7.5 Release Notes

In-place upgrade from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7

The setup package now provides a way to override unpredictable environment settings

Windows Server 2016 forest and domain functional levels now supported for trust

Directory Server no longer displays replication conflict entries in search results

OpenLDAP is now compiled with OpenSSL instead of NSS

Samba rebased to version 4.7.1

The SSSD LDAP provider can now automatically create user private groups for users

SSSD enrolled to an AD domain remembers the discovered AD site after the first successful connection

SSSD logs changes in its status to syslog

SSSD performance has improved

The pwdhash utility can now retrieve the storage scheme from the configuration directory

New utility to compare two Directory Server instances

Directory Server now supports enabling the memberOf plug-in on read-only replicas

Directory Server rebased to version 1.3.7.5

Directory Server supports additional password storage schemes

Directory Server now uses separate normalized DN caches for each worker thread

pki-core rebased to version 10.5.1

Certificate System supports installing CA, KRA, and OCSP subsystems with CMC

Certificate System supports creating instances running as a different user

Certificate System can now create PKCS #12 files using PBES2 with PBKDF2 key derivation

Certificate System CAs can now process CMC renewal requests signed by a previously issued signing certificate

Certificate System now uses the Mozilla NSS secure random number generator

Audit event changes in Certificate System

krb5 now includes the kdcpolicy interface

Certificate System now supports configurable hashing algorithms for the SKI extension

The pki command-line interface automatically creates a default NSS database

Certificate System disables weak 3DES ciphers by default

The Certificate System CA subsystem's OCSP provider now includes the nextUpdate field in responses

ding-libs rebased to version 0.6.1

New SNMP agent to query a Pacemaker cluster

Support for Red Hat Enterprise Linux High Availability clusters on Amazon Web Services

Support for Red Hat Enterprise Linux High Availability clusters on Microsoft Azure

Unfencing is done in resource cleanup only if relevant parameters changed

The pcsd port is now configurable

Fencing and resource agents are now supported by AWS Python libraries and a CLI client

Fencing in HA setups is now supported by Azure Python libraries

New features added to the sbd binary.

sbd rebased to version 1.3.1

Cluster status now shows by default when a resource action is pending

clufter rebased to version 0.77.0

Support for Sybase ASE failover

The linuxptp package now supports active-backup bonding for clock synchronization

parted can now resize partitions using the resizepart command

binutils rebased to version 2.27

pcp rebased to version 3.12.2

Improved DWARF 5 support in various tools

systemtap rebased to version 3.2

valgrind rebased to version 3.13.0

ncat rebased to version 7.50

rsync rebased to version 3.1.2

tcpdump can now analyze virtio traffic

Vim now supports C++11 syntax highlighting

Vim now supports the blowfish2 encryption method

The IO::Socket::SSL Perl module now uses the system-wide CA certificate store by default

perl-DateTime-TimeZone rebased to version 1.70

system-config-kdump now support selecting of either automated or manual kdump memory settings when fadump is performed

conman rebased to version 0.2.8

Support for the TFTP windowsize option has been implemented

curl now supports disabling GSSAPI with SOCKS5

The rsync utility now copies files with their original nanosecond part of the time stamp

tcpdump rebased to version 4.9.2

OProfile support for Intel Xeon processor family extended

Support for Intel Xeon v4 uncore performance events in libpfm, pcp, and papi

Memory copying performance improved on IBM POWER architectures

TAI clock macro available

Support for selective use of 4 KiB page tables on IBM Z

More efficient glibc functions on IBM Z

The ld linker no longer incorrectly combines position-dependent and independent code

python-virtualenv rebased to 15.1.0

python-urllib3 supports IP addresses in subjectAltName

Support for retpolines added to GCC

Shenandoah garbage collector is now fully supported

GNOME Shell rebased to version 3.26

gnome-settings-daemon rebased to version 3.26

libreoffice rebased to version 5.3

GIMP rebased to version 2.8.22

Inkscape rebased to version 0.92.2

webkitgtk4 rebased to version 2.16

qt5 rebased to version 5.9.2

New package: qgnomeplatform

ModemManager rebased to version 1.6.8

New packages: libsmbios

mutter rebased to version 3.26

The SANE_USB_WORKAROUND environmental variable can make older scanners usable with USB3

