Chapter 1. Overview
1.1. Major changes in RHEL 9.0 Beta
OpenSSL is now provided in version 3.0.0-0.beta2, which adds a provider concept, a new versioning scheme, an improved HTTP(S) client, support for new protocols, formats, and algorithms, and many other improvements.
The system-wide cryptographic policies have been adjusted to provide up-to-date secure defaults.
OpenSSH is distributed in version 8.6p1, which provides many enhancements, bug fixes, and security improvements as compared to version 8.0p1, which is distributed in RHEL 8.5.
SELinux performance has been substantially improved, including time to load SELinux policy into the kernel, memory overhead, and other parameters. For additional information, see the Improving the performance and space efficiency of SELinux blog post.
scap-security-guide packages are provided in version 0.1.57, which introduces substantial changes over the versions provided in RHEL 8.
See Section 4.7, “Security” for more information.
Use of SHA-1 is restricted in the
DEFAULT crypto policy. With the exception of HMAC and DNSSec usage, SHA-1 is no longer allowed in TLS, DTLS, SSH, IKEv2 and Kerberos protocols.
Cyrus SASL now uses GDBM instead of Berkeley DB, and the Network Security Services (NSS) libraries no longer support the DBM file format for the trust database.
Support for disabling SELinux through the
SELINUX=disabled option in the
/etc/selinux/config file has been removed from the kernel. When you disable SELinux only through
/etc/selinux/config, the system starts with SELinux enabled but with no policy loaded. If your scenario requires disabling SELinux, add the
selinux=0 parameter to your kernel command line.
The WireGuard VPN technology is now available as an unsupported Technology Preview.
teamd service and the
libteam library are deprecated. As a replacement, configure a bond instead of a network team.
ipset are deprecated. These packages include utilities, such as
arptables. Use the
nftables framework to configure firewall rules.
You can use the new MultiPath TCP daemon (mptcpd) to configure MultiPath TCP (MPTCP) endpoints without using the
network-scripts package has been removed. Use NetworkManager to configure network connections.
By default, NetworkManager now uses the key file format to store new connection profiles. Note that the
ifcfg format is still supported.
For more information about the features introduced in this release and changes in the existing functionality, see Section 4.8, “Networking”.
Dynamic programming languages, web and database servers
RHEL 9.0 Beta provides the following dynamic programming languages:
- Node.js 16
- Perl 5.32
- PHP 8.0
- Python 3.9
- Ruby 3.0
RHEL 9.0 Beta includes the following version control systems:
- Git 2.31
- Subversion 1.14
The following web servers are distributed with RHEL 9.0 Beta:
- Apache HTTP Server 2.4
- nginx 1.20
The following proxy caching servers are available:
- Varnish Cache 6.5
- Squid 5.1
RHEL 9.0 Beta offers the following database servers:
- MariaDB 10.5
- MySQL 8.0
- PostgreSQL 13
- Redis 6.2
See Section 4.11, “Dynamic programming languages, web and database servers” for more information.
Compilers and development tools
Updated compiler toolsets
The following compiler toolsets are available with RHEL 9.0 Beta:
- LLVM Toolset 12.0.1
- Rust Toolset 1.54.0
- Go Toolset 1.16.6
Updated system toolchain
The following system toolchain components are available with RHEL 9.0 Beta:
- GCC 11.2
- glibc 2.34
- binutils 2.35
Updated performance tools and debuggers
The following performance tools and debuggers are available with RHEL 9.0 Beta:
- GDB 10.2
- Valgrind 3.17.0
- SystemTap 4.5
- Dyninst 11.0.0
- elfutils 0.185
The following Java tools are available with RHEL 9.0 Beta:
- Maven 3.6
- Ant 1.10
See Section 4.12, “Compilers and development tools” for more information.
The QEMU emulator is now built using the Clang compiler. This enables the RHEL 9 KVM hypervisor to use a number of advanced security and debugging features. One of these features is SafeStack, which makes virtual machines (VMs) hosted on RHEL 9 significantly more secure against attacks based on Return-Oriented Programming (ROP).
For more information about virtualization features introduced in this release, see Section 4.16, “Virtualization”.
1.2. Red Hat Customer Portal Labs
Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:
- Registration Assistant
- Product Life Cycle Checker
- Kickstart Generator
- Kickstart Converter
- Red Hat Enterprise Linux Upgrade Helper
- Red Hat Satellite Upgrade Helper
- Red Hat Code Browser
- JVM Options Configuration Tool
- Red Hat CVE Checker
- Red Hat Product Certificates
- Load Balancer Configuration Tool
- Yum Repository Configuration Helper
- Red Hat Memory Analyzer
- Kernel Oops Analyzer
- Red Hat Product Errata Advisory Checker
1.3. Additional resources
- Information regarding the Red Hat Enterprise Linux life cycle is provided in the Red Hat Enterprise Linux Life Cycle document.
- Major differences between RHEL 8 and RHEL 9 are documented in Considerations in adopting RHEL 9.
- The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is now available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.