1 ==============================
2 Release Notes for Samba 4.18.8
4 ==============================
7 This is a security release in order to address the following defects:
10 o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to
11 existing unix domain sockets on the file system.
12 https://www.samba.org/samba/security/CVE-2023-3961.html
14 o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with
15 OVERWRITE disposition when using the acl_xattr Samba VFS
16 module with the smb.conf setting
17 "acl_xattr:ignore system acls = yes"
18 https://www.samba.org/samba/security/CVE-2023-4091.html
20 o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
21 attributes, including secrets and passwords. Additionally,
22 the access check fails open on error conditions.
23 https://www.samba.org/samba/security/CVE-2023-4154.html
25 o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
26 server block for a user-defined amount of time, denying
28 https://www.samba.org/samba/security/CVE-2023-42669.html
30 o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
31 listeners, disrupting service on the AD DC.
32 https://www.samba.org/samba/security/CVE-2023-42670.html
38 o Jeremy Allison <jra@samba.org>
39 * BUG 15422: CVE-2023-3961.
41 o Andrew Bartlett <abartlet@samba.org>
42 * BUG 15424: CVE-2023-4154.
43 * BUG 15473: CVE-2023-42670.
44 * BUG 15474: CVE-2023-42669.
46 o Ralph Boehme <slow@samba.org>
47 * BUG 15439: CVE-2023-4091.
49 o Stefan Metzmacher <metze@samba.org>
50 * BUG 15424: CVE-2023-4154.
52 o Joseph Sutton <josephsutton@catalyst.net.nz>
53 * BUG 15424: CVE-2023-4154.
56 #######################################
57 Reporting bugs & Development Discussion
58 #######################################
60 Please discuss this release on the samba-technical mailing list or by
61 joining the #samba-technical:matrix.org matrix room, or
62 #samba-technical IRC channel on irc.libera.chat.
64 If you do report problems then please try to send high quality
65 feedback. If you don't provide vital information to help us track down
66 the problem then you will probably be ignored. All bug reports should
67 be filed under the Samba 4.1 and newer product in the project's Bugzilla
68 database (https://bugzilla.samba.org/).
71 ======================================================================
72 == Our Code, Our Bugs, Our Responsibility.
74 ======================================================================
77 Release notes for older releases follow:
78 ----------------------------------------
79 ==============================
80 Release Notes for Samba 4.18.7
82 ==============================
85 This is the latest stable release of the Samba 4.18 release series.
91 o Jeremy Allison <jra@samba.org>
92 * BUG 15419: Weird filename can cause assert to fail in
93 openat_pathref_fsp_nosymlink().
94 * BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown
95 after failed IPC FSCTL_PIPE_TRANSCEIVE.
96 * BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
99 o Andrew Bartlett <abartlet@samba.org>
100 * BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect.
101 * BUG 15407: Samba replication logs show (null) DN.
103 o Ralph Boehme <slow@samba.org>
104 * BUG 15463: macOS mdfind returns only 50 results.
106 o Remi Collet <rcollet@redhat.com>
107 * BUG 14808: smbc_getxattr() return value is incorrect.
109 o Volker Lendecke <vl@samba.org>
110 * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
111 previous cache entry value.
113 o Stefan Metzmacher <metze@samba.org>
114 * BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
115 impacts sendmail, zabbix, potentially more.
117 o MikeLiu <mikeliu@qnap.com>
118 * BUG 15453: File doesn't show when user doesn't have permission if
119 aio_pthread is loaded.
121 o Martin Schwenke <mschwenke@ddn.com>
122 * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
125 o Joseph Sutton <josephsutton@catalyst.net.nz>
126 * BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with
127 empty claims pac blobs (from Samba 4.19 or Windows).
128 * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
132 #######################################
133 Reporting bugs & Development Discussion
134 #######################################
136 Please discuss this release on the samba-technical mailing list or by
137 joining the #samba-technical:matrix.org matrix room, or
138 #samba-technical IRC channel on irc.libera.chat.
140 If you do report problems then please try to send high quality
141 feedback. If you don't provide vital information to help us track down
142 the problem then you will probably be ignored. All bug reports should
143 be filed under the Samba 4.1 and newer product in the project's Bugzilla
144 database (https://bugzilla.samba.org/).
