Chapter 1. Overview
1.1. Major changes in RHEL 9.3
Installer and image creation
Key highlights for image builder:
- Enhancement to the AWS EC2 AMD or Intel 64-bit architecture AMI image to support UEFI boot, in addition to the legacy BIOS boot.
For more information, see New features - Installer and image creation.
1.1.1. Bootloader
New default behavior of grub2-mkconfig
with BLS
With this release, the grub2-mkconfig
command no longer overwrites the kernel command line in Boot Loader Specification (BLS) snippets with GRUB_CMDLINE_LINUX
by default. Each kernel in the boot loader menu takes its kernel command line from its BLS snippet. This new default behavior is caused by the GRUB_ENABLE_BLSCFG=true
option.
For details, see New features in Bootloader.
RHEL for Edge
Key highlights for RHEL for Edge:
Support added to the following image types:
-
minimal-raw
-
edge-vsphere
-
edge-ami
-
New FIDO Device Onboarding Servers container images available
- rhel9/fdo-manufacturing-server
- rhel9/fdo-owner-onboarding-server
- rhel9/fdo-rendezvous-server
- rhel9/fdo-serviceinfo-api-server
For more information, see New features - RHEL for Edge.
Security
Key security-related highlights:
- Keylime was rebased to version 7.3.0.
-
The
keylime
RHEL System Role is available. With this role, you can more easily configure the Keylime verifier and Keylime registrar. - OpenSSH was migrated further from the less secure SHA-1 message digest for cryptographic purposes, and instead applies the more secure SHA-2 in additional scenarios.
- The pcsc-lite-ccid USB Chip/Smart Card Interface Device(CCID)) and Integrated Circuit Card Device (ICCD) driver was rebased to version 1.5.2.
- RHEL 9.3 introduces further improvements to support the Extended Master Secret (EMS) extension (RFC 7627) required by the FIPS-140-3 standard for all TLS 1.2 connections.
- SEtools, the collection of graphical tools, command-line tools, and libraries for SELinux policy analysis, was rebased to version 4.4.3.
- OpenSCAP was rebased to version 1.3.8.
SCAP Security Guide was rebased to version 0.1.69, most notably:
- ANSSI profiles were updated to version 2.0.
- Three new SCAP profiles were added for RHEL 9 aligned with the CCN-STIC-610A22 Guide.
See New features - Security for more information.
Dynamic programming languages, web and database servers
Later versions of the following Application Streams are now available:
- Redis 7
- Node.js 20
In addition, the Apache HTTP Server has been updated to version 2.4.57.
See New features - Dynamic programming languages, web and database servers for more information.
Compilers and development tools
Updated system toolchain
The following system toolchain component has been updated in RHEL 9.3:
- GCC 11.4.1
Updated performance tools and debuggers
The following performance tools and debuggers have been updated in RHEL 9.3:
- Valgrind 3.21
- SystemTap 4.9
- elfutils 0.189
Updated performance monitoring tools
The following performance monitoring tools have been updated in RHEL 9.3:
- PCP 6.0.5
- Grafana 9.2.10
Updated compiler toolsets
The following compiler toolsets have been updated in RHEL 9.3:
- GCC Toolset 13 (new)
- LLVM Toolset 16.0.6
- Rust Toolset 1.71.1
- Go Toolset 1.20.10
For detailed changes, see New features - Compilers and development tools.
Java implementations in RHEL 9
The RHEL 9 AppStream repository includes:
-
The
java-21-openjdk
packages, which provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. An OpenJDK 21.0.1 security release is also available to install. It is recommended that you install the OpenJDK 21.0.1 update to acquire the latest security fixes. -
The
java-17-openjdk
packages, which provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. -
The
java-11-openjdk
packages, which provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. -
The
java-1.8.0-openjdk
packages, which provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
The Red Hat build of OpenJDK packages share a single set of binaries between its portable Linux releases and RHEL 9.3 and later releases. With this update, there is a change in the process of rebuilding the OpenJDK packages on RHEL from the source RPM. For more information about the new rebuilding process, see the README.md file which is available in the SRPM package of the Red Hat build of OpenJDK and is also installed by the java-*-openjdk-headless
packages under the /usr/share/doc
tree.
