Chapter 10. Deprecated functionalities

download PDF

Deprecated devices are fully supported, which means that they are tested and maintained, and their support status remains unchanged within Red Hat Enterprise Linux 9. However, these devices will likely not be supported in the next major version release, and are not recommended for new deployments on the current or future major versions of RHEL.

For the most recent list of deprecated functionality within a particular major release, see the latest version of release documentation. For information about the length of support, see Red Hat Enterprise Linux Life Cycle and Red Hat Enterprise Linux Application Streams Life Cycle.

A package can be deprecated and not recommended for further use. Under certain circumstances, a package can be removed from the product. Product documentation then identifies more recent packages that offer functionality similar, identical, or more advanced to the one deprecated, and provides further recommendations.

For information regarding functionality that is present in RHEL 8 but has been removed in RHEL 9, see Considerations in adopting RHEL 9.

10.1. Installer and image creation

Deprecated Kickstart commands

The following Kickstart commands have been deprecated:

  • timezone --ntpservers
  • timezone --nontp
  • logging --level
  • %packages --excludeWeakdeps
  • %packages --instLangs
  • %anaconda
  • pwpolicy
  • nvdimm

Note that where only specific options are listed, the base command and its other options are still available and not deprecated. Using the deprecated commands in Kickstart files prints a warning in the logs. You can turn the deprecated command warnings into errors with the inst.ksstrict boot option.


User and Group customizations in the edge-commit and edge-container blueprints have been deprecated

Specifying a user or group customization in the blueprints is deprecated for the edge-commit and edge-container image types, because the user customization disappears when you upgrade the image and do not specify the user in the blueprint again.

Note that specifying a user or group customization in blueprints that are used to deploy an existing OSTree commit, such as edge-raw-image, edge-installer, and edge-simplified-installer image types remains supported.


The initial-setup package now has been deprecated

The initial-setup package has been deprecated in Red Hat Enterprise Linux 9.3 and will be removed in the next major RHEL release. As a replacement, use gnome-initial-setup for the graphical user interface.


The provider_hostip and provider_fedora_geoip values of the inst.geoloc boot option are deprecated

The provider_hostip and provider_fedora_geoip values that specified the GeoIP API for the inst.geoloc= boot option are deprecated. As a replacement, you can use the geolocation_provider=URL option to set the required geolocation in the installation program configuration file. You can still use the inst.geoloc=0 option to disable the geolocation.


Capturing screenshots from the Anaconda GUI with a global hot key is deprecated

Previously, users could capture screenshots of the Anaconda GUI by using a global hot key. This meant that users could extract the screenshots manually from the installation environment for any further usage. This functionality has been deprecated.


Anaconda built-in help has been deprecated

The built-in documentation from spokes and hubs of all Anaconda user interfaces, which is available during Anaconda installation, has been deprecated. As a replacement, the Anaconda user interfaces will be self-descriptive and users can refer to the official RHEL documentation in the future major RHEL release.


Support for NVDIMM devices has been deprecated

Previously, the installation program allowed reconfiguring NVDIMM devices during installation. This support for NVDIMM devices during the Kickstart and GUI installation has been deprecated, and will be removed in the next major RHEL release. The NVDIMM devices in the sector mode will still be visible and usable in the installation program.


Unable to load an updated driver from the driver update disc in the installation environment

A new version of a driver from the driver update disc might not load if the same driver from the installation initial RAM disk has already been loaded. As a consequence, an updated version of the driver cannot be applied to the installation environment.

As a workaround, use the modprobe.blacklist= kernel command line option together with the inst.dd option. For example, to ensure that an updated version of the virtio_blk driver from a driver update disc is loaded, use modprobe.blacklist=virtio_blk and then continue with the usual procedure to apply drivers from the driver update disk. As a result, the system can load an updated version of the driver and use it in the installation environment.


10.2. Security

SHA-1 is deprecated for cryptographic purposes

The usage of the SHA-1 message digest for cryptographic purposes has been deprecated in RHEL 9. The digest produced by SHA-1 is not considered secure because of many documented successful attacks based on finding hash collisions. The RHEL core crypto components no longer create signatures using SHA-1 by default. Applications in RHEL 9 have been updated to avoid using SHA-1 in security-relevant use cases.

Among the exceptions, the HMAC-SHA1 message authentication code and the Universal Unique Identifier (UUID) values can still be created using SHA-1 because these use cases do not currently pose security risks. SHA-1 also can be used in limited cases connected with important interoperability and compatibility concerns, such as Kerberos and WPA-2. See the List of RHEL applications using cryptography that is not compliant with FIPS 140-3 section in the RHEL 9 Security hardening document for more details.

If your scenario requires the use of SHA-1 for verifying existing or third-party cryptographic signatures, you can enable it by entering the following command:

# update-crypto-policies --set DEFAULT:SHA1

Alternatively, you can switch the system-wide crypto policies to the LEGACY policy. Note that LEGACY also enables many other algorithms that are not secure.


fapolicyd.rules is deprecated

The /etc/fapolicyd/rules.d/ directory for files containing allow and deny execution rules replaces the /etc/fapolicyd/fapolicyd.rules file. The fagenrules script now merges all component rule files in this directory to the /etc/fapolicyd/compiled.rules file. Rules in /etc/fapolicyd/ are still processed by the fapolicyd framework but only for ensuring backward compatibility.


SCP is deprecated in RHEL 9

The secure copy protocol (SCP) is deprecated because it has known security vulnerabilities. The SCP API remains available for the RHEL 9 lifecycle but using it reduces system security.