147 ======================================================================
148 == Our Code, Our Bugs, Our Responsibility.
150 ======================================================================
153 ----------------------------------------------------------------------
154 ==============================
155 Release Notes for Samba 4.18.6
157 ==============================
160 This is the latest stable release of the Samba 4.18 release series.
166 o Jeremy Allison <jra@samba.org>
167 * BUG 15420: reply_sesssetup_and_X() can dereference uninitialized tmp
169 * BUG 15430: Missing return in reply_exit_done().
171 o Andrew Bartlett <abartlet@samba.org>
172 * BUG 15289: post-exec password redaction for samba-tool is more reliable for
173 fully random passwords as it no longer uses regular expressions
174 containing the password value itself.
175 * BUG 9959: Windows client join fails if a second container CN=System exists
178 o Ralph Boehme <slow@samba.org>
179 * BUG 15342: Spotlight sometimes returns no results on latest macOS.
180 * BUG 15417: Renaming results in NT_STATUS_SHARING_VIOLATION if previously
181 attempted to remove the destination.
182 * BUG 15427: Spotlight results return wrong date in result list.
184 o Günther Deschner <gd@samba.org>
185 * BUG 15414: "net offlinejoin provision" does not work as non-root user.
187 o Pavel Filipenský <pfilipensky@samba.org>
188 * BUG 15400: rpcserver no longer accepts double backslash in dfs pathname.
189 * BUG 15433: cm_prepare_connection() calls close(fd) for the second time.
191 o Stefan Metzmacher <metze@samba.org>
192 * BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
194 * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
195 * BUG 15446: DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed.
197 o Noel Power <noel.power@suse.com>
198 * BUG 15390: Python tarfile extraction needs change to avoid a warning
199 (CVE-2007-4559 mitigation).
200 * BUG 15435: Regression DFS not working with widelinks = true.
202 o Arvid Requate <requate@univention.de>
203 * BUG 9959: Windows client join fails if a second container CN=System exists
206 o Jones Syue <jonessyue@qnap.com>
207 * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
208 * BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open().
211 #######################################
212 Reporting bugs & Development Discussion
213 #######################################
215 Please discuss this release on the samba-technical mailing list or by
216 joining the #samba-technical:matrix.org matrix room, or
217 #samba-technical IRC channel on irc.libera.chat.
219 If you do report problems then please try to send high quality
220 feedback. If you don't provide vital information to help us track down
221 the problem then you will probably be ignored. All bug reports should
222 be filed under the Samba 4.1 and newer product in the project's Bugzilla
223 database (https://bugzilla.samba.org/).
226 ======================================================================
227 == Our Code, Our Bugs, Our Responsibility.
229 ======================================================================
232 ----------------------------------------------------------------------
233 ==============================
234 Release Notes for Samba 4.18.5
236 ==============================
239 This is a security release in order to address the following defects:
241 o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
242 crafted request can trigger an out-of-bounds read in winbind
243 and possibly crash it.
244 https://www.samba.org/samba/security/CVE-2022-2127.html
246 o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured
247 "server signing = required" or for SMB2 connections to Domain
248 Controllers where SMB2 packet signing is mandatory.
249 https://www.samba.org/samba/security/CVE-2023-3347.html
251 o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
252 Spotlight can be triggered by an unauthenticated attacker by
253 issuing a malformed RPC request.
254 https://www.samba.org/samba/security/CVE-2023-34966.html
256 o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
257 Spotlight can be used by an unauthenticated attacker to
258 trigger a process crash in a shared RPC mdssvc worker process.
259 https://www.samba.org/samba/security/CVE-2023-34967.html
261 o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
262 side absolute path of shares and files and directories in
264 https://www.samba.org/samba/security/CVE-2023-34968.html
270 o Ralph Boehme <slow@samba.org>
271 * BUG 15072: CVE-2022-2127.
272 * BUG 15340: CVE-2023-34966.
273 * BUG 15341: CVE-2023-34967.
274 * BUG 15388: CVE-2023-34968.
275 * BUG 15397: CVE-2023-3347.
277 o Volker Lendecke <vl@samba.org>
278 * BUG 15072: CVE-2022-2127.
