WHATSNEW: warn against using the RODC on older Samba versions

author Andrew Bartlett <abartlet@samba.org>

Mon, 28 Aug 2017 09:36:14 +0000 (21:36 +1200)

committer Karolin Seeger <kseeger@samba.org>

Wed, 6 Sep 2017 08:01:14 +0000 (10:01 +0200)
author Andrew Bartlett <abartlet@samba.org>
Mon, 28 Aug 2017 09:36:14 +0000 (21:36 +1200)
committer Karolin Seeger <kseeger@samba.org>
Wed, 6 Sep 2017 08:01:14 +0000 (10:01 +0200)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt

index 09320492c832396e974fdf2aa39387e2424a8609..714a4e167040983f04689737735a8597de543bd2 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -173,6 +173,14 @@ The reliability of RODCs locating a writable partner still requires some
  improvements and so the 'password server' configuration option is generally
  recommended on the RODC.
  
+Samba 4.7 is the first Samba release to be secure as an RODC or when
+hosting an RODC.  If you have been using earlier Samba versions to
+host or be an RODC, please upgrade.
+
+In particular see https://bugzilla.samba.org/show_bug.cgi?id=12977 for
+details on the security implications for password disclosure to an
+RODC using earlier versions.
+
  Additional password hashes stored in supplementalCredentials
  ------------------------------------------------------------
author	Andrew Bartlett <abartlet@samba.org>
	Mon, 28 Aug 2017 09:36:14 +0000 (21:36 +1200)
committer	Karolin Seeger <kseeger@samba.org>
	Wed, 6 Sep 2017 08:01:14 +0000 (10:01 +0200)