  • In the scp utility, SCP is replaced by the SSH File Transfer Protocol (SFTP) by default.
  • The OpenSSH suite does not use SCP in RHEL 9.
  • SCP is deprecated in the libssh library.


OpenSSL requires padding for RSA encryption in FIPS mode

OpenSSL no longer supports RSA encryption without padding in FIPS mode. RSA encryption without padding is uncommon and is rarely used. Note that key encapsulation with RSA (RSASVE) does not use padding but is still supported.


OpenSSL deprecates the Engines API

The OpenSSL 3.0 TLS toolkit deprecated the Engines API. The Engines interface is superseded by the Providers API. The migration of applications and existing engines to Providers is underway. The deprecated Engines API might be removed in a future major release.


openssl-pkcs11 is now deprecated

As a part of the ongoing migration of deprecated OpenSSL engines to the Providers API, the pkcs11-provider package replaces the openssl-pkcs11 package (engine_pkcs11). The openssl-pkcs11 package is now deprecated. The openssl-pkcs11 package might be removed in a future major release.


RHEL 8 and 9 OpenSSL certificate and signing containers are now deprecated

The OpenSSL portable certificate and signing containers available in the ubi8/openssl and ubi9/openssl repositories in the Red Hat Ecosystem Catalog are now deprecated due to low demand.


Digest-MD5 in SASL is deprecated

The Digest-MD5 authentication mechanism in the Simple Authentication Security Layer (SASL) framework is deprecated, and it might be removed from the cyrus-sasl packages in a future major release.


OpenSSL deprecates MD2, MD4, MDC2, Whirlpool, Blowfish, CAST, DES, IDEA, RC2, RC4, RC5, SEED, and PBKDF1

The OpenSSL project has deprecated a set of cryptographic algorithms because they are insecure, uncommonly used, or both. Red Hat also discourages the use of those algorithms, and RHEL 9 provides them for migrating encrypted data to use new algorithms. Users must not depend on those algorithms for the security of their systems.

The implementations of the following algorithms have been moved to the legacy provider in OpenSSL: MD2, MD4, MDC2, Whirlpool, Blowfish, CAST, DES, IDEA, RC2, RC4, RC5, SEED, and PBKDF1.

See the /etc/pki/tls/openssl.cnf configuration file for instructions on how to load the legacy provider and enable support for the deprecated algorithms.


/etc/system-fips is now deprecated

Support for indicating FIPS mode through the /etc/system-fips file has been removed, and the file will not be included in future versions of RHEL. To install RHEL in FIPS mode, add the fips=1 parameter to the kernel command line during the system installation. You can check whether RHEL operates in FIPS mode by using the fips-mode-setup --check command.

Jira:RHELPLAN-103232[1] is now deprecated

The library is now deprecated, and it might be removed in a future version of RHEL.


10.3. Subscription management

The deprecated --token option of subscription-manager register will stop working at the end of November 2024

The deprecated --token=<TOKEN> option of the subscription-manager register command will no longer be a supported authentication method from the end of November 2024. The default entitlement server,, will no longer be allowing token-based authentication. As a consequence, if you use subscription-manager register --token=<TOKEN>, the registration will fail with the following error message:

Token authentication not supported by the entitlement server

To register your system, use other supported authorization methods, such as including paired options --username / --password OR --org / --activationkey with the subscription-manager register command.


10.4. Shells and command-line tools

The dump utility from the dump package has been deprecated

The dump utility used for backup of file systems has been deprecated and will not be available in RHEL 9.

In RHEL 9, Red Hat recommends using the tar, dd, or bacula, backup utility, based on type of usage, which provides full and safe backups on ext2, ext3, and ext4 file systems.

Note that the restore utility from the dump package remains available and supported in RHEL 9 and is available as the restore package.


The SQLite database backend in Bacula has been deprecated

The Bacula backup system supported multiple database backends: PostgreSQL, MySQL, and SQLite. The SQLite backend has been deprecated and will become unsupported in a later release of RHEL. As a replacement, migrate to one of the other backends (PostgreSQL or MySQL) and do not use the SQLite backend in new deployments.


The %vmeff metric from the sysstat package has been deprecated

The %vmeff metric from the sysstat package to measure the page reclaim efficiency will no longer be supported in a future major version of RHEL. The values of the %vmeff column returned by the sar -B command are incorrect because sysstat does not parse all relevant /proc/vmstat values provided by later kernel versions.

You can calculate the %vmeff value manually from the /proc/vmstat file. For details, see Why the sar(1) tool reports %vmeff values beyond 100 % in RHEL 8 and RHEL 9?


Setting the TMPDIR variable in the ReaR configuration file is deprecated

Setting the TMPDIR environment variable in the /etc/rear/local.conf or /etc/rear/site.conf ReaR configuration file), by using a statement such as export TMPDIR=…​, is deprecated.

To specify a custom directory for ReaR temporary files, export the variable in the shell environment before executing ReaR. For example, execute the export TMPDIR=…​ statement and then execute the rear command in the same shell session or script.


cgroupsv1 is now deprecated in RHEL 9

The cgroups is a kernel subsystem used for process tracking, system resource allocation and partitioning. Systemd service manager supports booting in the cgroups v1 mode and in cgroups v2 mode. In Red Hat Enterprise Linux 9, the default mode is v2. In Red Hat Enterprise Linux 10, systemd will not support booting in the cgroups v1 mode and only cgroups v2 mode will be available.


10.5. Infrastructure services

Client-side and server-side DHCP packages are deprecated

Internet Systems Consortium (ISC) has announced the end of maintenance for ISC DHCP as of the end of 2022. As a result, Red Hat has decided to deprecate the use of client-side and server-side DHCP packages in RHEL 9 and not to distribute them in later major versions of RHEL. Customers must prepare for the migration to available alternatives, such as dhcpcd and ISC Kea.


The sendmail, libotr, mod_security, and spamassassin packages are now deprecated

The following packages are deprecated in RHEL 9 and will not be distributed in later major versions of RHEL:

  • sendmail - Red Hat recommends migrating to the postfix mail daemon, which is supported.
  • libotr
  • mod_security
  • spamassassin


10.6. Networking

Network teams are deprecated in RHEL 9

The teamd service and the libteam library are deprecated in Red Hat Enterprise Linux 9 and will be removed in the next major release. As a replacement, configure a bond instead of a network team.

Red Hat focuses its efforts on kernel-based bonding to avoid maintaining two features, bonds and teams, that have similar functions. The bonding code has a high customer adoption, is robust, and has an active community development. As a result, the bonding code receives enhancements and updates.

For details about how to migrate a team to a bond, see Migrating a network team configuration to network bond.


NetworkManager connection profiles in ifcfg format are deprecated

In RHEL 9.0 and later, connection profiles in ifcfg format are deprecated. The next major RHEL release will remove the support for this format. However, in RHEL 9, NetworkManager still processes and updates existing profiles in this format if you modify them.

By default, NetworkManager now stores connection profiles in keyfile format in the /etc/NetworkManager/system-connections/ directory. Unlike the ifcfg format, the keyfile format supports all connection settings that NetworkManager provides. For further details about the keyfile format and how to migrate profiles, see NetworkManager connection profiles in keyfile format.


The iptables back end in firewalld is deprecated

In RHEL 9, the iptables framework is deprecated. As a consequence, the iptables backend and the direct interface in firewalld are also deprecated. Instead of the direct interface you can use the native features in firewalld to configure the required rules.


The firewalld lockdown feature is deprecated.

The lockdown feature in firewalld is deprecated because it cannot prevent processes that are running as root from adding themselves to the allow list. The lockdown feature might be removed in a future major RHEL release.


The connection.master, connection.slave-type, and connection.autoconnect-slaves properties are deprecated

Red Hat is committed to using conscious language. For details about this initiative, see Making open source more inclusive. Therefore, the connection.master, connection.slave-type, and connection.autoconnect-slaves properties were renamed. To ensure backward compatibility, aliases have been created that map the old property names to the new ones:

  • connection.master is an alias for connection.controller
  • connection.slave-type is an alias for connection.port-type
  • connection.autoconnect-slaves is an alias for connection.autoconnect-ports

Note that the connection.master, connection.slave-type, and connection.autoconnect-slaves aliases are deprecated and will be removed in a future RHEL version.


The PF_KEYv2 kernel API is deprecated

Applications can configure the kernel’s IPsec implementation by using the PV_KEYv2 and the newer netlink API. PV_KEYv2 is not actively maintained upstream and misses important security features, such as modern ciphers, offload, and extended sequence number support. As a result, starting with RHEL 9.3, the PV_KEYv2 API is deprecated and will be removed in the next major RHEL release. If you use this kernel API in your application, migrate it to use the modern netlink API as an alternative.


10.7. Kernel

ATM encapsulation is deprecated in RHEL 9

Asynchronous Transfer Mode (ATM) encapsulation enables Layer-2 (Point-to-Point Protocol, Ethernet) or Layer-3 (IP) connectivity for the ATM Adaptation Layer 5 (AAL-5). Red Hat has not been providing support for ATM NIC drivers since RHEL 7. The support for ATM implementation is being dropped in RHEL 9. These protocols are currently used only in chipsets, which support the ADSL technology and are being phased out by manufacturers. Therefore, ATM encapsulation is deprecated in Red Hat Enterprise Linux 9.

For more information, see PPP Over AAL5, Multiprotocol Encapsulation over ATM Adaptation Layer 5, and Classical IP and ARP over ATM.


The kexec_load system call for kexec-tools has been deprecated

The kexec_load system call, which loads the second kernel, will not be supported in future RHEL releases. The kexec_file_load system call replaces kexec_load and is now the default system call on all architectures.

For more information, see Is kexec_load supported in RHEL9?.


Network teams are deprecated in RHEL 9

The teamd service and the libteam library are deprecated in Red Hat Enterprise Linux 9 and will be removed in the next major release. As a replacement, configure a bond instead of a network team.

Red Hat focuses its efforts on kernel-based bonding to avoid maintaining two features, bonds and teams, that have similar functions. The bonding code has a high customer adoption, is robust, and has an active community development. As a result, the bonding code receives enhancements and updates.

For details about how to migrate a team to a bond, see Migrating a network team configuration to network bond.


10.8. File systems and storage

lvm2-activation-generator and its generated services removed in RHEL 9.0

The lvm2-activation-generator program and its generated services lvm2-activation, lvm2-activation-early, and lvm2-activation-net are removed in RHEL 9.0. The lvm.conf event_activation setting, used to activate the services, is no longer functional. The only method for auto activating volume groups is event based activation.


Persistent Memory Development Kit (pmdk) and support library have been deprecated in RHEL 9

pmdk is a collection of libraries and tools for System Administrators and Application Developers to simplify managing and accessing persistent memory devices. pmdk and support library have been deprecated in RHEL 9. This also includes the -debuginfo packages.

The following list of binary packages produced by pmdk, including the nvml source package have been deprecated:

  • libpmem
  • libpmem-devel
  • libpmem-debug
  • libpmem2
  • libpmem2-devel
  • libpmem2-debug
  • libpmemblk
  • libpmemblk-devel
  • libpmemblk-debug
  • libpmemlog
  • libpmemlog-devel
  • libpmemlog-debug
  • libpmemobj
  • libpmemobj-devel
  • libpmemobj-debug
  • libpmempool
  • libpmempool-devel
  • libpmempool-debug
  • pmempool
  • daxio
  • pmreorder
  • pmdk-convert
  • libpmemobj++
  • libpmemobj++-devel
  • libpmemobj++-doc


The md-linear and md-faulty modules have been deprecated

The following MD RAID kernel modules have been deprecated, and will be removed in a future major RHEL release:

  • CONFIG_MD_LINEAR or md-linear module to concatenate multiple drives so that when a single member disk becomes full, data will be written to the next disk until all disks are full.
  • CONFIG_MD_FAULTY or md-faulty module to test a block device that occasionally returns read or write errors. It is useful for testing.


The VDO sysfs parameters have been deprecated

The Virtual Data Optimizer (VDO) sysfs parameters have been deprecated and will be removed in a future major RHEL release. Except for log_level, all module-level sysfs parameters for the kvdo module will be removed. For individual dm-vdo targets, all sysfs parameters specific to VDO will also be removed. There is no change for the parameters that are common to all DM targets. Configuration values for dm-vdo targets, which are currently set by updating the removed module-level parameters, can no longer be changed.

Statistics and configuration values for dm-vdo targets will no longer be accessible through sysfs. But these values are still accessible by using dmsetup message stats, dmsetup status, and dmsetup table dmsetup commands


10.9. Dynamic programming languages, web and database servers

libdb has been deprecated

RHEL 8 and RHEL 9 currently provide Berkeley DB (libdb) version 5.3.28, which is distributed under the LGPLv2 license. The upstream Berkeley DB version 6 is available under the AGPLv3 license, which is more restrictive.

The libdb package is deprecated as of RHEL 9 and might not be available in future major RHEL releases.

In addition, cryptographic algorithms have been removed from libdb in RHEL 9 and multiple libdb dependencies have been removed from RHEL 9.

Users of libdb are advised to migrate to a different key-value database. For more information, see the Knowledgebase article Available replacements for the deprecated Berkeley DB (libdb) in RHEL.

Bugzilla:1927780[1], Jira:RHELPLAN-80695, Bugzilla:1974657

10.10. Compilers and development tools

Smaller size of keys than 2048 are deprecated by openssl 3.0 in Go’s FIPS mode

Key sizes smaller than 2048 bits are deprecated by openssl 3.0 and no longer work in Go’s FIPS mode.


Some PKCS1 v1.5 modes are now deprecated in Go’s FIPS mode

Some PKCS1 v1.5 modes are not approved in FIPS-140-3 for encryption and are disabled. They will no longer work in Go’s FIPS mode.


32-bit packages are deprecated

Linking against 32-bit multilib packages is deprecated. The *.i686 packages will remain supported for the life cycle of Red Hat Enterprise Linux 9, but will be removed in the next major version of RHEL.


10.11. Identity Management

SHA-1 in OpenDNSSec is now deprecated

OpenDNSSec supports exporting Digital Signatures and authentication records using the SHA-1 algorithm. The use of the SHA-1 algorithm is no longer supported. With the RHEL 9 release, SHA-1 in OpenDNSSec is deprecated and it might be removed in a future minor release. Additionally, OpenDNSSec support is limited to its integration with Red Hat Identity Management. OpenDNSSec is not supported standalone.


The SSSD implicit files provider domain is disabled by default

The SSSD implicit files provider domain, which retrieves user information from local files such as /etc/shadow and group information from /etc/groups, is now disabled by default.

To retrieve user and group information from local files with SSSD:

  1. Configure SSSD. Choose one of the following options:

    1. Explicitly configure a local domain with the id_provider=files option in the sssd.conf configuration file.

    2. Enable the files provider by setting enable_files_domain=true in the sssd.conf configuration file.

      enable_files_domain = true
  2. Configure the name services switch.

    # authselect enable-feature with-files-provider


The SSSD files provider has been deprecated

The SSSD files provider has been deprecated in Red Hat Enterprise Linux (RHEL) 9. The files provider might be removed from a future release of RHEL.


The enumeration feature has been deprecated for AD and IdM

The enumeration feature enables you to list all users or groups by using getent passwd or getent group commands without arguments for Active Directory (AD), Identity Management (IdM), and LDAP providers. Support for the enumeration feature has been deprecated for AD and IdM in Red Hat Enterprise Linux (RHEL) 9. The enumeration feature will be removed for AD and IdM in RHEL 10.


The libsss_simpleifp subpackage has been deprecated

The libsss_simpleifp subpackage that provides the library has been deprecated in Red Hat Enterprise Linux (RHEL) 9. The libsss_simpleifp subpackage might be removed from a future release of RHEL.


The SMB1 protocol is deprecated in Samba

Starting with Samba 4.11, the insecure Server Message Block version 1 (SMB1) protocol is deprecated and will be removed in a future release.

To improve the security, by default, SMB1 is disabled in the Samba server and client utilities.


10.12. Desktop

GTK 2 is now deprecated

The legacy GTK 2 toolkit and the following, related packages have been deprecated:

  • adwaita-gtk2-theme
  • gnome-common
  • gtk2
  • gtk2-immodules
  • hexchat

Several other packages currently depend on GTK 2. These have been modified so that they no longer depend on the deprecated packages in a future major RHEL release.

If you maintain an application that uses GTK 2, Red Hat recommends that you port the application to GTK 4.


LibreOffice is deprecated

The LibreOffice RPM packages are now deprecated and will be removed in a future major RHEL release. LibreOffice continues to be fully supported through the entire life cycle of RHEL 7, 8, and 9.

As a replacement for the RPM packages, Red Hat recommends that you install LibreOffice from either of the following sources provided by The Document Foundation:


10.13. Graphics infrastructures

Motif has been deprecated

The Motif widget toolkit has been deprecated in RHEL, because development in the upstream Motif community is inactive.

The following Motif packages have been deprecated, including their development and debugging variants:

  • motif
  • openmotif
  • openmotif21
  • openmotif22

Additionally, the motif-static package has been removed.

Red Hat recommends using the GTK toolkit as a replacement. GTK is more maintainable and provides new features compared to Motif.


10.14. Red Hat Enterprise Linux system roles

The mssql_ha_cluster_run_role has been deprecated

The mssql_ha_cluster_run_role variable has been deprecated. Instead, use the mssql_manage_ha_cluster variable.


The network system role displays a deprecation warning when configuring teams on RHEL 9 nodes

The network teaming capabilities have been deprecated in RHEL 9. As a result, using the network RHEL system role on a RHEL 8 control node to configure a network team on RHEL 9 nodes, shows a warning about the deprecation.


10.15. Virtualization

SecureBoot image verification using SHA1-based signatures is deprecated

Performing SecureBoot image verification using SHA1-based signatures on UEFI (PE/COFF) executables has become deprecated. Instead, Red Hat recommends using signatures based on the SHA2 algorithm, or later.


The virtual floppy driver has become deprecated

The isa-fdc driver, which controls virtual floppy disk devices, is now deprecated, and will become unsupported in a future release of RHEL. Therefore, to ensure forward compatibility with migrated virtual machines (VMs), Red Hat discourages using floppy disk devices in VMs hosted on RHEL 9.


qcow2-v2 image format is deprecated

With RHEL 9, the qcow2-v2 format for virtual disk images has become deprecated, and will become unsupported in a future major release of RHEL. In addition, the RHEL 9 Image Builder cannot create disk images in the qcow2-v2 format.

Instead of qcow2-v2, Red Hat strongly recommends using qcow2-v3. To convert a qcow2-v2 image to a later format version, use the qemu-img amend command.


virt-manager has been deprecated

The Virtual Machine Manager application, also known as virt-manager, has been deprecated. The RHEL web console, also known as Cockpit, is intended to become its replacement in a subsequent release. It is, therefore, recommended that you use the web console for managing virtualization in a GUI. Note, however, that some features available in virt-manager might not be yet available in the RHEL web console.


libvirtd has become deprecated

The monolithic libvirt daemon, libvirtd, has been deprecated in RHEL 9, and will be removed in a future major release of RHEL. Note that you can still use libvirtd for managing virtualization on your hypervisor, but Red Hat recommends switching to the newly introduced modular libvirt daemons. For instructions and details, see the RHEL 9 Configuring and Managing Virtualization document.


Legacy CPU models are now deprecated

A significant number of CPU models have become deprecated and will become unsupported for use in virtual machines (VMs) in a future major release of RHEL. The deprecated models are as follows:

  • For Intel: models before Intel Xeon 55xx and 75xx Processor families (also known as Nehalem)
  • For AMD: models before AMD Opteron G4
  • For IBM Z: models before IBM z14

To check whether your VM is using a deprecated CPU model, use the virsh dominfo utility, and look for a line similar to the following in the Messages section:

tainted: use of deprecated configuration settings
deprecated configuration: CPU model 'i486'


RDMA-based live migration is deprecated

With this update, migrating running virtual machines using Remote Direct Memory Access (RDMA) has become deprecated. As a result, it is still possible to use the rdma:// migration URI to request migration over RDMA, but this feature will become unsupported in a future major release of RHEL.


The Intel vGPU feature has been removed

Previously, as a Technology Preview, it was possible to divide a physical Intel GPU device into multiple virtual devices referred to as mediated devices. These mediated devices could then be assigned to multiple virtual machines (VMs) as virtual GPUs. As a result, these VMs shared the performance of a single physical Intel GPU, however only selected Intel GPUs were compatible with this feature.

Since RHEL 9.3, the Intel vGPU feature has been removed entirely.


pmem device passthrough has become deprecated

With this update, the non-volatile memory library (nvml) packages have become deprecated, and will be removed in a future major version of RHEL. As a consequence, when the package removal occurs, it will no longer be possible to pass persistent memory (pmem) devices to the virtual machines (VMs). Note that emulated NVDIMM devices backed by volatile memory or files will still be available, but will not be possible to configure as persistent.


Using Windows Server 2012 or Windows 8 as a guest operating system is not supported

Because Microsoft ended support for the following versions of Windows, Red Hat also removed support for using these versions as a guest operating system in this update.

  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2


10.16. Containers

Running RHEL 9 containers on a RHEL 7 host is not supported

Running RHEL 9 containers on a RHEL 7 host is not supported. It might work, but it is not guaranteed.

For more information, see Red Hat Enterprise Linux Container Compatibility Matrix.


SHA1 hash algorithm within Podman has been deprecated

The SHA1 algorithm used to generate the filename of the rootless network namespace is no longer supported in Podman. Therefore, rootless containers started before updating to Podman 4.1.1 or later have to be restarted if they are joined to a network (and not just using slirp4netns) to ensure they can connect to containers started after the upgrade.


rhel9/pause has been deprecated

The rhel9/pause container image has been deprecated.


The CNI network stack has been deprecated

The Container Network Interface (CNI) network stack is deprecated and will be removed from Podman in a future minor release of RHEL. Previously, containers connected to the single Container Network Interface (CNI) plugin only via DNS. Podman v.4.0 introduced a new Netavark network stack. You can use the Netavark network stack with Podman and other Open Container Initiative (OCI) container management applications. The Netavark network stack for Podman is also compatible with advanced Docker functionalities. Containers in multiple networks can access containers on any of those networks.

For more information, see Switching the network stack from CNI to Netavark.


The Inkscape and LibreOffice Flatpak images are deprecated

The rhel9/inkscape-flatpak and rhel9/libreoffice-flatpak Flatpak images, which are available as Technology Previews, have been deprecated.

Red Hat recommends the following alternatives to these images:


pasta as a network name has been deprecated

The support for pasta as a network name value is deprecated and will not be accepted in the next major release of Podman, version 5.0. You can use the pasta network name value to create a unique network mode within Podman by employing the podman run --network and podman create --network commands.


The BoltDB database backend has been deprecated

The BoltDB database backend is deprecated as of RHEL 9.4. In a future version of RHEL, the BoltDB database backend will be removed and will no longer be available to Podman. For Podman, use the SQLite database backend, which is now the default as of RHEL 9.4.


The CNI network stack has been deprecated

The Container Network Interface (CNI) network stack is deprecated and will be removed in a future release. Use the Netavark network stack instead. For more information, see Switching the network stack from CNI to Netavark.


The Podman v5.0 upcoming deprecations

The following will be deprecated in the upcoming Podman v5.0, which will be released in RHEL 9.5 and RHEL 10.0 Beta:

  • The BoltDB database backend will be deprecated. The new SQLite database backend is available.
  • The containers.conf file will be read-only. The system connections and farm information will be stored in the podman.connections.json file, managed only by Podman. Podman continues to support the old configuration options such as [engine.service_destinations] and the [farms] section. You can still add connections or farms manually if needed, however, it is not possible to delete a connection from the containers.conf file with the podman system connection rm command.

The following changes are planned for RHEL 10.0 Beta:

  • The pasta network mode will be the default network mode for rootless containers. The slirp4netns network mode will be deprecated.
  • The cgroupv1 will be deprecated.
  • The CNI network stack will be deprecated.


The rhel9/openssl has been deprecated

The rhel9/openssl container image has been deprecated.


10.17. Deprecated packages

This section lists packages that have been deprecated and will probably not be included in a future major release of Red Hat Enterprise Linux.

For changes to packages between RHEL 8 and RHEL 9, see Changes to packages in the Considerations in adopting RHEL 9 document.


The support status of deprecated packages remains unchanged within RHEL 9. For more information about the length of support, see Red Hat Enterprise Linux Life Cycle and Red Hat Enterprise Linux Application Streams Life Cycle.

The following packages have been deprecated in RHEL 9:

  • aacraid
  • adwaita-gtk2-theme
  • af_key
  • anaconda-user-help
  • autocorr-af
  • autocorr-bg
  • autocorr-ca
  • autocorr-cs
  • autocorr-da
  • autocorr-de
  • autocorr-dsb
  • autocorr-el
  • autocorr-en
  • autocorr-es
  • autocorr-fa
  • autocorr-fi
  • autocorr-fr
  • autocorr-ga
  • autocorr-hr
  • autocorr-hsb
  • autocorr-hu
  • autocorr-is
  • autocorr-it
  • autocorr-ja
  • autocorr-ko
  • autocorr-lb
  • autocorr-lt
  • autocorr-mn
  • autocorr-nl
  • autocorr-pl
  • autocorr-pt
  • autocorr-ro
  • autocorr-ru
  • autocorr-sk
  • autocorr-sl
  • autocorr-sr
  • autocorr-sv
  • autocorr-tr
  • autocorr-vi
  • autocorr-vro
  • autocorr-zh
  • cheese
  • cheese-libs
  • clutter
  • clutter-gst3
  • clutter-gtk
  • cogl
  • daxio
  • dbus-glib
  • dbus-glib-devel
  • dhcp-client
  • dhcp-common
  • dhcp-relay
  • dhcp-server
  • enchant
  • enchant-devel
  • eog
  • evolution
  • evolution-bogofilter
  • evolution-devel
  • evolution-help
  • evolution-langpacks
  • evolution-mapi
  • evolution-mapi-langpacks
  • evolution-pst
  • evolution-spamassassin
  • festival
  • festival-data
  • festvox-slt-arctic-hts
  • flite
  • flite-devel
  • firewire-core
  • gedit
  • gedit-plugin-bookmarks
  • gedit-plugin-bracketcompletion
  • gedit-plugin-codecomment
  • gedit-plugin-colorpicker
  • gedit-plugin-colorschemer
  • gedit-plugin-commander
  • gedit-plugin-drawspaces
  • gedit-plugin-findinfiles
  • gedit-plugin-joinlines
  • gedit-plugin-multiedit
  • gedit-plugin-sessionsaver
  • gedit-plugin-smartspaces
  • gedit-plugin-synctex
  • gedit-plugin-terminal
  • gedit-plugin-textsize
  • gedit-plugin-translate
  • gedit-plugin-wordcompletion
  • gedit-plugins
  • gedit-plugins-data
  • ghostscript-x11
  • gnome-common
  • gnome-photos
  • gnome-photos-tests
  • gnome-screenshot
  • gnome-themes-extra
  • gtk2
  • gtk2-devel
  • gtk2-devel-docs
  • gtk2-immodule-xim
  • gtk2-immodules
  • highcontrast-icon-theme
  • inkscape
  • inkscape-docs
  • inkscape-view
  • iptables-devel
  • iptables-libs
  • iptables-nft
  • iptables-nft-services
  • iptables-utils
  • libdb
  • libgdata
  • libgdata-devel
  • libpmem
  • libpmem-debug
  • libpmem-devel
  • libpmem2
  • libpmem2-debug
  • libpmem2-devel
  • libpmemblk
  • libpmemblk-debug
  • libpmemblk-devel
  • libpmemlog
  • libpmemlog-debug
  • libpmemlog-devel
  • libpmemobj
  • libpmemobj-debug
  • libpmemobj-devel
  • libpmempool
  • libpmempool-debug
  • libpmempool-devel
  • libreoffice
  • libreoffice-base
  • libreoffice-calc
  • libreoffice-core
  • libreoffice-data
  • libreoffice-draw
  • libreoffice-emailmerge
  • libreoffice-filters
  • libreoffice-gdb-debug-support
  • libreoffice-graphicfilter
  • libreoffice-gtk3
  • libreoffice-help-ar
  • libreoffice-help-bg
  • libreoffice-help-bn
  • libreoffice-help-ca
  • libreoffice-help-cs
  • libreoffice-help-da
  • libreoffice-help-de
  • libreoffice-help-dz
  • libreoffice-help-el
  • libreoffice-help-en
  • libreoffice-help-eo
  • libreoffice-help-es
  • libreoffice-help-et
  • libreoffice-help-eu
  • libreoffice-help-fi
  • libreoffice-help-fr
  • libreoffice-help-gl
  • libreoffice-help-gu
  • libreoffice-help-he
  • libreoffice-help-hi
  • libreoffice-help-hr
  • libreoffice-help-hu
  • libreoffice-help-id
  • libreoffice-help-it
  • libreoffice-help-ja
  • libreoffice-help-ko
  • libreoffice-help-lt
  • libreoffice-help-lv
  • libreoffice-help-nb
  • libreoffice-help-nl
  • libreoffice-help-nn
  • libreoffice-help-pl
  • libreoffice-help-pt-BR
  • libreoffice-help-pt-PT
  • libreoffice-help-ro
  • libreoffice-help-ru
  • libreoffice-help-si
  • libreoffice-help-sk
  • libreoffice-help-sl
  • libreoffice-help-sv
  • libreoffice-help-ta
  • libreoffice-help-tr
  • libreoffice-help-uk
  • libreoffice-help-zh-Hans
  • libreoffice-help-zh-Hant
  • libreoffice-impress
  • libreoffice-langpack-af
  • libreoffice-langpack-ar
  • libreoffice-langpack-as
  • libreoffice-langpack-bg
  • libreoffice-langpack-bn
  • libreoffice-langpack-br
  • libreoffice-langpack-ca
  • libreoffice-langpack-cs
  • libreoffice-langpack-cy
  • libreoffice-langpack-da
  • libreoffice-langpack-de
  • libreoffice-langpack-dz
  • libreoffice-langpack-el
  • libreoffice-langpack-en
  • libreoffice-langpack-eo
  • libreoffice-langpack-es
  • libreoffice-langpack-et
  • libreoffice-langpack-eu
  • libreoffice-langpack-fa
  • libreoffice-langpack-fi
  • libreoffice-langpack-fr
  • libreoffice-langpack-fy
  • libreoffice-langpack-ga
  • libreoffice-langpack-gl
  • libreoffice-langpack-gu
  • libreoffice-langpack-he
  • libreoffice-langpack-hi
