In addition to addressing the CVE-2025-0620, the release includes various bug fixes since version 4.21.5. Notably, it resolves issues related to Group Policy Object (GPO) management, deadlocks between SMB processes, and problems with VFS Ceph snapshots and Clustered Trivial Database (CTDB) functionality.
Key changes since the last release include:
- Fixes for GPO management issues
- Resolving deadlocks between SMB processes
- Improvements to Active Directory join processes
- Addressing problems with snapshot listing in Ceph
- Ensuring graceful shutdown behavior for NFS nodes in CTDB
Users interested in the source code can download it from the Samba website, where the uncompressed tarballs and patch files have been signed with GnuPG for security. The full release notes are also available online for those seeking more detailed information about the updates and fixes.
For further discussion or to report bugs, users are encouraged to engage with the Samba-technical mailing list, the Matrix chat room, or the IRC channel on Libera.Chat. Feedback is valuable for improving the project, and all bugs should be reported through the Samba Bugzilla database.
Extended Context:
Samba is a highly utilized open-source software suite that enables seamless file and print services to SMB/CIFS clients. Regular updates like 4.21.6 are critical for maintaining security, performance, and compatibility with modern systems. As Samba continues to evolve, it remains essential for IT professionals to stay informed about the latest releases and best practices for deployment and management. The community-driven nature of Samba encourages users to participate actively in discussions and contribute to ongoing development efforts, thereby enhancing the software for everyone
Samba 4.21.6 released
Samba 4.21.6 has been released with a security-related bug fix identified as CVE-2025-0620. This update addresses an issue in which Samba fails to recognize changes in group membership during the reauthentication of an expired SMB session. This issue arises when Samba retains a cache of associations between a user's impersonation information and the connected shares. The update impacts users who remove an individual from a specific group in Active Directory, resulting in the change not taking effect until the user disconnects from the server and initiates a new connection. Since version 4.21.5, there have been more issues, including problems managing GPO for MOTD settings, a deadlock between two SMB processes, and difficulties with VFS Ceph snapshots and CTDB. The release notes can be accessed online, and the source code is available for download from the Samba website.
