There will be a security release on October 15, 2025. In a few days we will be pre-announcing it a bit like this: This is a heads-up that there will be Samba security updates for 4.21, 4.22, and 4.23 on Wednesday, October 15, 2025. Please make sure that your Samba servers will be updated soon after the release! Impacted component: - AD DC (CVSS 10, High, when using a very unusual configuration) - File services (CVSS 4.3, Low, in a relatively widespread configuration) The AD DC bug will affect very few, possibly zero, users.
Created attachment 18748 [details] Combined patch for 4.17 Vendors, patchsets with fixes and tests for recent versions are on the individual bugs (bug 15885 and bug 15903). The fixes are simple and will apply a long way back, though the tests end up with resolvable conflicts as you go back. I am attaching here a combined patchset for 4.17.
Vendors, My apologies -- I opened this bug to the Samba-Vendors group, but did not add samba-vendor@samba.org to the CC list. As you will see, there are two bugs; one that is serious that probably affects nobody, and one that is moderate but will affect more people.
Removing samba-vendors CC and viewing restrictions.