The libyami package added for better video stream handling

netpbm rebased to version 10.79.00

Red Hat Enterprise Linux 7.5 supports libva

GStreamer now supports mp3

GNOME control-center rebased to version 3.26

New package: emacs-php-mode

Dutch keyboard layout provided

SMB 2 and SMB 3 now support DFS

File system DAX now performs better when mapping a large amount of memory

quotacheck is now faster on ext4

The CephFS kernel client is fully supported with Red Hat Ceph Storage 3

Broadcom 5880 smart card readers with the updated firmware are now supported

fwupd now supports Synaptics MST hubs

kernel-rt sources updated

Improved RT throttling mechanism

VMware Paravirtual RDMA Driver

opal-prd rebased to version 5.9

libreswan now supports NIC offloading

Trusted Computing Group TPM 2.0 System API library and management utilities available

new packages: tpm2-abrmd

Assigning mount points to existing block devices is now possible in Kickstart installations

The livemedia-creator utility now provides a sample Kickstart file for UEFI systems

New option for the network Kickstart command binding the device configuration file to the device MAC address

New options for Kickstart %packages allow configuring Yum timeout and number of retries

The Red Hat Enterprise Linux 7 ISO image can be used to create guests virtual machines on IBM Z

ARPUPDATE option for ifcfg-* files has been introduced

The --noconfig option added for the rpm -V command

ifcfg-* files now allow you to specify a third DNS server

Multi-threaded xz compression in rpm-build

Kernel version in RHEL 7.5

Memory Protection Keys are now supported in later Intel processors

EDAC support added for Pondicherry 2 memory controllers

MBA is now supported

Swap optimizations enable fast block devices to be used as secondary memory

HID Wacom rebased to version 4.12

New livepatch functionality improves the latency and success rate of the kpatch-patch packages

Persistent Kernel Module Upgrade (PKMU) supported

The Linux kernel now supports encrypted SMB 3 connections

SME enabled on AMD Naples platforms

Support for the ie31200_edac driver

EDAC now supports GHES

CUIR enhanced scope detection is now fully supported

kdump allows a vmcore collection without the root file system being mounted

KASLR fully supported and enabled by default

Intel® Omni-Path Architecture (OPA) Host Software

noreplace-paravirt has been removed from the kernel command line parameters

The new EFI memmap implementation is now available on SGI UV2+ systems

Mounting pNFS shares with flexible file layout is now fully supported

Error handling in the output of the dhcp-script has been improved

Network namespace isolation has been added to ipset

NetworkManager now supports multiple routing tables to enable source routing

nftables rebased to version 0.8

Persistent DHCP client behavior added to NetworkManager

NetworkManager exposes new properties to expose team options

Packets mark is now reflected on replies

New Socket timestamping options for NTP

iproute2 rebased to version 4.11.0

The tc-pedit action now supports offset relative to Layer 2 and Layer 4

Features backported to iproute

The Geneve driver rebased to version 4.12

A control switch added for VXLAN and GENEVE offloading

unbound rebased to version 1.6.6

DHCP now supports standard dynamic DNS updates

DDNS now supports additional algorithms

IPTABLES_SYSCTL_LOAD_LIST now supports the sysctl.d files

SCTP now supports MSG_MORE

MACsec rebased to version 4.13

Enhanced performance when using the mlx5 driver in Open vSwitch

The Netronome NFP Ethernet driver now supports the representor netdev feature

Support for offloading TC-Flower actions

DNS stub resolver improvements

LUKS-encrypted removable storage devices can be now automatically unlocked using NBDE

new package: clevis-systemd

OpenSCAP can be now integrated into Ansible workflows

SECCOMP_FILTER_FLAG_TSYNC enables synchronization of calling process threads

nss rebased to version 3.34

SSLv3 disabled in mod_ssl

Libreswan now supports split-DNS configuration for IKEv2

libreswan now supports AES-GMAC for ESP

openssl-ibmca rebased to 1.4.0

opencryptoki rebased to 3.7.0

atomic scan with configuration_compliance enables creating security-compliant container images at build time

tang-nagios enables Nagios to monitor Tang

clevis now logs privileged operations

PK11_CreateManagedGenericObject() has been added to NSS to prevent memory leaks in applications

OpenSSH now supports openssl-ibmca and openssl-ibmpkcs11 HSMs

cgroup_seclabel enables fine-grained access control on cgroups

The boot process can now unlock encrypted devices connected by network

SELinux now supports InfiniBand object labeling

libica rebased to 3.2.0

SELinux now supports systemd No New Privileges

allow source_domain  target_type:process2 { nnp_transition nosuid_transition };

allow init_t fprintd_t:process2 { nnp_transition nosuid_transition };

Libreswan rebased to version 3.23

libreswan now supports IKEv2 MOBIKE

scap-workbench rebased to version 1.1.6

OpenSCAP is now able to generate results for DISA STIG Viewer

selinux-policy no longer contains permissive domains

audit rebased to version 2.8.1

OpenSC now supports the SCE7.0 144KDI CAC Alt. tokens

Leftover dbus processes

dbus rebased to version 1.10

tuned rebased to version 2.9.0

chrony rebased to version 3.2

SNMP page counting can be now disabled in CUPS

CUPS can be set to use only ciphers from TLS version 1.2 or later

The squid packages now provide the kerberos_ldap_group helper

OpenIPMI rebased to version 2.0.23

Overview of changes from freeIPMI 1.2.9 to freeIPMI 1.5.7

A new clear_env option available in PHP FPM pool configuration

Data Deduplication and Compression with VDO

New boom utility for managing LVM snapshot and image boot entries

DM Multipath no longer requires reservation keys in advance

New property parameter supported in blacklist and blacklist_exception sections of multipath.conf

smartmontools now support NVMe devices

Support for DIF/DIX (T10 PI) on specified hardware

File system Direct Access (DAX) and device DAX now support huge pages

fsadm can now grow and shrink LUKS-encrypted LVM volumes

cockpit rebased to version 154

Users of yum-utils now can perform actions prior to transactions

yum can disable creation of per-user cache as a non-root user

yum-builddep now allows to define RPM macros

subscription-manager now displays the host name upon registration

A subscription-manager plugin now runs with yum-config-manager

subscription-manager now protects all product certificates in /etc/pki/product-default/

rhn-migrate-classic-to-rhsm now automatically enables the subscription-manager and product-id yum plugins

subscription-manager now automatically enables the subscription-manager and product-id yum plugins

subscription-manager-cockpit replaces subscription functionality in cockpit-system

virt-who logs where the host-guest mapping is sent

virt-who now provides configuration error information

reposync now by default skips packages whose location falls outside the destination directory

KVM virtualization on IBM Z

KVM virtualization supported on IBM POWER9

KVM virtualization supported on IBM POWER8

NVIDIA GPU devices can now be used by multiple guests simultaneously

KASLR for KVM guests

Parallel decompression of OVA files supported

SMAP now supported on Cannonlake guests

libvirt rebased to 3.9.0

virt-manager rebased to 1.4.3

virt-what rebased to version 1.18

tboot rebased to version 1.96

virt-v2v can convert VMware guests with snapshots

virt-rescue enhanced

virt-v2v now converts Linux guests encrypted with LUKS

CAT support added to libvirt on specific CPU models

PTP device added to improve time synchronization of KVM guests

Red Hat Enterprise Linux Atomic Host

runc notifies systemd about user-specified CPU quota limits

Segmentation faults in applications because of only non-existent paths in LD_LIBRARY_PATH no longer happen

The setup package now creates the tape group with the correct group number

The IdM LDAP server no longer becomes unresponsive when resolving an AD user takes a long time

Application configuration snippets in /etc/krb5.conf.d/ are now automatically read in existing configurations

pam_mkhomedir can now create home directories under /

Unable to create and initialize directory '/<directory_path>'.

Kerberos operations depending on KVNO in the keytab file no longer fail when a RODC is used

krb5 properly displays errors about PKINIT misconfiguration in single-realm KDC environments

Certificate System no longer incorrectly logs ROLE_ASSUME audit events

Updated attributes in CERT_STATUS_CHANGE_REQUEST_PROCESSED audit log event

Signed audit log verification now works correctly

Certificate System now validates the banner file

The TPS subsystem no longer fails when performing a symmetric key changeover on a HSM

Certificate System CAs no longer display an error when handing subject DNs without a CN component

The pki-server-upgrade utility no longer fails if target files are missing

The Certificate System CA key replication now works correctly

Certificate System no longer fails to import PKCS #12 files

The TPS user interface now displays the token type and origin fields

Certificate System issued certificates with an expiration date later than the expiration date of the CA certificate

CA certificates without SKI extension no longer causes issuance failures

Certificate System correctly logs the user name in CMC request audit events

The Directory Server trivial word check password policy now works as expected

The pkidestroy utility now fully removes instances that are started by the pki-tomcatd-nuxwdog service

The Certificate System deployment archive file no longer contains passwords in plain text

ACIs with the targetfilter keyword work correctly

Directory Server searches with a scope set to one have been fixed

Clear error message when sending TLS data to a non-LDAPS port

Incoming BER Element may be misformed. This may indicate an attempt to use TLS on a plaintext port, IE ldaps://localhost:389. Check your client LDAP_URI settings.

Directory Server no longer logs an error if not running the cleanallruv task

Using a large number of CoS templates no longer slow down the virtual attribute processing time

Directory Server now handles binds during an online initialization correctly

The dirsrv@.service meta target is now linked to multi-user.target

The memberOf plug-in now logs all update attempts of the memberOf attribute

The Directory Server password policies now work correctly

A buffer overflow has been fixed in Directory Server

Directory Server now sends the password expired control during grace logins

An unnecessary global lock has been removed from Directory Server

Replication now works correctly with TLS client authentication and FIPS mode enabled

Directory Server now correctly sets whether virtual attributes are operational

Backup now succeeds if replication was enabled and a changelog file existed

Certificate System updates the revocation reason correctly

A race condition has been fixed in the Certificate System clone installation process

Certificate System now uses strong ciphers by default

The pkispawn utility no longer displays incorrect errors

The Certificate System profile configuration update method now correctly handles backslashes

Pacemaker correctly implements fencing and unfencing for Pacemaker remote nodes

Pacemaker now probes guest nodes

The pcs resource cleanup command no longer generates unnecessary cluster load

Warning generated when user specifies action attribute for stonith device

It is now possible to enable stonith agent debugging without specifying the --force flag

The fence_ilo3 resource agent no longer has a default value of cycle for the action parameter

Pacemaker no longer starts up when sbd is enabled but not started successfully by systemd

A fenced node in an ‘sbd’ setup now shuts down reliably

IPaddr2 resource agent now finds NIC for IPv6 addresses with 128 netmask

portblock agent no longer yields excessive unnecessary messages

/var/run/resource-agents directory now persists across reboots

Package selection now works in system-config-kickstart

NVMe devices no longer show up as Unknown in parted and Anaconda

DBD::MySQL now sends and receives smaller integers correctly on big-endian platforms

The version Perl module now supports tainted input and tainted version objects

The HTTP::Daemon Perl module now supports IPv6

GDB shows inline function names in breakpoint listing

Relocation failures at module load time due to wrong GCC alignment fixed

The istream::sentry object from the gcc C++ standard library no longer throws exceptions

Multiple fixes in gdb on IBM Power

GDB no longer crashes when dumping core from a process that terminates

GDB can again dump memory protected by the VM_DONTDUMP flag

Programs using the CLONE_PTRACE flag on threads now run under strace

exiv2 rebased to version 0.26

gssproxy fixed to properly update ccaches

gcc on the little-endian variant of IBM Power Systems architecture no longer creates unused stack frames