280 o Stefan Metzmacher <metze@samba.org>
281 * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
284 #######################################
285 Reporting bugs & Development Discussion
286 #######################################
288 Please discuss this release on the samba-technical mailing list or by
289 joining the #samba-technical:matrix.org matrix room, or
290 #samba-technical IRC channel on irc.libera.chat.
292 If you do report problems then please try to send high quality
293 feedback. If you don't provide vital information to help us track down
294 the problem then you will probably be ignored. All bug reports should
295 be filed under the Samba 4.1 and newer product in the project's Bugzilla
296 database (https://bugzilla.samba.org/).
299 ======================================================================
300 == Our Code, Our Bugs, Our Responsibility.
302 ======================================================================
305 ----------------------------------------------------------------------
306 ==============================
307 Release Notes for Samba 4.18.4
309 ==============================
312 This is the latest stable release of the Samba 4.18 release series.
318 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
319 * BUG 15404: Backport --pidl-developer fixes.
321 o Samuel Cabrero <scabrero@samba.org>
322 * BUG 14030: Named crashes on DLZ zone update.
324 o Björn Jacke <bj@sernet.de>
325 * BUG 2312: smbcacls and smbcquotas do not check // before the server.
327 o Volker Lendecke <vl@samba.org>
328 * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
329 * BUG 15391: smbclient leaks fds with showacls.
330 * BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem.
332 o Stefan Metzmacher <metze@samba.org>
333 * BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and
334 causes test timeouts.
336 o Noel Power <noel.power@suse.com>
337 * BUG 15384: net ads lookup (with unspecified realm) fails.
339 o Christof Schmitt <cs@samba.org>
340 * BUG 15381: Register Samba processes with GPFS.
342 o Andreas Schneider <asn@samba.org>
343 * BUG 15390: Python tarfile extraction needs change to avoid a warning
344 (CVE-2007-4559 mitigation).
345 * BUG 15398: The winbind child segfaults when listing users with `winbind
346 scan trusted domains = yes`.
348 o Jones Syue <jonessyue@qnap.com>
349 * BUG 15383: Remove comments about deprecated 'write cache size'.
350 * BUG 15403: smbget memory leak if failed to download files recursively.
353 #######################################
354 Reporting bugs & Development Discussion
355 #######################################
357 Please discuss this release on the samba-technical mailing list or by
358 joining the #samba-technical:matrix.org matrix room, or
359 #samba-technical IRC channel on irc.libera.chat.
361 If you do report problems then please try to send high quality
362 feedback. If you don't provide vital information to help us track down
363 the problem then you will probably be ignored. All bug reports should
364 be filed under the Samba 4.1 and newer product in the project's Bugzilla
365 database (https://bugzilla.samba.org/).
368 ======================================================================
369 == Our Code, Our Bugs, Our Responsibility.
371 ======================================================================
374 ----------------------------------------------------------------------
375 ==============================
376 Release Notes for Samba 4.18.3
378 ==============================
381 This is the latest stable release of the Samba 4.18 release series.
387 o Ralph Boehme <slow@samba.org>
388 * BUG 15375: Symlinks to files can have random DOS mode information in a
390 * BUG 15378: vfs_fruit might cause a failing open for delete.
392 o Volker Lendecke <vl@samba.org>
393 * BUG 15361: winbind recurses into itself via rpcd_lsad.
394 * BUG 15366: wbinfo -u fails on ad dc with >1000 users.
396 o Stefan Metzmacher <metze@samba.org>
397 * BUG 15338: DS ACEs might be inherited to unrelated object classes.
398 * BUG 15362: a lot of messages: get_static_share_mode_data:
399 get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND.
400 * BUG 15374: aes256 smb3 encryption algorithms are not allowed in
403 o Andreas Schneider <asn@samba.org>
404 * BUG 15360: Setting veto files = /.*/ break listing directories.
406 o Joseph Sutton <josephsutton@catalyst.net.nz>
407 * BUG 15363: "samba-tool domain provision" does not run interactive mode if
408 no arguments are given.
410 o Nathaniel W. Turner <nturner@exagrid.com>
411 * BUG 15325: dsgetdcname: assumes local system uses IPv4.
414 #######################################
415 Reporting bugs & Development Discussion
416 #######################################
418 Please discuss this release on the samba-technical mailing list or by
419 joining the #samba-technical:matrix.org matrix room, or
420 #samba-technical IRC channel on irc.libera.chat.
