Release Planning for Samba 4.18: Difference between revisions

From SambaWiki
(Release Samba v4.18.4)
(Release Samba v4.18.5)
Line 4: Line 4:
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&query_format=advanced&target_milestone=4.18 All 4.18 regression bugs]
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&query_format=advanced&target_milestone=4.18 All 4.18 regression bugs]
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&query_format=advanced&target_milestone=4.18 Unresolved 4.18 regression bugs]
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&query_format=advanced&target_milestone=4.18 Unresolved 4.18 regression bugs]

== Samba 4.18.6 ==
<small>('''Updated 19-July-2023''')</small>

* Wednesday, August 16 2023 - Planned release date for '''Samba 4.18.6'''.


== Samba 4.18.5 ==
== Samba 4.18.5 ==
<small>('''Updated 05-July-2023''')</small>


<small>('''Updated 19-July-2023''')</small>
* Wednesday, August 16 2023 - Planned release date for '''Samba 4.18.5'''.

* Wednesday, July 19 2023 - [https://download.samba.org/pub/samba/stable/samba-4.18.5.tar.gz Samba 4.18.5] has been released as a '''Security Release''' to address the following defects:
** [https://www.samba.org/samba/security/CVE-2023-34967.html CVE-2023-34967] (Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process.)
** [https://www.samba.org/samba/security/CVE-2022-2127.html CVE-2022-2127] (When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it.)
** [https://www.samba.org/samba/security/CVE-2023-34968.html CVE-2023-34968] (As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results.)
** [https://www.samba.org/samba/security/CVE-2023-34966.html CVE-2023-34966] (An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request.)
** [https://www.samba.org/samba/security/CVE-2023-3347.html CVE-2023-3347] (SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory.)
[https://www.samba.org/samba/history/samba-4.18.5.html Release Notes Samba 4.18.5]



== Samba 4.18.4 ==
== Samba 4.18.4 ==

Revision as of 14:53, 19 July 2023

Samba 4.18 is the current stable release series.

Release blocking bugs

Samba 4.18.6

(Updated 19-July-2023)

  • Wednesday, August 16 2023 - Planned release date for Samba 4.18.6.

Samba 4.18.5

(Updated 19-July-2023)

  • Wednesday, July 19 2023 - Samba 4.18.5 has been released as a Security Release to address the following defects:
    • CVE-2023-34967 (Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process.)
    • CVE-2022-2127 (When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it.)
    • CVE-2023-34968 (As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results.)
    • CVE-2023-34966 (An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request.)
    • CVE-2023-3347 (SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory.)
 Release Notes Samba 4.18.5


Samba 4.18.4

(Updated 05-July-2023)

  • Wednesday, July 5 2023 - Samba 4.18.4 has been released.
 Release Notes Samba 4.18.4

Samba 4.18.3

(Updated 31-May-2023)

  • Wednesday, May 31 2023 - Samba 4.18.3 has been released.
 Release Notes Samba 4.18.3

Samba 4.18.2

(Updated 19-April-2023)

  • Wednesday, April 19 2023 - Samba 4.18.2 has been released.
 Release Notes Samba 4.18.2

Samba 4.18.1

(Updated 2023-March-29)

  • Wednesday, March 29 2023 - Samba 4.18.1 has been released as a Security Release to address the following defects:
    • CVE-2023-0225 (An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.)
    • CVE-2023-0922 (The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.)
    • CVE-2023-0614 (The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing.)
 Release Notes Samba 4.18.1

Samba 4.18.0

(Updated 1-March-2023)

  • Wednesday, March 8 2023 - Samba 4.18.0 has been released.
 Release Notes Samba 4.18.0

Samba 4.18.0rc4

(Updated 1-March-2023)

  • Wednesday, March 1 2023 - Samba 4.18.0rc4 has been released.
 Release Notes Samba 4.18.0rc4

Samba 4.18.0rc3

(Updated 15-February-2023)

  • Wednesday, February 15 2023 - Samba 4.18.0rc3 has been released.
 Release Notes Samba 4.18.0rc3

Samba 4.18.0rc2

(Updated 1-February-2023)

  • Wednesday, February 1 2023 - Samba 4.18.0rc2 has been released.
 Release Notes Samba 4.18.0rc2

Samba 4.18.0rc1

(Updated 18-January-2023)

  • Wednesday, January 18 2023 - Samba 4.18.0rc1 has been released.
 Release Notes Samba 4.18.0rc1
Retrieved from "https://wiki.samba.org/index.php?title=Release_Planning_for_Samba_4.18&oldid=19009"