From: Jule Anger Date: Mon, 7 Jul 2025 16:05:10 +0000 (+0200) Subject: WHATSNEW: Add release notes for Samba 4.21.7. X-Git-Tag: samba-4.21.7~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19f7837e4989e64ebe713976942ed229a7de09fe;p=thirdparty%2Fsamba.git WHATSNEW: Add release notes for Samba 4.21.7. Signed-off-by: Jule Anger --- diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b8967d54c82..127fd8a3811 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,85 @@ + ============================== + Release Notes for Samba 4.21.7 + July 07, 2025 + ============================== + + +This is the latest stable release of the Samba 4.21 release series. + + +Important Change in Upcoming Microsoft Update +--------------------------------------------- + +On 8th of July, Microsoft will release an important security update for +Active Directory Domain Controllers for Windows Server versions prior to +2025. + +This update includes a change to the Microsoft RPC Netlogon protocol, +which improves security by tightening access checks for a set of RPC +requests. Samba running as domain members in these environments will be +impacted by this change if a specific configuration is used, see below +for which configuration is affected. + +Windows Server version 2025 is already equipped with these specific +security hardenings, and Microsoft is now planning to deploy them to all +supported Windows Server versions down to Windows Server 2008. + + +Who is affected? + +Samba installations acting as member servers in Windows AD domains will +be affected if they are configured to use the 'ad' idmapping backend. +Samba servers not using this configuration will not be affected by the +change – at least to our current knowledge and understanding of the +change – and no further action is required. + +Current versions of Samba with the affected configuration will no longer +function correctly once the Microsoft update has been applied. Users +will not be able to connect to the SMB service provided by Samba for any +domain configured to use the 'ad' idmapping backend. + +See https://bugzilla.samba.org/show_bug.cgi?id=15876. + +Changes since 4.21.6 +-------------------- + +o Günther Deschner + * BUG 15876: Windows security hardening locks out schannel'ed netlogon dc + calls like netr_DsRGetDCName. + +o Stefan Metzmacher + * BUG 15680: Trust domains are not created. + * BUG 15876: Windows security hardening locks out schannel'ed netlogon dc + calls like netr_DsRGetDCName. + +o Andreas Schneider + * BUG 15680: Trust domains are not created. + * BUG 15869: Startup messages of rpc deamons fills /var/log/messages. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- ============================== Release Notes for Samba 4.21.6 June 03, 2025 @@ -92,8 +174,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- ============================== Release Notes for Samba 4.21.5 March 31, 2025