422 If you do report problems then please try to send high quality
423 feedback. If you don't provide vital information to help us track down
424 the problem then you will probably be ignored. All bug reports should
425 be filed under the Samba 4.1 and newer product in the project's Bugzilla
426 database (https://bugzilla.samba.org/).
429 ======================================================================
430 == Our Code, Our Bugs, Our Responsibility.
432 ======================================================================
435 ----------------------------------------------------------------------
436 ==============================
437 Release Notes for Samba 4.18.2
439 ==============================
442 This is the latest stable release of the Samba 4.18 release series.
448 o Jeremy Allison <jra@samba.org>
449 * BUG 15302: Log flood: smbd_calculate_access_mask_fsp: Access denied:
450 message level should be lower.
451 * BUG 15306: Floating point exception (FPE) via cli_pull_send at
452 source3/libsmb/clireadwrite.c.
454 o Andrew Bartlett <abartlet@samba.org>
455 * BUG 15328: test_tstream_more_tcp_user_timeout_spin fails intermittently on
456 Rackspace GitLab runners.
457 * BUG 15329: Reduce flapping of ridalloc test.
458 * BUG 15351: large_ldap test is unreliable.
460 o Ralph Boehme <slow@samba.org>
461 * BUG 15143: New filename parser doesn't check veto files smb.conf parameter.
462 * BUG 15354: mdssvc may crash when initializing.
464 o Volker Lendecke <vl@samba.org>
465 * BUG 15313: large directory optimization broken for non-lcomp path elements.
466 * BUG 15357: streams_depot fails to create streams.
467 * BUG 15358: shadow_copy2 and streams_depot don't play well together.
469 o Rob van der Linde <rob@catalyst.net.nz>
470 * BUG 15316: Flapping tests in samba_tool_drs_show_repl.py.
472 o Stefan Metzmacher <metze@samba.org>
473 * BUG 15317: winbindd idmap child contacts the domain controller without a
475 * BUG 15318: idmap_autorid may fail to map sids of trusted domains for the
477 * BUG 15319: idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings.
478 * BUG 15323: net ads search -P doesn't work against servers in other domains.
479 * BUG 15353: Temporary smbXsrv_tcon_global.tdb can't be parsed.
481 o Joseph Sutton <josephsutton@catalyst.net.nz>
482 * BUG 15316: Flapping tests in samba_tool_drs_show_repl.py.
483 * BUG 15343: Tests use depricated and removed methods like
487 #######################################
488 Reporting bugs & Development Discussion
489 #######################################
491 Please discuss this release on the samba-technical mailing list or by
492 joining the #samba-technical:matrix.org matrix room, or
493 #samba-technical IRC channel on irc.libera.chat.
495 If you do report problems then please try to send high quality
496 feedback. If you don't provide vital information to help us track down
497 the problem then you will probably be ignored. All bug reports should
498 be filed under the Samba 4.1 and newer product in the project's Bugzilla
499 database (https://bugzilla.samba.org/).
502 ======================================================================
503 == Our Code, Our Bugs, Our Responsibility.
505 ======================================================================
508 ----------------------------------------------------------------------
509 ==============================
510 Release Notes for Samba 4.18.1
512 ==============================
515 This is a security release in order to address the following defects:
517 o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
518 but otherwise unprivileged users to delete this attribute from
519 any object in the directory.
520 https://www.samba.org/samba/security/CVE-2023-0225.html
522 o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
523 remote LDAP server, will by default send new or reset
524 passwords over a signed-only connection.
525 https://www.samba.org/samba/security/CVE-2023-0922.html
527 o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
528 Confidential attribute disclosure via LDAP filters was
529 insufficient and an attacker may be able to obtain
530 confidential BitLocker recovery keys from a Samba AD DC.
531 Installations with such secrets in their Samba AD should
532 assume they have been obtained and need replacing.
533 https://www.samba.org/samba/security/CVE-2023-0614.html
539 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
540 * BUG 15276: CVE-2023-0225.
542 o Andrew Bartlett <abartlet@samba.org>
543 * BUG 15270: CVE-2023-0614.
544 * BUG 15331: ldb wildcard matching makes excessive allocations.
545 * BUG 15332: large_ldap test is inefficient.