Several bugs fixed in gssproxy

The BFD library regains the ability to convert binary addresses to source code positions

Applications using vector registers for passing arguments work again

curl now properly resets the HTTP authentication state

The strip utility works again

Importing python modules generated by f2py now works properly

mailx is not encoding multi-byte subjects properly

The --all-logs option now works as expected in sosreport

Python scripts can now correctly connect to HTTPS servers through a proxy, while explicitly setting the port

Stylus of Dell Canvas 27 fixed

llvmpipe crashes on IBM Power Systems

NFS shares no longer become unresponsive after a TCP connection is closed

genwqe-tools updated for IBM Power Systems ppc64 and ppc64le architectures

Hardware utility tools now correctly identify recently released hardware

The installer no longer crashes when you select an incomplete IMSM RAID array during manual partitioning

Installer now accepts additional time zone definitions in Kickstart files

Proxy configuration set up using a boot option now works correctly in Anaconda

FIPS mode now supports loading files over HTTPS during installation

Network scripts now correctly update /etc/resolv.conf

Files with the .old extension are now ignored by network scripts

Bridge devices no longer fail to obtain an IP address

The rhel-dmesg service can now be disabled correctly

kdump can now capture a vmcore with nokaslr set

MPOL_PREFERRED policy now works with Transparent Huge Pages (THP) with optimal performance

A cgroups deadlock has been fixed

System no longer becomes unresponsive when DM thin provisioning is used on top of a loop device

KASLR now no longer causes mirroring of kernel memory to non-mirrored regions

Users now receive message with prompt to remove white space characters in the /etc/kdump.conf

An application with large .bss segment on IBM POWER Systems will no longer cause random segmentation faults

Kernel no longer consumes excessive amounts of resources to calculate load

Cpuset is now able to restore the effective CPU mask after a pair of offline and online events

Access to /proc/[pid]/maps is now significantly faster

fadump no longer fails to restart

makedumpfile can now map page table entries correctly

readmem: Can't convert a virtual address(ffffffffb21158a0) to physical address

Asymmetric groups are used for overlapping scheduling domains

The KASLR no longer causes kernel to become unresponsive while booting the system

Unplugging a Wacom tablet with ExpressKeys no longer causes the operating system to reboot

Setting memory.kmem.limit_in_bytes no longer causes a problem when removing that memory cgroup later

The sha1-avx2 encryption algorithm is now re-enabled

VXLAN rebased to version 4.14

Network operation persists when ip6mr unregisters an already unregistered device

Sending big files through VTI no longer fails

L2TP with IPv6 encapsulation now works in name space

Flushing ARP entries no longer fails

Using cls_matchall with classful queue disciplines no longer causes the kernel to crash

ICMP error packets are no longer lost when a user connects to a closed SCTP port

SCTP now selects the right source address

Device reference held by iptables CLUSTERIP target is now properly released on namespace deletion

The nftables configuration files are no longer publicly readable

The Ready to read events are now correctly sent to an application when SENDER_DRY_EVENTS is enabled

SCTP statistics now available

The firewalld service daemon no longer hangs in the rmmod process

When firewalld starts, net.netfilter.nf_conntrack_max is no longer reset to default if its configuration exists

Tomcat can now be started using tomcat-jsvc with SELinux in enforcing mode

SELinux now allows vdsm to communicate with lldpad

OpenSSH servers without Privilege Separation no longer crash

The clevis luks bind command no longer fails with the DISA STIG-compliant password policy

WinSCP 5.10 now works properly with OpenSSH

SFTP no longer allows to create zero-length files in read-only mode

Internal buffer locks no longer cause deadlocks in libdb

Weekly log rotations are now triggered more predictably

ghostscript no longer crashes while processing large PDF files

Converting large PDF files to PNG with ghostscript no longer fails

krfb no longer crashes when unable to bind to an IPv6 port

mod_nss properly detects the threading model in Apache to improve performance

atd no longer runs with 100% CPU utilization nor fills system log

ReaR now provides a more helpful error message when grub2-efi-x64-modules is missing

ERROR: Error occurred during grub2-mkimage of BOOTX64.efi

WARNING: /usr/lib/grub/x86_64-efi/moddep.lst not found, grub2-mkimage will likely fail. Please install the grub2-efi-x64-modules package to fix this.

