Chapter 1. Overview

1.1. Major changes in RHEL 10.0

Key highlights for RHEL installer:

The newly created users will have administrative privileges by default, unless you deselect the option.
You can now set the required time zone by using new options instead of the time zone map.
The remote desktop protocol (RDP) for graphical remote access replaces VNC.

Key highlights for RHEL image builder:

RHEL image builder cockpit-composer package has been deprecated and replaced with the new cockpit-image-builder plugin.
Disk images, such as AWS or KVM, do not have a separate /boot partition.

For more information, see New features and enhancements - Installer and image creation.

Security

As a Technology Preview, system-wide cryptographic policies (crypto-policies), the OpenSSL, GnuTLS, and NSS toolkits, and the OpenSSH suite now work with post-quantum (PQ) algorithms.

With the new sudo RHEL system role, you can consistently manage sudo configuration at scale across your RHEL systems.

RHEL 10 introduces Sequoia PGP tools sq and sqv that complement the existing GnuPG tools for managing OpenPGP encryption and signatures.

The OpenSSL TLS toolkit introduces creation of FIPS-compliant PKCS #12 files, the pkcs11-provider for using hardware tokens, and many additional improvements.

RHEL 10 contains the OpenSSH suite in version 9.9, which provides many fixes and improvements over OpenSSH 8.7, which was provided in RHEL 9.

The SELinux userspace release 3.8 introduces a new option for audit2allow that provides CIL output mode, Wayland support for the SELinux sandbox, and other improvements.

The Keylime agent component is provided in version 0.2.5, which provides support for Initial Device Identity (IDevID) and Initial Attestation Key (IAK) for device identity and uses TLS 1.3 by default. In addition, the new keylime-policy tool integrates all management tasks of Keylime policies.

The security compliance offering has evolved substantially compared to RHEL 9 in both the tooling and content. You can still perform all the actions you need to bring your systems close to a compliant state although you might need to use different tools than in previous versions of RHEL.

See New features - Security for more information.

Kernel

This release delivers several important improvements and new features to the kernel. We have expanded graphical capabilities by introducing limited support for virtio-gpu on IBM Z (s390x) systems for enhanced virtualization experiences.

To improve usability and deployment, the rteval utility has been containerized, simplifying its integration into various environments. You can run the rteval utility with all its runtime dependencies from a container image publicly available through the Quay.io container registry.

A dynamic EFIVARS pstore backend is now supported. You can switch between supported backends such NVMe and EFIVARS without rebooting the system.

The rh_waived kernel command-line boot parameter is now supported to enable waived features in RHEL. However, waived features are disabled by default in RHEL 10.

Dynamic programming languages, web and database servers

RHEL 10.0 provides the following dynamic programming languages:

Python 3.12
Ruby 3.3
Node.js 22
Perl 5.40
PHP 8.3

RHEL 10.0 includes the following version control systems:

Git 2.45
Subversion 1.14

The following web servers are distributed with RHEL 10.0:

Apache HTTP Server 2.4.62
nginx 1.26

The following proxy caching servers are available:

Varnish Cache 7.4
Squid 6.10

RHEL 10.0 offers the following database servers:

MariaDB 10.11
MySQL 8.4
PostgreSQL 16
Valkey 7.2

See New features - Dynamic programming languages, web and database servers for more information.

Compilers and development tools

System toolchain

The following system toolchain components are available with RHEL 10.0:

GCC 14.2
glibc 2.39
Annobin 12.55
binutils 2.41

Performance tools and debuggers

The following performance tools and debuggers are available with RHEL 10.0:

GDB 14.2
Valgrind 3.23.0
SystemTap 5.1
Dyninst 12.3.0
elfutils 0.192
libabigail 2.6

Performance monitoring tools

The following performance monitoring tools are available with RHEL 10.0:

PCP 6.3.0
Grafana 10.2.6

Compiler toolsets

The following compiler toolsets are available with RHEL 10.0:

LLVM Toolset 19.1.7
Rust Toolset 1.84.1
Go Toolset 1.23

For detailed changes, see New features - Compilers and development tools.

Identity Management

Key highlights for Identity Management:

The IdM server functions only partially or not at all. Specifically, you cannot install the ipa-server-dns package, and the embedded DNS server cannot be configured using the -setup-dns option. Until the necessary updates to bind-dyndb-ldap and other impacted components are completed, the integrated DNS feature remains unavailable.

See Known Issues - Identity Management for more information.

The web console

With the new File browser provided by the cockpit-files package, you can manage files and directories in the RHEL web console.

See New features - The web console for more information.

Red Hat Enterprise Linux system roles

Notable new features in 10.0 RHEL system roles:

With the new RHEL system role aide, you can detect unauthorized changes to files, directories, and system binaries.
With the systemd RHEL system role you can now manage user units in addition to system units
You can use the ha_cluster RHEL system role to export the corosync configuration of an existing cluster in a format that can be fed back to the role to create the same cluster.
You can use the podman RHEL system role to manage the quadlet units of type Pod.
The metrics RHEL system role now supports Valkey as an alternative to Redis.

See New features and enhancements - Red Hat Enterprise Linux System Roles for more information.

1.2. In-place upgrade

In-place upgrade from RHEL 9 to RHEL 10

The supported in-place upgrade paths currently are:

From RHEL 9.6 to RHEL 10.0 on the following architectures:
- AMD and Intel 64-bit architectures (x86-64-v3)
- The 64-bit ARM architecture (ARMv8.0-A)
- IBM Power Systems, Little Endian (POWER9)
- 64-bit IBM Z (z14)

For more information, see Supported in-place upgrade paths for Red Hat Enterprise Linux.

For instructions on performing an in-place upgrade, see Upgrading from RHEL 9 to RHEL 10.

In-place upgrade from RHEL 8 to RHEL 10

It is not possible to perform an in-place upgrade directly from RHEL 8 to RHEL 10. However, you can perform an in-place upgrade from RHEL 8 to RHEL 9 and then perform a second in-place upgrade to RHEL 10. For more information, see In-place upgrades over multiple RHEL major versions by using Leapp.

1.3. Red Hat Customer Portal Labs

Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:

1.4. Additional resources

The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.

Note

Public release notes include links to access the original tracking tickets, but private release notes are not viewable so do not include links.^[1]