547 o Rob van der Linde <rob@catalyst.net.nz>
548 * BUG 15315: CVE-2023-0922.
550 o Joseph Sutton <josephsutton@catalyst.net.nz>
551 * BUG 15270: CVE-2023-0614.
552 * BUG 15276: CVE-2023-0225.
555 #######################################
556 Reporting bugs & Development Discussion
557 #######################################
559 Please discuss this release on the samba-technical mailing list or by
560 joining the #samba-technical:matrix.org matrix room, or
561 #samba-technical IRC channel on irc.libera.chat.
563 If you do report problems then please try to send high quality
564 feedback. If you don't provide vital information to help us track down
565 the problem then you will probably be ignored. All bug reports should
566 be filed under the Samba 4.1 and newer product in the project's Bugzilla
567 database (https://bugzilla.samba.org/).
570 ======================================================================
571 == Our Code, Our Bugs, Our Responsibility.
573 ======================================================================
576 ----------------------------------------------------------------------
577 ==============================
578 Release Notes for Samba 4.18.0
580 ==============================
582 This is the first stable release of the Samba 4.18 release series.
583 Please read the release notes carefully before upgrading.
588 SMB Server performance improvements
589 -----------------------------------
591 The security improvements in recent releases
592 (4.13, 4.14, 4.15, 4.16), mainly as protection against symlink races,
593 caused performance regressions for metadata heavy workloads.
595 While 4.17 already improved the situation quite a lot,
596 with 4.18 the locking overhead for contended path based operations
597 is reduced by an additional factor of ~ 3 compared to 4.17.
598 It means the throughput of open/close
599 operations reached the level of 4.12 again.
601 More succinct samba-tool error messages
602 ---------------------------------------
604 Historically samba-tool has reported user error or misconfiguration by
605 means of a Python traceback, showing you where in its code it noticed
606 something was wrong, but not always exactly what is amiss. Now it
607 tries harder to identify the true cause and restrict its output to
608 describing that. Particular cases include:
610 * a username or password is incorrect
611 * an ldb database filename is wrong (including in smb.conf)
612 * samba-tool dns: various zones or records do not exist
613 * samba-tool ntacl: certain files are missing
614 * the network seems to be down
615 * bad --realm or --debug arguments
617 Accessing the old samba-tool messages
618 -------------------------------------
620 This is not new, but users are reminded they can get the full Python
621 stack trace, along with other noise, by using the argument '-d3'.
622 This may be useful when searching the web.
624 The intention is that when samba-tool encounters an unrecognised
625 problem (especially a bug), it will still output a Python traceback.
626 If you encounter a problem that has been incorrectly identified by
627 samba-tool, please report it on https://bugzilla.samba.org.
629 Colour output with samba-tool --color
630 -------------------------------------
632 For some time a few samba-tool commands have had a --color=yes|no|auto
633 option, which determines whether the command outputs ANSI colour
634 codes. Now all samba-tool commands support this option, which now also
635 accepts 'always' and 'force' for 'yes', 'never' and 'none' for 'no',
636 and 'tty' and 'if-tty' for 'auto' (this more closely matches
637 convention). With --color=auto, or when --color is omitted, colour
638 codes are only used when output is directed to a terminal.
640 Most commands have very little colour in any case. For those that
641 already used it, the defaults have changed slightly.
643 * samba-tool drs showrepl: default is now 'auto', not 'no'
645 * samba-tool visualize: the interactions between --color-scheme,
646 --color, and --output have changed slightly. When --color-scheme is
647 set it overrides --color for the purpose of the output diagram, but
648 not for other output like error messages.
650 New samba-tool dsacl subcommand for deleting ACES
651 -------------------------------------------------
653 The samba-tool dsacl tool can now delete entries in directory access
654 control lists. The interface for 'samba-tool dsacl delete' is similar
655 to that of 'samba-tool dsacl set', with the difference being that the
656 ACEs described by the --sddl argument are deleted rather than added.
658 No colour with NO_COLOR environment variable
659 --------------------------------------------
661 With both samba-tool --color=auto (see above) and some other places
662 where we use ANSI colour codes, the NO_COLOR environment variable will
663 disable colour output. See https://no-color.org/ for a description of
664 this variable. `samba-tool --color=always` will use colour regardless
667 New wbinfo option --change-secret-at
668 ------------------------------------
670 The wbinfo command has a new option, --change-secret-at=<DOMAIN CONTROLLER>
671 which forces the trust account password to be changed at a specified domain
672 controller. If the specified domain controller cannot be contacted the
673 password change fails rather than trying other DCs.
675 New option to change the NT ACL default location
676 ------------------------------------------------
678 Usually the NT ACLs are stored in the security.NTACL extended
679 attribute (xattr) of files and directories. The new
680 "acl_xattr:security_acl_name" option allows to redefine the default
681 location. The default "security.NTACL" is a protected location, which
682 means the content of the security.NTACL attribute is not accessible
683 from normal users outside of Samba. When this option is set to use a
684 user-defined value, e.g. user.NTACL then any user can potentially
685 access and overwrite this information. The module prevents access to
686 this xattr over SMB, but the xattr may still be accessed by other
687 means (eg local access, SSH, NFS). This option must only be used when
688 this consequence is clearly understood and when specific precautions
689 are taken to avoid compromising the ACL content.
691 Azure Active Directory / Office365 synchronisation improvements
692 --------------------------------------------------------------
694 Use of the Azure AD Connect cloud sync tool is now supported for
695 password hash synchronisation, allowing Samba AD Domains to synchronise
696 passwords with this popular cloud environment.
705 Parameter Name Description Default
706 -------------- ----------- -------
707 acl_xattr:security_acl_name New security.NTACL
711 CHANGES SINCE 4.18.0rc4
712 =======================
714 o Jeremy Allison <jra@samba.org>
715 * BUG 15314: streams_xattr is creating unexpected locks on folders.
717 o Volker Lendecke <vl@samba.org>
718 * BUG 15310: New samba-dcerpc architecture does not scale gracefully.
721 CHANGES SINCE 4.18.0rc3
722 =======================
724 o Andreas Schneider <asn@samba.org>
725 * BUG 15308: Avoid that tests fail because other tests didn't do cleanup on
728 o baixiangcpp <baixiangcpp@gmail.com>
729 * BUG 15311: fd_load() function implicitly closes the fd where it should not.
732 CHANGES SINCE 4.18.0rc2
733 =======================
735 o Jeremy Allison <jra@samba.org>
736 * BUG 15301: Improve file_modtime() and issues around smb3 unix test.
738 o Ralph Boehme <slow@samba.org>
739 * BUG 15299: Spotlight doesn't work with latest macOS Ventura.
741 o Stefan Metzmacher <metze@samba.org>
742 * BUG 15298: Build failure on solaris with tevent 0.14.0 (and ldb 2.7.0).
743 (tevent 0.14.1 and ldb 2.7.1 are already released...)
745 o John Mulligan <jmulligan@redhat.com>
746 * BUG 15307: vfs_ceph incorrectly uses fsp_get_io_fd() instead of
747 fsp_get_pathref_fd() in close and fstat.
749 o Andreas Schneider <asn@samba.org>
750 * BUG 15291: test_chdir_cache.sh doesn't work with SMBD_DONT_LOG_STDOUT=1.
751 * BUG 15301: Improve file_modtime() and issues around smb3 unix test.
754 CHANGES SINCE 4.18.0rc1
755 =======================
757 o Andrew Bartlett <abartlet@samba.org>
758 * BUG 10635: Office365 azure Password Sync not working.
760 o Stefan Metzmacher <metze@samba.org>
761 * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
763 o Noel Power <noel.power@suse.com>
764 * BUG 15293: With clustering enabled samba-bgqd can core dump due to use
771 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.18#Release_blocking_bugs
774 #######################################
775 Reporting bugs & Development Discussion
776 #######################################
778 Please discuss this release on the samba-technical mailing list or by
779 joining the #samba-technical:matrix.org matrix room, or
780 #samba-technical IRC channel on irc.libera.chat
782 If you do report problems then please try to send high quality
783 feedback. If you don't provide vital information to help us track down
784 the problem then you will probably be ignored. All bug reports should
785 be filed under the Samba 4.1 and newer product in the project's Bugzilla
786 database (https://bugzilla.samba.org/).
789 ======================================================================
790 == Our Code, Our Bugs, Our Responsibility.
792 ======================================================================