ReaR no longer fails to determine disk size during a mkrescue operation

ERROR: BUG BUG BUG! Could not determine size of disk

ReaR no longer requires dosfsck and efibootmgr on non-UEFI systems

ReaR no longer fails with NetBackup and has more reliable network configuration

ReaR recovery no longer fails when backup integrity checking is enabled

DM Multipath no longer crashes when adding a feature to an empty string

I/O operations no longer hang with RAID1

Yum no longer crashes in certain nss and nspr update scenario

/lib64/libnsssysinit.so: undefined symbol: PR_GetEnvSecure

The fastestmirror plug-in now orders mirrors before the metadata download

The package-cleanup script no longer removes package dependencies of non-duplicates

rhnsd.pid is now writable only by the owner

rhn_check now correctly reports system reboots to Satellite

The rpm rhnlib -qi command now refers to the current upstream project website

Kernel installations using rhnsd complete successfully

rhn_check no longer modifies permissions on files in /var/cache/yum/

subscription-manager reports an RPM package if its vendor contains non-UTF8 characters

subscription-manager now works with proxies that expect the Host header

subscription-manager assigns valid IPv4 addresses to network.ipv4_address even if initial DNS resolution fails

virt-who ensures that provided options fit the same virtualization type

virt-who configuration no longer resets on upgrade or reinstall

virt-who now reads the 'address' field provided by RHEVM to discover and report the correct host name

Guests no longer shut down unexpectedly during reboot

Guests accessed using a serial console no longer become unresponsive

virt-v2v now warns about not converting PCI passthrough devices

When importing OVAs, virt-v2v now parses MAC addresses

The systemd-importd VM and container image import and export service

Use of AD and LDAP sudo providers

DNSSEC available as Technology Preview in IdM

Identity Management JSON-RPC API available as Technology Preview

The Custodia secrets service provider is now available

Containerized Identity Management server available as Technology Preview

The pcs tool now manages bundle resources in Pacemaker

New fence-agents-heuristics-ping fence agent

Heuristics supported in corosync-qdevice as a Technology Preview

Wayland available as a Technology Preview

Fractional Scaling available as a Technology Preview

File system DAX is now available for ext4 and XFS as a Technology Preview

pNFS block layout is now available

pNFS SCSI layout is now available for client and server

OverlayFS

Btrfs file system

New package: ima-evm-utils

LSI Syncro CS HA-DAS adapters

tss2 enables TPM 2.0 for IBM Power LE

ibmvnic Device Driver

Heterogeneous memory management included as a Technology Preview

criu rebased to version 3.5

kexec as a Technology Preview

kexec fast reboot as a Technology Preview

Unprivileged access to name spaces can be enabled as a Technology Preview

SCSI-MQ as a Technology Preview in the qla2xxx driver

NVMe over Fibre Channel is now available as a Technology Preview

perf cqm has been replaced by resctrl

The SCHED_DEADLINE scheduler class as Technology Preview

Cisco usNIC driver

Cisco VIC kernel driver

Trusted Network Connect

SR-IOV functionality in the qlcnic driver

The libnftnl and nftables packages

The flower classifier with off-loading support

Red Hat Enterprise Linux System Roles

USBGuard enables blocking USB devices while the screen is locked as a Technology Preview

pk12util can now import certificates signed with RSA-PSS

Support for certificates signed with RSA-PSS in certutil has been improved

NSS is now able to verify RSA-PSS signatures on certificates

SECCOMP can be now enabled in libreswan

Multi-queue I/O scheduling for SCSI

Targetd plug-in from the libStorageMgmt API

Support for Data Integrity Field/Data Integrity Extension (DIF/DIX)