For more information, see OpenJDK documentation.
1.2. In-place upgrade
In-place upgrade from RHEL 8 to RHEL 9
The supported in-place upgrade paths currently are:
From RHEL 8.6 to RHEL 9.0, RHEL 8.8 to RHEL 9.2, and RHEL 8.9 to RHEL 9.3 on the following architectures:
- 64-bit Intel
- 64-bit AMD
- 64-bit ARM
- IBM POWER 9 (little endian)
- IBM Z architectures, excluding z13
- From RHEL 8.6 to RHEL 9.0 and RHEL 8.8 to RHEL 9.2 on systems with SAP HANA
For more information, see Supported in-place upgrade paths for Red Hat Enterprise Linux.
For instructions on performing an in-place upgrade, see Upgrading from RHEL 8 to RHEL 9.
If you are upgrading to RHEL 9.2 with SAP HANA, ensure that the system is certified for SAP before the upgrade. For instructions on performing an in-place upgrade on systems with SAP environments, see How to in-place upgrade SAP environments from RHEL 8 to RHEL 9.
Notable enhancements include:
-
Requirements on disk space have been significantly reduced on systems with XFS filesystems formatted with
ftype=0
. -
Disk images created during the upgrade process for upgrade purposes now have dynamic sizes. The
LEAPP_OVL_SIZE
environment variable is not needed anymore. - Issues with the calculation of the required free space on existing disk partitions have been fixed. The missing free disk space is now correctly detected before the required reboot of the system, and the report correctly displays file systems that do not have enough free space to proceed the upgrade RPM transaction.
- Third-party drivers can now be managed during the in-place upgrade process using custom leapp actors.
- An overview of the pre-upgrade and upgrade reports is now printed in the terminal.
- Upgrades of RHEL Real Time and RHEL Real Time for Network Functions Virtualization (NFV) in Red Hat OpenStack Platform are now supported.
In-place upgrade from RHEL 7 to RHEL 9
It is not possible to perform an in-place upgrade directly from RHEL 7 to RHEL 9. However, you can perform an in-place upgrade from RHEL 7 to RHEL 8 and then perform a second in-place upgrade to RHEL 9. For more information, see Upgrading from RHEL 7 to RHEL 8.
1.3. Red Hat Customer Portal Labs
Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:
- Registration Assistant
- Kickstart Generator
- Red Hat Product Certificates
- Red Hat CVE Checker
- Kernel Oops Analyzer
- Red Hat Code Browser
- VNC Configurator
- Red Hat OpenShift Container Platform Update Graph
- Red Hat Satellite Upgrade Helper
- JVM Options Configuration Tool
- Load Balancer Configuration Tool
- Red Hat OpenShift Data Foundation Supportability and Interoperability Checker
- Ansible Automation Platform Upgrade Assistant
- Ceph Placement Groups (PGs) per Pool Calculator
1.4. Additional resources
Capabilities and limits of Red Hat Enterprise Linux 9 as compared to other versions of the system are available in the Knowledgebase article Red Hat Enterprise Linux technology capabilities and limits.
Information regarding the Red Hat Enterprise Linux life cycle is provided in the Red Hat Enterprise Linux Life Cycle document.
The Package manifest document provides a package listing for RHEL 9, including licenses and application compatibility levels.
Application compatibility levels are explained in the Red Hat Enterprise Linux 9: Application Compatibility Guide document.
Major differences between RHEL 8 and RHEL 9, including removed functionality, are documented in Considerations in adopting RHEL 9.
Instructions on how to perform an in-place upgrade from RHEL 8 to RHEL 9 are provided by the document Upgrading from RHEL 8 to RHEL 9.
The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.
Public release notes include links to access the original tracking tickets, but private release notes are not viewable so do not include links.[1]