Blog

SAMBA+ 4.22.6 has just been released by SerNet and is now available for download for Debian GNU/Linux, Ubuntu, and AIX. Security updates for the other supported 4.21 and 4.23 releases have also been published. If you haven’t updated your packages yet, it is strongly recommended to do so soon.

These releases address several security issues, including:

• CVE-2025-9640: Uninitialized memory disclosure via vfs_streams_xattr
• CVE-2025-10230: Command injection via WINS server hook script

A complete list of changes in the 4.22.6 bugfix release can be find in the Release Notes.

SAMBA+ packages are offered through a flexible software subscription model and can be purchased directly via the SAMBA+ shop. Pricing information can be found here:

• USD Pricing: US SAMBA+ Shop
• EUR Pricing: World SAMBA+ Shop

Existing subscribers automatically have access to the new SAMBA+ 4.22.6 packages. With an active subscription, download links are available in the SAMBA+ HowTo or the SAMBA+ AIX HowTo. 

For questions, support, or to request a quote, our SAMBA+ Team is happy to help.

The SerNet Samba team has published SAMBA+ 4.23 packages for a wide range of SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu. SAMBA+ 4.23 comes with major improvements for secure file sharing, monitoring, and interoperability. As always, we strongly recommend checking the release notes before upgrading.

New in Samba 4.23

One of the most important milestones is full support for SMB over QUIC, completed as part of the STA-funded development project. QUIC enables encrypted, low-latency access to Samba servers over the Internet – effectively turning Samba into a secure “SMB VPN” for mobile users and remote work scenarios, without the need for a traditional VPN infrastructure.

Another brand-new feature is the smb_prometheus_endpoint, which was developed by Volker Lendecke and Ralph Böhme from the SerNet Samba Team. This optional service exports Samba performance metrics in a Prometheus-compatible format, enabling seamless integration with Prometheus and Grafana dashboards. Administrators can now monitor Samba health and performance in real time, with standard tooling.

Additional enhancements in Samba 4.23 include:

• SMB3 UNIX Extensions enabled by default for better POSIX interoperability.
• Modernized write timestamp handling, consistent with current Windows servers.
• Improved samba-tool domain backup --no-secrets to reliably exclude confidential attributes.
• Per-share profiling stats for detailed performance analysis in complex setups.
• CTDB tunables in directories, giving more flexibility in clustered environments.

Upgrading

Instructions for package access and upgrading are available in the SAMBA+ How-to collection. If you are upgrading from a SAMBA+ version older than 4.21 and use your own or third-party scripts that rely on Samba’s Python modules, you must install the sernet-samba-python3 package after upgrading to SAMBA+ 4.23 on Debian or Ubuntu systems. RHEL and SUSE-based systems are not affected.

For details on SAMBA+ pricing:

• USD Pricing: US SAMBA+ Shop
• EUR Pricing: World SAMBA+ Shop

With this new release, Samba 4.22 enters maintenance mode. Samba 4.21 is now in security fixes only mode. With SAMBA+ 4.23, we are also discontinuing SAMBA+ 4.20. The 4.20 release series was the last one we built for Debian buster (10) and Ubuntu bionic (18.04). On request, however, we can still provide current SAMBA+ packages for these outdated platforms. The effort required will be assessed individually, depending on the specific requirements.

For further questions, contact the SAMBA+ Team.

SAMBA+ 4.21.8 has been released by SerNet, now available for immediate download. This update provides enhanced stability and improved support for a wide range of platforms, including SUSE, Red Hat, Debian GNU/Linux, Ubuntu, and AIX.

The latest release addresses multiple issues and includes important fixes for system reliability and performance. You can review all updates in the official release notes.

SAMBA+ packages are offered through a flexible software subscription model and are available for purchase directly in the SAMBA+ shop. Pricing information can be found here:

• USD Pricing:US SAMBA+ Shop
• EUR Pricing:World SAMBA+ Shop

Existing subscribers automatically have access to the new SAMBA+ 4.21.8 packages. Active subscriptions provide download links in the SAMBA+ HowTo guides.

For questions, support, or to request a quote, our SAMBA+ Team is ready to help.

We’re excited to be a Sponsor once again at the SNIA Developer Conference (SDC), taking place in Santa Clara, California, from 15-17 September 2025. As a leading event for storage technology professionals, SDC offers deep technical sessions, real-world insights, and great networking opportunities.
Our team will be representing SAMBA+ at our booth and two expert of the SerNet Samba Team talks in the conference program.
 Ralph Böhme, Samba Teamed at SerNet, will present "Samba 2025: Enterprise-Ready, Cloud-Optimized", showcasing how new features like SMB over QUIC, Transparent Failover, and Directory Leases enhance Samba’s scalability, security, and cloud-readiness for modern enterprise environments.
Stefan Metzmacher, Software Architect at SerNet, will speak on "New Transports in Samba: QUIC and SMB-Direct Support", highlighting how Samba is expanding beyond traditional TCP with support for SMB over QUIC and work on SMB over RDMA for high-performance networking.

We invite all attendees to visit our team, learn about our latest work and developments. To plan a focused discussion, you’re welcome to schedule a meeting in advance via our contact form or by emailing sales@remove-this.sernet.com. We look forward to connecting at SDC 2025!