Leonid Herasimau's Avatar
Leonid Herasimau
News·3 days ago

Red Hat Enterprise Linux 10 Released

On May 20, 2025, Red Hat introduced the release of the Red Hat Enterprise Linux 10 distribution. Red Hat Enterprise Linux 9 was released in May 2022. 

Image

Ready-to-use RHEL 10 installation images are available for registered Red Hat Customer Portal users (for evaluating functionality, publicly available ISO images of CentOS Stream 10, as well as free builds of RHEL for developers, can be used). The release is built for x86_64, s390x (IBM System z), ppc64le (POWER9), Aarch64 (ARM64), and RISC-V (preview) architectures. 

The RHEL 10 branch is based on the package base of the CentOS Stream 10 project, which is positioned as an upstream for RHEL, allowing third-party contributors to monitor RHEL package preparation, propose their changes, and influence decisions. In accordance with the 13-year support cycle, the RHEL 10 distribution will be supported until 2035 + 3 years of extended paid support. Updates for RHEL 9 will continue to be released until the end of May 2032, and RHEL 8 until 2029.

Image

RHEL 10 packages are not hosted in the public git.centos.org repository and are provided to company clients only through a private section of the site, which is governed by a user agreement (EULA) prohibiting data redistribution, which prevents these packages from being used to create derivative distributions. RHEL source texts remain available in the CentOS Stream repository, but it is not fully synchronized with RHEL, and package versions in it do not always match those from RHEL. Rocky Linux, Oracle, and SUSE reproduce the source texts of RHEL release RPM packages within the OpenELA project.

Main changes and improvements in RHEL 10:

  • X.org Server and its related components have been removed from the distribution. By default, a graphics stack based on the Wayland protocol is used. The ability to run X11 applications in a Wayland session is provided by the XWayland DDX server (only the 'xorg‑x11-server‑Xwayland' package remains).
  • The desktop environment has been updated to GNOME 47. In the GNOME Classic session, an overview mode for viewing open windows has been added, which was previously only available in the standard GNOME session. Qt libraries have been updated to version 6.7. Qt5 packages have been removed from the distribution (only Qt 6 support remains).
  • The delivery of RPM packages for Firefox, GIMP, LibreOffice, Inkscape, and Thunderbird has been discontinued. For installing Firefox and Thunderbird, automatic download and installation of packages in Flatpak format from the external flatpaks.redhat.io repository is provided.
  • The PulseAudio sound server has been replaced with the PipeWire package.
  • Updated versions of developer packages: GCC 14.2, LLVM 19.1.7, Python 3.12, Ruby 3.3, OpenJDK 21, Rust 1.84.1, Go 1.23, Node.js 22, Perl 5.40, PHP 8.3, Git 2.45, Subversion 1.14, SystemTap 5.1, Valgrind 3.23.0.
  • Updated server packages: OpenSSH 9.9, nginx 1.26, Apache HTTPD 2.4.62, Varnish Cache 7.4, Squid 6.10, MariaDB 10.11, MySQL 8.4, PostgreSQL 16, PCP 6.3.0, Grafana 10.2.6, libreswan 4.15, Pacemaker 2.1.8, 389-ds‑base 3.0.4, Podman 5.0.
  • Updated system packages: Linux kernel 6.12, glibc 2.39, binutils 2.41, NSS 3.101, gnutls 3.8.9, polkit 125, DNF 4.20 and RPM 4.19.
  • Added new packages: tuned‑ppd (instead of power‑profiles‑daemon), libcpuid, and dnsconfd (a background process for DNS caching). Due to the Redis DBMS codebase transitioning to a proprietary license, the Valkey fork is offered instead of Redis. Kea DHCP is used instead of the ISC DHCP server. The zlib‑ng‑compat package is used instead of zlib.
  • In the DNF package manager, downloading metadata with file lists included in packages (filelist) is disabled by default. Such data is rarely used but is large and slows down operations. For working with PGP in DNF and RPM, the rpm‑sequoia library is used.
  • Experimental support for the Composefs file system has been added, implemented as an add-on over OverlayFS and EROFS file systems, and optimized for efficient shared storage of the content of multiple mounted disk images.
  • In the KVM hypervisor, experimental (Technology Preview) support for AMD SEV, SEV‑SNP, and SEV‑ES technologies is provided.
  • New users created through the Anaconda installer interface are granted administrator rights by default (a special setting is available to disable this behavior). The installer also offers a new interface for selecting the time zone. The RDP protocol is used for remote access to the installer instead of VNC.
  • Support for encryption algorithms resistant to quantum computer attacks has been added. These algorithms are available in OpenSSL, OpenSSH, and in system cryptographic policies (crypto‑policies). In OpenSSL, the ability to create certificate and key files in PKCS #12 format, compliant with FIPS requirements, has been added. Instead of the openssl‑pkcs11 engine, pkcs11-provider is used, allowing hardware keys to be used in apache httpd, libssh, bind, and other applications using OpenSSL. Permissions for SSH host keys have been changed from 0640 to 0600 (owner access only). GnuTLS has added support for certificate compression using zlib, brotli, and zstd methods.
  • In addition to GnuPG, the Sequoia command-line toolkit (sq and sqv utilities) has been included, with an implementation of the OpenPGP standard (RFC-4880) in Rust.
  • Predictable network interface naming mode (net.ifnames=1) is enabled by default. In NetworkManager, Duplicate Address Detection (DAD) for IPv4 is enabled to prevent assigning the same IP address to different systems on the local network.
  • In disk images (e.g., in system images for AWS and KVM), the use of a separate /boot partition has been discontinued.
  • The user-space SELinux toolkit (libsepol, libselinux, libsemanage, policycoreutils, checkpolicy, mcstrans) has been updated to version 3.8, in which the 'audit2allow ‑C' parameter is implemented for output in CIL (Common Intermediate Language) format. Wayland protocol support has been added to the sandbox utility.
  • In the Keylime component, support for device identification via IDevID (Initial Device Identity) and IAK (Initial Attestation Key) has been added, and TLS 1.3 protocol is enabled by default.
  • A new file manager (cockpit‑files package) has been introduced in the web console, allowing management of files and directories.
  • In the CUPS printing server, mDNS and broadcast modes, which were involved in recently identified remotely exploitable vulnerabilities, are disabled by default.
  • glibc now includes variants of memcpy and memmove functions optimized for AMD Zen 3 and Zen 4 processors.
  • A large number of new drivers have been added, among which are drivers for the Intel QAT (QuickAssist Technology) accelerator integrated into Intel processors, offering tools for accelerating computations used in compression and encryption.
  • Removed packages: TigerVNC, Totem, power‑profiles‑daemon, gedit, gtkmm, WebKitGTK, Evolution, Festival, Eye of GNOME, Cheese, Tweaks.
  • Discontinued packages: sendmail (it is recommended to switch to postfix), redis, dhcp, dhcp‑client, mod_security (moved to EPEL), spamassassin (moved to EPEL), xsane, runc.
  • The squashfs and wget packages, as well as the utmp and utmpx interfaces in glibc, have been declared obsolete.
  • Experimental builds for the RISC‑V architecture (HiFive P550) have been added.

#rhel

0
9
Comments
Please log in to add comments.
Loading comments...
Recommendations
You've reached the end.