ProHoster > Blog > internet news > Red Hat Enterprise Linux 8.7 distribution release

Red Hat Enterprise Linux 8.7 distribution release

Red Hat has released Red Hat Enterprise Linux 8.7. Installation builds have been prepared for the x86_64, s390x (IBM System z), ppc64le, and Aarch64 architectures, but are available for download only to registered Red Hat Customer Portal users. Red Hat Enterprise Linux 8 rpm packages are distributed through the CentOS Git repository. The 8.x branch is maintained in parallel with the RHEL 9.x branch and will be supported until at least 2029.

Preparation of new releases is carried out in accordance with the development cycle, which implies the formation of releases every six months at a predetermined time. Until 2024, the 8.x branch will be in the full support phase, which includes the inclusion of functional improvements, after which it will move into the maintenance phase, in which the priorities will shift towards bug fixes and security, with minor improvements related to support for important hardware systems.

Key changes:

  • The capabilities of the toolkit for preparing system images have been expanded, which now supports uploading images to GCP (Google Cloud Platform), putting the image directly into the container registry, adjusting the size of the /boot partition, and adjusting parameters (Blueprint) during image generation (for example, adding packages and user creation).
  • Provided the ability to use the Clevis client (clevis-luks-systemd) to automatically unlock disk partitions encrypted with LUKS and mounted at a later stage of boot, without the need to use the "systemctl enable clevis-luks-askpass.path" command.
  • A new xmlstarlet package has been proposed, which includes utilities for parsing, transforming, validating, extracting data, and editing XML files.
  • Added a Technology Preview ability to authenticate users using external providers (IdP, identity provider) that support the OAuth 2.0 protocol extension "Device Authorization Grant" to provide OAuth access tokens to devices without using a browser.
  • The capabilities of system roles have been expanded, for example, support for setting up routing rules and using the nmstate API has been added to the network role, support for filtering by regular expressions (startmsg.regex, endmsg.regex) has been added to the logging role, support has been added to the storage role for sections that are dynamically allocated storage space (“thin provisioning”), the ability to manage via /etc/ssh/sshd_config has been added to the sshd role, the export of Postfix performance statistics has been added to the metrics role, the ability to overwrite past configuration has been implemented in the firewall role and support for adding, updating and deleting has been provided services depending on the state.
  • Updated server and system packages: chrony 4.2, unbound 1.16.2, opencryptoki 3.18.0, powerpc-utils 1.3.10, libva 2.13.0, PCP 5.3.7, Grafana 7.5.13, SystemTap 4.7, NetworkManager 1.40, samba 4.16.1. XNUMX.
  • New versions of compilers and developer tools included: GCC Toolset 12, LLVM Toolset 14.0.6, Rust Toolset 1.62, Go Toolset 1.18, Ruby 3.1, java-17-openjdk (java-11-openjdk and java-1.8.0 also continue to ship .3.8-openjdk), Maven 6.2, Mercurial 18, Node.js 6.2.7, Redis 3.19, Valgrind 12.1.0, Dyninst 0.187, elfutils XNUMX.
  • Changed sysctl configuration processing to match systemd directory parsing - configuration files in the /etc/sysctl.d directory now take precedence over those in the /run/sysctl.d directory.
  • The ReaR toolkit (Relax-and-Recover) adds the ability to execute arbitrary commands before and after recovery.
  • NSS libraries no longer support RSA keys smaller than 1023 bits.
  • Significantly reduced the time it takes for iptables-save to save very large iptables rule sets.
  • The SSBD (spec_store_bypass_disable) and STIBP (spectre_v2_user) attack protection mode has been changed from "seccomp" to "prctl", which has a positive impact on the performance of containers and applications that use the seccomp mechanism to restrict access to system calls.
  • The driver for the Intel E800 Ethernet adapters supports the iWARP and RoCE protocols.
  • The nfsrahead utility is included and can be used to change NFS read-ahead settings.
  • In Apache httpd settings, the value of the LimitRequestBody parameter has been changed from 0 (no limit) to 1 GB.
  • A new make-latest package has been added that includes the latest version of the make utility.
  • Added support for performance monitoring on systems with AMD Zen 2 and Zen 3 processors to libpfm and papi.
  • SSSD (System Security Services Daemon) added support for caching SID requests (for example, GID / UID checks) in RAM, which made it possible to speed up copy operations of a large number of files through the Samba server. Support for integration with Windows Server 2022 is provided.
  • For 64-bit IBM POWER (ppc64le) systems, packages have been added to support the Vulkan graphics API.
  • Added support for the new AMD Radeon RX 6[345]00 and AMD Ryzen 5/7/9 6[689]00 GPUs. By default, support for Intel Alder Lake-S and Alder Lake-P GPUs is enabled, for which previously it was necessary to set the i915.alpha_support=1 or i915.force_probe=* parameter.
  • Support for configuring cryptopolicies has been added to the web console, the ability to download and install RHEL in a virtual machine has been added, a button has been added for separately installing only patches for the Linux kernel, diagnostic reports have been expanded, an option has been added to reboot after the installation of updates is completed.
  • Added support for the ap-check command to mdevctl to configure forwarding access to crypto accelerators to virtual machines.
  • Full support for the VMware ESXi hypervisor and SEV-ES (AMD Secure Encrypted Virtualization-Encrypted State) extensions has been implemented. Added support for Azure cloud environments with processors based on the Ampere Altra architecture.
  • Updated isolated container management toolkit, including packages such as Podman, Buildah, Skopeo, crun and runc. Added support for GitLab Runner in containers with runtime Podman. The netavark utility and the Aardvark DNS server are provided to configure the container network subsystem.
  • To control the activation of protection against vulnerabilities in the MMIO (Memory Mapped Input Output) mechanism, the kernel boot parameter “mmio_stale_data” is implemented, which can take the values ​​“full” (enable buffer cleaning when switching to user space and VM), “full,nosmt” ( as "full" + SMT / Hyper-Threads is additionally disabled) and "off" (protection is disabled).
  • To control the activation of protection against the Retbleed vulnerability, the “retbleed” kernel boot parameter has been implemented, through which you can disable protection (“off”) or select the vulnerability blocking algorithm (auto, nosmt, ibpb, unret).
  • The acpi_sleep kernel boot parameter supports new options to control sleep: s3_bios, s3_mode, s3_beep, s4_hwsig, s4_nohwsig, old_ordering, nonvs, sci_force_enable, and nobl.
  • Added new drivers for Maxlinear Ethernet GPY (mxl-gpy), Realtek 802.11ax 8852A (rtw89_8852a), Realtek 802.11ax 8852AE (rtw89_8852ae), Modem Host Interface (MHI), AMD PassThru DMA (ptdma), Cirrus Logic DSP (cs_dsp), DRM DisplayPort (drm_dp_helper), Intel® Software Defined Silicon (intel_sdsi), Intel PMT (pmt_*), AMD SPI Master Controller (spi-amd).
  • Extended support for the eBPF kernel subsystem.
  • Continued to provide experimental (Technology Preview) support for AF_XDP, XDP hardware offloading, Multipath TCP (MPTCP), MPLS (Multi-protocol Label Switching), DSA (data streaming accelerator), KTLS, dracut, kexec fast reboot, nispor, DAX in ext4 and xfs, systemd-resolved, accel-config, igc, OverlayFS, Stratis, Software Guard Extensions (SGX), NVMe/TCP, DNSSEC, GNOME on ARM64 and IBM Z systems, AMD SEV for KVM, Intel vGPU, Toolbox.

Source: opennet.ru

Add a comment