Chapter 1. Overview

1.1. Major changes in RHEL 8.5

Security

The system-wide cryptographic policies support scopes and wildcards for directives in custom policies. You can now enable different sets of algorithms for different back ends.

The Rsyslog log processing application has been updated to version 8.2102.0-5. This update introduces, among other improvements, the OpenSSL network stream driver. This implements TLS-protected transport using the OpenSSL library into Rsyslog.

The SCAP Security Guide project now provides several new profiles and improvements of existing profiles:

  • A new profile aligned with the Australian Cyber Security Centre Information Security Manual (ACSC ISM).
  • The Center for Internet Security (CIS) profile restructured into four different profiles (Workstation Level 1, Workstation Level 2, Server Level 1, Server Level 2).
  • The Security Technical Implementation Guide (STIG) security profile updated to version V1R3.
  • A new STIG profile compatible with Server with GUI installations.
  • A new French National Security Agency (ANSSI) High Level profile, which completes the availability of profiles for all ANSSI-BP-028 v1.2 hardening levels in the SCAP Security Guide.

With these enhancements, you can install a system that conforms with one of these security baselines and use the OpenSCAP suite for checking security compliance and remediation using the risk-based approach for security controls defined by the relevant authorities.

See New features - Security for more information.

The new RHEL VPN System Role makes it easier to set up secure and properly configured IPsec tunneling and virtual private networking (VPN) solutions on across large numbers of hosts. For more information, see New Features - Red Hat Enterprise Linux System Roles and the Configuring VPN connections with IPsec by using the RHEL VPN System Role chapter in RHEL 8.5 Beta product documentation.

Networking

NetworkManager now supports configuring a device to accept all traffic. You can configure this feature, for example using the nmcli utility.

The firewalld service supports forwarding traffic between different interfaces or sources within a zone.

The firewalld service supports filtering traffic that is forwarded between zones.

Dynamic programming languages, web and database servers

Later versions of the following components are now available as new module streams:

  • Ruby 3.0
  • nginx 1.20
  • Node.js 16

The following components have been upgraded:

  • PHP to version 7.4.19
  • Squid to version 4.15
  • Mutt to version 2.0.7

See New features - Dynamic programming languages, web and database servers and Technology Previews - Dynamic programming languages, web and database servers for more information.

Compilers and development tools

The following compiler toolsets have been updated:

  • GCC Toolset 11
  • LLVM Toolset 12.0.1
  • Rust Toolset 1.54.0
  • Go Toolset 1.16.7

See Section 4.12, “Compilers and development tools” for more information.

Red Hat Enterprise Linux System Roles

High Availability Cluster RHEL System Role is available as a Technology Preview for the 8.5 Beta Release.

See Section 4.16, “Red Hat Enterprise Linux System Roles” for more information.

1.2. Red Hat Customer Portal Labs

Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:

1.3. Additional resources