Major features included in the 3.0.25 code base include:
* Significant improvements in the winbind off-line logon support.
* Support for secure DDNS updates as part of the 'net ads join' process.
* Rewritten IdMap interface which allows for TTL based caching and per domain backends.
* New plug-in interface for the "winbind nss info" parameter.
* New file change notify subsystem which is able to make use of inotify on Linux.
* Support for passing Windows security descriptors to a VFS plug-in allowing for multiple Unix ACL implements to running side by side on the Same server.
* Improved compatibility with Windows Vista clients including improved read performance with Linux servers.
* Man pages for IdMap and VFS plug-ins.
Security Fixes included in the Samba 3.0.25 release are:
* CVE-2007-2444 (Samba 3.0.23d - 3.0.25pre2): Local SID/Name translation bug can result in user privilege elevation.
* CVE-2007-2446 (Samba 3.0.0 - 3.0.25rc3): Multiple heap overflows allow remote code execution.
* CVE-2007-2447 (Samba 3.0.0 - 3.0.25rc3): Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution.