Chapter 1. Overview
1.1. Major changes in RHEL 9.4
Installer and image creation
Key highlights for RHEL image builder:
- From the RHEL 9.4 release distribution and onwards, you can specify arbitrary custom mount points, except for specific paths that are reserved for the operating system.
-
You can create different partitioning modes, such as
auto-lvm
,lvm
, andraw
. - You can customize tailoring options for a profile and add it to your blueprint customizations by using selected and unselected options, to add and remove rules.
For more information, see New features - Installer and image creation.
RHEL for Edge
Key highlights for RHEL for Edge:
- You can now create FIPS compliant RHEL for Edge images.
- With this Technology Preview, you can now use the FDO onboarding process by storing and querying Owner Vouchers from the Sqlite or Postgresql databases.
For more information, see New features - RHEL for Edge.
Security
The SELinux userspace release 3.6 introduces deny rules for further customizing SELinux policies.
The Keylime server components, the verifier and registrar, are available as containers.
The Rsyslog log processing system introduces customizable TLS/SSL encryption settings and additional options that relate to capability dropping.
The OpenSSL TLS toolkit adds a drop-in directory for provider-specific configuration files.
The Linux kernel cryptographic API (libkcapi) 1.4.0 introduces new tools and options. Notably, with the new -T
option, you can specify target file names in hash-sum calculations.
The stunnel TLS/SSL tunneling service 5.71 changes the behavior of OpenSSL 1.1 and later versions in FIPS mode. Besides this change, version 5.71 provides many new features such as support for modern PostgreSQL clients.
See New features - Security for more information.
Dynamic programming languages, web and database servers
Later versions of the following Application Streams are now available:
- Python 3.12
- Ruby 3.3
- PHP 8.2
- nginx 1.24
- MariaDB 10.11
- PostgreSQL 16
The following components have been upgraded:
- Git to version 2.43.0
- Git LFS to version 3.4.1
See New features - Dynamic programming languages, web and database servers for more information.
Compilers and development tools
Updated performance tools and debuggers
The following performance tools and debuggers have been updated in RHEL 9.4:
- Valgrind 3.22
- SystemTap 5.0
- elfutils 0.190
Updated performance monitoring tools
The following performance monitoring tools have been updated in RHEL 9.4:
- PCP 6.2.0
Updated compiler toolsets
The following compiler toolsets have been updated in RHEL 9.4:
- GCC Toolset 13
- LLVM Toolset 17.0.6
- Rust Toolset 1.75.1
- Go Toolset 1.21.7
For detailed changes, see New features - Compilers and development tools.
Identity Management
Key highlights for Identity Management:
- You can enable and configure passwordless authentication in SSSD to use a biometric device that is compatible with the FIDO2 specification, for example a YubiKey.
See New Features - Identity Management for more information.
Virtualization
RHEL 9.4 introduces full support for KVM virtual machines on the 64-bit ARM architecture.
In addition, external snapshot for virtual machines are now fully supported and have become the default mechanism for a number of snapshot operations.
For more information about virtualization features introduced in this release, see New features - Virtualization.
Containers
Notable changes include:
-
The
podman farm build
command for creating multi-architecture container images is available as a Technology Preview. -
Podman now supports
containers.conf
modules to load a predetermined set of configurations. - The Container Tools packages have been updated.
- Podman v4.9 RESTful API now displays data of progress when you pull or push an image to the registry.
- SQLite is now fully supported as a default database backend for Podman.
-
Containerfile
now supports multi-line HereDoc instructions. -
pasta
as a network name has been deprecated. - The BoltDB database backend has been deprecated.
-
The
container-tools:4.0
module has been deprecated. - The Container Network Interface (CNI) network stack is deprecated and will be removed in a future release.
See New features - Containers for more information.
1.2. In-place upgrade
In-place upgrade from RHEL 8 to RHEL 9
The supported in-place upgrade paths currently are:
From RHEL 8.8 to RHEL 9.2, and RHEL 8.10 to RHEL 9.4 on the following architectures:
- 64-bit Intel
- 64-bit AMD
- 64-bit ARM
- IBM POWER 9 (little endian) and later
- IBM Z architectures, excluding z13
- From RHEL 8.8 to RHEL 9.2 and RHEL 8.10 to RHEL 9.4 on systems with SAP HANA
For instructions on performing an in-place upgrade, see Upgrading from RHEL 8 to RHEL 9.
For instructions on performing an in-place upgrade on systems with SAP environments, see How to in-place upgrade SAP environments from RHEL 8 to RHEL 9.
For information regarding how Red Hat supports the in-place upgrade process, see the In-place upgrade Support Policy.
Notable enhancements include:
-
New logic has been implemented to determine the expected states of the
systemd
services after the upgrade. - Locally stored DNF repositories can now be used for the in-place upgrade.
- You can now configure DNF to be able to upgrade by using proxy.
- Issues with performing the in-place upgrade with custom DNF repositories accessed by using HTTPS have been fixed.
-
If the
/etc/pki/tls/openssl.cnf
configuration file has been modified, the file is now replaced with the target default OpenSSL configuration file during the upgrade to prevent issues after the upgrade. See the pre-upgrade report for more information.
In-place upgrade from RHEL 7 to RHEL 9
It is not possible to perform an in-place upgrade directly from RHEL 7 to RHEL 9. However, you can perform an in-place upgrade from RHEL 7 to RHEL 8 and then perform a second in-place upgrade to RHEL 9. For more information, see Upgrading from RHEL 7 to RHEL 8.
1.3. Red Hat Customer Portal Labs
Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:
- Registration Assistant
- Kickstart Generator
- Red Hat Product Certificates
- Red Hat CVE Checker
- Kernel Oops Analyzer
- Red Hat Code Browser
- VNC Configurator
- Red Hat OpenShift Container Platform Update Graph
- Red Hat Satellite Upgrade Helper
- JVM Options Configuration Tool
- Load Balancer Configuration Tool
- Red Hat OpenShift Data Foundation Supportability and Interoperability Checker
- Ansible Automation Platform Upgrade Assistant
- Ceph Placement Groups (PGs) per Pool Calculator
- Yum Repository Configuration Helper
1.4. Additional resources
Capabilities and limits of Red Hat Enterprise Linux 9 as compared to other versions of the system are available in the Knowledgebase article Red Hat Enterprise Linux technology capabilities and limits.
Information regarding the Red Hat Enterprise Linux life cycle is provided in the Red Hat Enterprise Linux Life Cycle document.
The Package manifest document provides a package listing for RHEL 9, including licenses and application compatibility levels.
Application compatibility levels are explained in the Red Hat Enterprise Linux 9: Application Compatibility Guide document.
Major differences between RHEL 8 and RHEL 9, including removed functionality, are documented in Considerations in adopting RHEL 9.
Instructions on how to perform an in-place upgrade from RHEL 8 to RHEL 9 are provided by the document Upgrading from RHEL 8 to RHEL 9.
The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.
Public release notes include links to access the original tracking tickets, but private tracking tickets are not viewable so do not include links.[1]