  • libreoffice-langpack-hr
  • libreoffice-langpack-hu
  • libreoffice-langpack-id
  • libreoffice-langpack-it
  • libreoffice-langpack-ja
  • libreoffice-langpack-kk
  • libreoffice-langpack-kn
  • libreoffice-langpack-ko
  • libreoffice-langpack-lt
  • libreoffice-langpack-lv
  • libreoffice-langpack-mai
  • libreoffice-langpack-ml
  • libreoffice-langpack-mr
  • libreoffice-langpack-nb
  • libreoffice-langpack-nl
  • libreoffice-langpack-nn
  • libreoffice-langpack-nr
  • libreoffice-langpack-nso
  • libreoffice-langpack-or
  • libreoffice-langpack-pa
  • libreoffice-langpack-pl
  • libreoffice-langpack-pt-BR
  • libreoffice-langpack-pt-PT
  • libreoffice-langpack-ro
  • libreoffice-langpack-ru
  • libreoffice-langpack-si
  • libreoffice-langpack-sk
  • libreoffice-langpack-sl
  • libreoffice-langpack-sr
  • libreoffice-langpack-ss
  • libreoffice-langpack-st
  • libreoffice-langpack-sv
  • libreoffice-langpack-ta
  • libreoffice-langpack-te
  • libreoffice-langpack-th
  • libreoffice-langpack-tn
  • libreoffice-langpack-tr
  • libreoffice-langpack-ts
  • libreoffice-langpack-uk
  • libreoffice-langpack-ve
  • libreoffice-langpack-xh
  • libreoffice-langpack-zh-Hans
  • libreoffice-langpack-zh-Hant
  • libreoffice-langpack-zu
  • libreoffice-math
  • libreoffice-ogltrans
  • libreoffice-opensymbol-fonts
  • libreoffice-pdfimport
  • libreoffice-pyuno
  • libreoffice-sdk
  • libreoffice-sdk-doc
  • libreoffice-ure
  • libreoffice-ure-common
  • libreoffice-wiki-publisher
  • libreoffice-writer
  • libreoffice-x11
  • libreoffice-xsltfilter
  • libreofficekit
  • libsoup
  • libsoup-devel
  • libuser
  • libuser-devel
  • libwpe
  • libwpe-devel
  • mcpp
  • mod_auth_mellon
  • motif
  • motif-devel
  • pmdk-convert
  • pmempool
  • python3-pytz
  • qla4xxx
  • qt5
  • qt5-assistant
  • qt5-designer
  • qt5-devel
  • qt5-doctools
  • qt5-linguist
  • qt5-qdbusviewer
  • qt5-qt3d
  • qt5-qt3d-devel
  • qt5-qt3d-doc
  • qt5-qt3d-examples
  • qt5-qtbase
  • qt5-qtbase-common
  • qt5-qtbase-devel
  • qt5-qtbase-doc
  • qt5-qtbase-examples
  • qt5-qtbase-gui
  • qt5-qtbase-mysql
  • qt5-qtbase-odbc
  • qt5-qtbase-postgresql
  • qt5-qtbase-private-devel
  • qt5-qtbase-static
  • qt5-qtconnectivity
  • qt5-qtconnectivity-devel
  • qt5-qtconnectivity-doc
  • qt5-qtconnectivity-examples
  • qt5-qtdeclarative
  • qt5-qtdeclarative-devel
  • qt5-qtdeclarative-doc
  • qt5-qtdeclarative-examples
  • qt5-qtdeclarative-static
  • qt5-qtdoc
  • qt5-qtgraphicaleffects
  • qt5-qtgraphicaleffects-doc
  • qt5-qtimageformats
  • qt5-qtimageformats-doc
  • qt5-qtlocation
  • qt5-qtlocation-devel
  • qt5-qtlocation-doc
  • qt5-qtlocation-examples
  • qt5-qtmultimedia
  • qt5-qtmultimedia-devel
  • qt5-qtmultimedia-doc
  • qt5-qtmultimedia-examples
  • qt5-qtquickcontrols
  • qt5-qtquickcontrols-doc
  • qt5-qtquickcontrols-examples
  • qt5-qtquickcontrols2
  • qt5-qtquickcontrols2-devel
  • qt5-qtquickcontrols2-doc
  • qt5-qtquickcontrols2-examples
  • qt5-qtscript
  • qt5-qtscript-devel
  • qt5-qtscript-doc
  • qt5-qtscript-examples
  • qt5-qtsensors
  • qt5-qtsensors-devel
  • qt5-qtsensors-doc
  • qt5-qtsensors-examples
  • qt5-qtserialbus
  • qt5-qtserialbus-devel
  • qt5-qtserialbus-doc
  • qt5-qtserialbus-examples
  • qt5-qtserialport
  • qt5-qtserialport-devel
  • qt5-qtserialport-doc
  • qt5-qtserialport-examples
  • qt5-qtsvg
  • qt5-qtsvg-devel
  • qt5-qtsvg-doc
  • qt5-qtsvg-examples
  • qt5-qttools
  • qt5-qttools-common
  • qt5-qttools-devel
  • qt5-qttools-doc
  • qt5-qttools-examples
  • qt5-qttools-libs-designer
  • qt5-qttools-libs-designercomponents
  • qt5-qttools-libs-help
  • qt5-qttools-static
  • qt5-qttranslations
  • qt5-qtwayland
  • qt5-qtwayland-devel
  • qt5-qtwayland-doc
  • qt5-qtwayland-examples
  • qt5-qtwebchannel
  • qt5-qtwebchannel-devel
  • qt5-qtwebchannel-doc
  • qt5-qtwebchannel-examples
  • qt5-qtwebsockets
  • qt5-qtwebsockets-devel
  • qt5-qtwebsockets-doc
  • qt5-qtwebsockets-examples
  • qt5-qtx11extras
  • qt5-qtx11extras-devel
  • qt5-qtx11extras-doc
  • qt5-qtxmlpatterns
  • qt5-qtxmlpatterns-devel
  • qt5-qtxmlpatterns-doc
  • qt5-qtxmlpatterns-examples
  • qt5-rpm-macros
  • qt5-srpm-macros
  • team
  • tigervnc
  • tigervnc-icons
  • tigervnc-license
  • tigervnc-selinux
  • tigervnc-server
  • tigervnc-server-minimal
  • tigervnc-server-module
  • webkit2gtk3
  • webkit2gtk3-devel
  • webkit2gtk3-jsc
  • webkit2gtk3-jsc-devel
  • wpebackend-fdo
  • wpebackend-fdo-devel
  • xorg-x11-server-Xorg
  • yp-tools
  • ypbind
  • ypserv
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.