Soo gudbiyey sii daayo Samba 4.13.0, kuwaas oo sii waday horumarinta laanta Samba 4 iyada oo si buuxda loo hirgelinayo koontaroolaha domainka iyo adeeg Hagaha Firfircoon oo la jaan qaadaya hirgelinta Windows 2000 oo awood u leh inuu u adeego dhammaan noocyada macaamiisha Windows ee ay taageerto Microsoft, oo ay ku jiraan Windows 10. Samba 4 waa badeecad hodan ku ah server-ka kaas oo sidoo kale waxay bixisaa hirgelinta server-ka faylka, adeegga daabacaadda, iyo server-ka aqoonsiga (winbind).
Lagu daray ilaalinta nuglaanta ZeroLogon (CVE-2020-1472) waxay u ogolaataa weeraryahanku inuu helo xuquuq maamul oo ku saabsan kantaroolaha domainka ee nidaamyada aan isticmaalin goobta "Schannel server = haa".
Shuruudaha nooca ugu yar ee Python ayaa laga kordhiyey Python 3.5 ilaa Python 3.6. Awoodda lagu dhisayo server-ka faylalka leh Python 2 waa la sii hayaa hadda (kahor inta aanad socodsiin ./configure' iyo 'make' waa inaad dejisaa doorsoomiyaha deegaanka 'PYTHON=python2'), laakiin laanta soo socota waa laga saarayaa iyo Python 3.6 ayaa loo baahan doonaa dhismaha.
"Xiriirka ballaaran = haa" shaqeynta, kaas oo u oggolaanaya maamulayaasha faylalka inay abuuraan xiriiriyeyaal calaamad u ah aag ka baxsan qaybta SMB/CIFS ee hadda, ayaa laga raray smbd loona guuray cutubka "vfs_widelinks" gaar ah. Waqtigan xaadirka ah, cutubkan si toos ah ayaa loo shubaa haddii "links ballaaran = haa" meertadu ay ku jirto goobaha. Mustaqbalka, waxaa la qorsheeyay in meesha laga saaro taageerada "links ballaaran = haa" arrimo ammaan dartood, isticmaalayaasha samba waxaa si xooggan loogu dhiirigelinayaa inay ka beddelaan "links ballaaran = haa" si ay u isticmaalaan "mount --bind" si ay ugu dhejiyaan qaybaha dibadda nidaamka faylka.
Qaabka caadiga ah taageerada kontoroolka domainka waa la joojiyay. Isticmaalayaasha kontaroolayaasha domain-ka ee NT4 ('classic') waa inay u beddelaan adeegsiga Samba Active Directory kontaroolayaasha si ay awood ugu yeeshaan inay la shaqeeyaan macaamiisha casriga ah ee Windows.
Hababka xaqiijinta ee aan sugnayn ee la xidhay oo kaliya lagu isticmaali karo borotokoolka SMBv1: "domain logons", "raw NTLMv2 auth", "macmiil cad oo auth", "macmiil NTLMv2 auth", "lanman auth macmiilka" iyo "isticmaalka macmiilka spnego".
Taageerada ikhtiyaarka "ldap ssl xayeysiis" ayaa laga saaray smb.conf. Xulashada "Schannel server" ayaa la filayaa in laga saaro siideynta soo socota.