-November-2023)
- Wednesday, November 29 2023 - Samba 4.18.9 has been released.
Release Notes Samba 4.18.9
Samba 4.18.8
(Updated 10-October-2023)
- Tuesday, October 10 2023 - Samba 4.18.8 has been released as a Security Release to address the following defects:
- CVE-2023-3961 (Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system.)
- CVE-2023-4091 (SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes")
- CVE-2023-4154 (An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions.)
- CVE-2023-42669 (Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service.)
- CVE-2023-42670 (Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC.)
Release Notes Samba 4.18.8
Samba 4.18.7
(Updated 27-September-2023)
- Wednesday, September 27 2023 - Samba 4.18.7 has been released.
Release Notes Samba 4.18.7
Samba 4.18.6
(Updated 16-August-2023)
- Wednesday, August 16 2023 - Samba 4.18.6 has been released.
Release Notes Samba 4.18.6
Samba 4.18.5
(Updated 19-July-2023)
- Wednesday, July 19 2023 - Samba 4.18.5 has been released as a Security Release to address the following defects:
- CVE-2023-34967 (Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process.)
- CVE-2022-2127 (When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it.)
- CVE-2023-34968 (As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results.)
- CVE-2023-34966 (An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request.)
- CVE-2023-3347 (SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory.)
Release Notes Samba 4.18.5
Samba 4.18.4
(Updated 05-July-2023)
- Wednesday, July 5 2023 - Samba 4.18.4 has been released.
Release Notes Samba 4.18.4
Samba 4.18.3
(Updated 31-May-2023)
- Wednesday, May 31 2023 - Samba 4.18.3 has been released.
Release Notes Samba 4.18.3
Samba 4.18.2
(Updated 19-April-2023)
- Wednesday, April 19 2023 - Samba 4.18.2 has been released.
Release Notes Samba 4.18.2
Samba 4.18.1
(Updated 2023-March-29)
- Wednesday, March 29 2023 - Samba 4.18.1 has been released as a Security Release to address the following defects:
- CVE-2023-0225 (An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.)
- CVE-2023-0922 (The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.)
- CVE-2023-0614 (The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing.)
Release Notes Samba 4.18.1
Samba 4.18.0
(Updated 1-March-2023)
- Wednesday, March 8 2023 - Samba 4.18.0 has been released.
Release Notes Samba 4.18.0
Samba 4.18.0rc4
(Updated 1-March-2023)
- Wednesday, March 1 2023 - Samba 4.18.0rc4 has been released.
Release Notes Samba 4.18.0rc4
Samba 4.18.0rc3
(Updated 15-February-2023)
- Wednesday, February 15 2023 - Samba 4.18.0rc3 has been released.
Release Notes Samba 4.18.0rc3
Samba 4.18.0rc2
(Updated 1-February-2023)
- Wednesday, February 1 2023 - Samba 4.18.0rc2 has been released.
Release Notes Samba 4.18.0rc2
Samba 4.18.0rc1
(Updated 18-January-2023)
- Wednesday, January 18 2023 - Samba 4.18.0rc1 has been released.
Release Notes Samba 4.18.0rc1