SAMBA+ 4.10.8 and 4.9.13 packages have just been released by SerNet. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu.
These are Security Releases in order to address the following defect:
CVE-2019-10197: Combination of parameters and permissions can allow user to escape from the share path definition.
For details and workarounds, please see the security advisory.
SAMBA+ packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.