Chapter 1. Overview

1.1. Major changes in RHEL 8.10

Installer and image creation

Key highlights for RHEL image builder:

  • You can create different partitioning modes, such as auto-lvm, lvm, and raw.
  • You can customize tailoring options for a profile and add it to your blueprint customizations by using selected and unselected options, to add and remove rules.

For more information, see New features - Installer and image creation.

Security

SCAP Security Guide 0.1.72 contains updated CIS profiles, a profile aligned with the PCI DSS policy version 4.0, and profiles for the latest DISA STIG policies.

The Linux kernel cryptographic API (libkcapi) 1.4.0 introduces new tools and options. Notably, with the new -T option, you can specify target file names in hash-sum calculations.

The stunnel TLS/SSL tunneling service 5.71 changes the behavior of OpenSSL 1.1 and later versions in FIPS mode. Besides this change, version 5.71 provides many new features such as support for modern PostgreSQL clients.

The OpenSSL TLS toolkit now contains API-level protections against Bleichenbacher-like attacks on the RSA PKCS #1 v1.5 decryption process.

See New features - Security for more information.

Dynamic programming languages, web and database servers

Later versions of the following Application Streams are now available:

  • Python 3.12
  • Ruby 3.3
  • PHP 8.2
  • nginx 1.24
  • MariaDB 10.11
  • PostgreSQL 16

The following components have been upgraded:

  • Git to version 2.43.0
  • Git LFS to version 3.4.1

See New features - Dynamic programming languages, web and database servers for more information.

Identity Management

Identity Management (IdM) in RHEL 8.10 introduces delegating user authentication to external identity providers (IdPs) that support the OAuth 2 Device Authorization Grant flow. This is now a fully supported feature.

After performing authentication and authorization at the external IdP, the IdM user receives a Kerberos ticket with single sign-on capabilities.

For more information, see New Features - Identity Management

Containers

Notable changes include:

  • The podman farm build command for creating multi-architecture container images is available as a Technology Preview.
  • Podman now supports containers.conf modules to load a predetermined set of configurations.
  • The Container Tools packages have been updated.
  • Podman v4.9 RESTful API now displays data of progress when you pull or push an image to the registry.
  • SQLite is now fully supported as a default database backend for Podman.
  • Containerfile now supports multi-line HereDoc instructions.
  • pasta as a network name has been deprecated.
  • The BoltDB database backend has been deprecated.
  • The container-tools:4.0 module has been deprecated.
  • The Container Network Interface (CNI) network stack is deprecated and will be removed in a future release.

See New features - Containers for more information.

1.2. In-place upgrade and OS conversion

In-place upgrade from RHEL 7 to RHEL 8

The possible in-place upgrade paths currently are:

  • From RHEL 7.9 to RHEL 8.8 and RHEL 8.10 on the 64-bit Intel, IBM POWER 8 (little endian), and IBM Z architectures
  • From RHEL 7.9 to RHEL 8.8 and RHEL 8.10 on systems with SAP HANA on the 64-bit Intel architecture.

For more information, see Supported in-place upgrade paths for Red Hat Enterprise Linux.

For instructions on performing an in-place upgrade, see Upgrading from RHEL 7 to RHEL 8.

For instructions on performing an in-place upgrade on systems with SAP environments, see How to in-place upgrade SAP environments from RHEL 7 to RHEL 8.

For information regarding how Red Hat supports the in-place upgrade process, see the In-place upgrade Support Policy.

Notable enhancements include:

  • New logic has been implemented to determine the expected states of the systemd services after the upgrade.
  • Locally stored DNF repositories can now be used for the in-place upgrade.
  • You can now configure DNF to be able to upgrade by using proxy.
  • Issues with performing the in-place upgrade with custom DNF repositories accessed by using HTTPS have been fixed.
  • If the /etc/pki/tls/openssl.cnf configuration file has been modified, the file is now replaced with the target default OpenSSL configuration file during the upgrade to prevent issues after the upgrade. See the pre-upgrade report for more information.

In-place upgrade from RHEL 6 to RHEL 8

It is not possible to perform an in-place upgrade directly from RHEL 6 to RHEL 8. However, you can perform an in-place upgrade from RHEL 6 to RHEL 7 and then perform a second in-place upgrade to RHEL 8. For more information, see Upgrading from RHEL 6 to RHEL 7.

In-place upgrade from RHEL 8 to RHEL 9

Instructions on how to perform an in-place upgrade from RHEL 8 to RHEL 9 using the Leapp utility are provided by the document Upgrading from RHEL 8 to RHEL 9. Major differences between RHEL 8 and RHEL 9 are documented in Considerations in adopting RHEL 9.

Conversion from a different Linux distribution to RHEL

If you are using Alma Linux 8, CentOS Linux 8, Oracle Linux 8, or Rocky Linux 8, you can convert your operating system to RHEL 8 using the Red Hat-supported Convert2RHEL utility. For more information, see Converting from an RPM-based Linux distribution to RHEL.

If you are using CentOS Linux 7 or Oracle Linux 7, you can convert your operating system to RHEL and then perform an in-place upgrade to RHEL 8.

For information regarding how Red Hat supports conversions from other Linux distributions to RHEL, see the Convert2RHEL Support Policy document.

1.3. Red Hat Customer Portal Labs

Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:

1.4. Additional resources

Note

Release notes include links to access the original tracking tickets. Private tickets have no links and instead feature this footnote.[1]



[1] Release notes include links to access the original tracking tickets. Private tickets have no links and instead feature this footnote.