USB 3.0 support for KVM guests

Select Intel network adapters now support SR-IOV as a guest on Hyper-V

No-IOMMU mode for VFIO drivers

virt-v2v can now use vmx configuration files to convert VMware guests

virt-v2v can convert Debian and Ubuntu guests

Virtio devices can now use vIOMMU

virt-v2v converts VMWare guests faster and more reliably

Open Virtual Machine Firmware

Storage Drivers

Network Drivers

Graphics Drivers and Miscellaneous Drivers

Storage Driver Updates

Network Driver Updates

Graphics Driver and Miscellaneous Driver Updates

Python 2 has been deprecated

LVM libraries and LVM Python bindings have been deprecated

Mirrored mirror log has been deprecated in LVM

Deprecated packages related to Identity Management and security

Support for earlier IdM servers and for IdM replicas at domain level 0 will be limited

Bug-fix only support for the nss-pam-ldapd and NIS packages in the next major release of Red Hat Enterprise Linux

Use the Go Toolset instead of golang

mesa-private-llvm will be replaced with llvm-private

libdbi and libdbi-drivers have been deprecated

Ansible deprecated in the Extras channel

signtool has been deprecated

TLS compression support has been removed from nss

Public web CAs are no longer trusted for code signing by default

Sendmail has been deprecated

dmraid has been deprecated

Automatic loading of DCCP modules through socket layer is now disabled by default

rsyslog-libdbi has been deprecated

The inputname option of the rsyslog imudp module has been deprecated

SMBv1 is no longer installed with Microsoft Windows 10 and 2016 (updates 1709 and later)

FedFS has been deprecated

Btrfs has been deprecated

tcp_wrappers deprecated

nautilus-open-terminal replaced with gnome-terminal-nautilus

sslwrap() removed from Python

Symbols from libraries linked as dependencies no longer resolved by ld

Windows guest virtual machine support limited

libnetlink is deprecated

S3 and S4 power management states for KVM have been deprecated

The Certificate Server plug-in udnPwdDirAuth is discontinued

Red Hat Access plug-in for IdM is discontinued

The Ipsilon identity provider service for federated single sign-on

Several rsyslog options deprecated

Deprecated symbols from the memkind library

Options of Sockets API Extensions for SCTP (RFC 6458) deprecated

Managing NetApp ONTAP using SSLv2 and SSLv3 is no longer supported by libstorageMgmt

dconf-dbus-1 has been deprecated and dconf-editor is now delivered separately

FreeRADIUS no longer accepts Auth-Type := System

Deprecated Device Drivers

Deprecated Adapters

The libcxgb3 library and the cxgb3 firmware package have been deprecated

SFN4XXX adapters have been deprecated

Software-initiated-only FCoE storage technologies have been deprecated

Containers using the libvirt-lxc tooling have been deprecated

A crash is reported after an unsuccessful lightweight CA key retrieval

OpenLDAP causes programs to fail immediately in case of incorrect configuration

OpenLDAP reports failures when CACertFile or CACertDir point to an invalid location

OpenLDAP does not update TLS configuration after inconsistent changes in cn=config

Identity Management terminates connections unexpectedly

kinit: Generic error (see e-text) while getting initial credentials

Directory Server can terminate unexpectedly during shutdown

Data corruption occurs on RAID 10 reshape on top of VDO with el7 kernel.

Memory consumption of applications using libcurl grows with each TLS connection

OProfile and perf can not sample events on 2nd generation Intel Xeon Phi processors when NMI watchdog is disabled

echo 1 > /proc/sys/kernel/nmi_watchdog
...
operf some_examined_program
opreport
...

ksh with the KEYBD trap mishandles multibyte characters

trap keybd_trap KEYBD

Cannot install downloaded RPM files from Nautilus

Sorry, this did not work, File is not supported

Caps Lock LED status

ACTION=="add", SUBSYSTEM=="leds",
ENV{DEVPATH}=="*/input*::capslock",
ATTR{trigger}="kbd-ctrlllock"

# udevadm control --reload-rules
# udevadm trigger

Inconsistent GNOME Shell versions

Uninstall the 32-bit version of flatpak

GNOME downgrade does not work

Wayland ignores keyboard grabs issued by X11 applications, such as virtual machines viewers

Superuser should not run graphical sessions

Keyboard not working in VM browsed by remote-viewer and virt-viewer

send_key: assertion 'scancode != 0'

gnome-system-log does not work on Wayland

$ xhost +si:localuser:root

GUI screen is shown incorrectly

xrandr fails to provide some video modes

radeon fails to reset hardware correctly

dracut_args --omit-drivers "radeon"
force_rebuild 1

nouveau fails to load Nvidia secboot firmware

Xchat status icon disappears from Top Icons panel

GDM does not activate hotplugged monitors

# systemctl restart gdm.service

Wacom Expresskeys Remote not detected as tablet

Synaptics dependency removes xorg-x11-drivers

T470s docking station jack does not work on resume

Screen occasionally turns off when xrandr is executed

HDMI and DP for 8th generation Intel Core processors not enumerating sound inputs

Tray icons are non-responsive for auto-started applications

Inconsistent panel color on login screen

Additional displays are mirrored after attaching a VM guest

Selecting the Lithuanian language causes the installer to crash

oscap-anaconda-addon fails to remediate when installing in TUI using Kickstart

The grub2-mkimage command fails on UEFI systems by default

error: cannot open `/usr/lib/grub/x86_64-efi/moddep.lst': No such file or directory.

Kernel panic during RHEL 7.5 installation on HPE BL920s Gen9 systems

WARNING: CPU: 576 PID: 3924 at kernel/workqueue.c:1518__queue_delayed_work+0x184/0x1a0

The READONLY=yes option is not sufficient to configure a read-only system

Security patches addressing Spectre and Meltdown issues can cause performance loss

spectre_v2=off nopti

# echo 0 > /sys/kernel/debug/x86/pti_enabled
# echo 0 > /sys/kernel/debug/x86/retp_enabled
# echo 0 > /sys/kernel/debug/x86/ibrs_enabled

The KSC does not support the xz compression

File format not recognized (Only kernel object files are supported)

The update of megaraid_sas can lead to a performance decrease

qedi fails to bind to the iSCSI PCIe function if qede is loaded

radeon causes a kernel panic

Kdump kernel fails to boot after a CPU hot add or hot remove operation

# systemctl restart kdump.service

Verification of signatures using the MD5 hash algorithm is disabled in Red Hat Enterprise Linux 7

Environment=OPENSSL_ENABLE_MD5_VERIFY=1

freeradius might fail when upgrading from RHEL 7.3

NSS accept malformed RSA PKCS#1 v1.5 signatures made with an RSA-PSS key

Authentication using ssh-agent not from OpenSSH fails

Parsing of OpenSSH public keys is more strict

SCAP Workbench fails to generate results-based remediations from tailored profiles

Error generating remediation role '.../remediation.sh': Exit code of 'oscap' was 1: [output truncated]

Clevis can log spurious Device is not initialized error messages

Libreswan is not working properly with seccomp=enabled on all configurations

OpenSCAP RPM verification rules do not work correctly with VM and container file systems

Firefox and other applications using NSS become unresponsive when a smart card is inserted

No clear indication of profile activation error in the Tuned service

db_hotbackup -c should be used with caution

Setting ListenStream= options in rpcbind.socket causes systemd-logind to fail and SSH connections to be delayed

ReaR recovery process fails on non-UEFI systems with the grub2-efi-x64 package installed

ISO images generated by ReaR with Linux TSM fail to work

COPY_AS_IS_TSM=( /etc/adsm /opt/tivoli/tsm/client /usr/local/ibm/gsk8* )

Unexpected problems with the dbus rebase

The kexec -e command might cause storage errors with advanced storage controllers

LVM does not support event-based autoactivation of incomplete volume groups

Guests reporting cmt, mbmt, or mbml perf events fail to boot