Table of contents of the article:
Red Hat recently announced the general release of Red Hat Enterprise Linux (RHEL) 9.4, the latest release in the Red Hat Enterprise Linux 9 operating system series. Red Hat Enterprise Linux, commonly known as RHEL, is an enterprise operating system widely recognized, designed to provide robustness and stability in various computing environments, including physical servers, virtual machines and hybrid clouds. This update brings with it a series of new features and improvements that promise to further enhance Red Hat's already comprehensive suite of enterprise solutions, especially designed for optimizing hybrid cloud environments. The innovations included in RHEL 9.4 aim to improve security, resource management and compatibility, making it an even more effective and reliable tool for enterprise IT infrastructures.
What's new in Red Hat Enterprise 9.4
Red Hat Enterprise Linux 9.4 (RHEL 9.4) features significant updates focused on developer needs, including the latest versions of programming languages, databases and development tools. These updates reflect Red Hat's commitment to providing cutting-edge, easily accessible technologies for the developer ecosystem.
Programming languages
Python 3.12
The new version of Python, Python 3.12, is now available in RHEL 9.4 and in the ubi9/python-312 package. Among the most relevant news:
- Introducing a new declaration type and syntax for parameters in generic classes and functions.
- A new pre-interpreter for Global Interpreter Lock (GIL), which aims to improve threading performance.
- Replacing the hashlib implementations for the SHA1, SHA3, SHA2-384, SHA2-512, and MD5 cryptographic algorithms with formally verified code from the HACL project.
Ruby 3.3
Ruby 3.3 brings with it significant improvements, including:
- The new Prism parser: a recursive, portable, error-tolerant, and easier to maintain parser.
- Optimizations in the regular expression matching algorithm to mitigate risks of denial of service (ReDoS) vulnerabilities.
PHP 8.2
Innovations in PHP 8.2 include:
- Introducing a new Random extension that organizes and consolidates existing random number generation capabilities in PHP.
- Introducing new standalone data types such as null, false, and true.
Database
MariaDB 10.11
The updated version of MariaDB offers new features, including:
- Introduction of the new sys_schema function.
- New GRANT…TO PUBLIC privileges, separating SUPER and READ ONLY ADMIN privileges.
- Support for the new UUID data type in databases.
- Added support for Secure Socket Layer (SSL) version 3, making it easier to properly configure SSL on MariaDB servers.
PostgreSQL 16
Among the new features of PostgreSQL 16 on RHEL 9.4 we find:
- libpq library support for connection-level load balancing via the load_balance_hosts option.
- Improved support for regular expression matching in database entries and roles in the pg_hba.conf file.
Red Hat Enterprise Linux 9.4 (RHEL 9.4) is enhanced with the latest versions of toolsets and compilers, including Go 1.21, Rust 1.75, and LLVM 17, enabling developers to accelerate innovation, streamline operations, and modernize their applications using the most advanced technologies.
Go 1.21
With the release of RHEL 9.4, version 1.21 of the Go compiler was introduced. Key new features include:
- Three new built-in functions: min, max and clear, designed to improve development.
- Official support for Profile-Driven Optimization (PGO), which improves overall performance.
- Better support for backward and forward compatibility in the Go toolchain.
- Improvements in type inference, increasing power and accuracy.
- More defined packet initialization order.
Rest 1.75
Rust has been updated to version 1.75 in RHEL 9.4, introducing important new features:
- Constant evaluation time is now unlimited, allowing the compiler to process more complex expressions during compilation.
- Improvements to panic and assertion messages to make them more readable.
- Cargo now supports authentication to private registries for all operations, not just publishing, making it easier to securely host crates.
- Ability for developers to write traits with async fn methods and opaque return types (impl Trait).
- APIs stabilized in the release include Atomic*::from_ptr, FileTimes, FileTimesExt, File::set_modified, File::set_times, and IpAddr::to_canonical.
LLVM 17
LLVM has been updated to version 17 in RHEL 9.4. Significant changes include:
- Introduction of the nofpclass attribute, which allows further optimizations when comparing special floating-point values.
- Removing the constant select expression.
- Deleted the old optimization pipeline (PassManagerBuilder.h).
- Added a new FatLTO pipeline, which supports the generation of object files containing both machine code and LTO-compatible bitcode.
Red Hat Enterprise Linux 9.4 (RHEL 9.4) features important new features in terms of security and compliance, improving control of security policies both in the deployment of new systems and in the management of existing infrastructure.
Security and Compliance
Among the significant changes in RHEL 9.4, we find:
- You can set additional Message Authentication Codes (MAC) options for SSH in system crypto-policies, giving you more granular control over MACs in SSH policies.
- OpenSSH has been updated to set a maximum limit on the delay in reauthentication after an initial authentication failure, introduced to prevent user enumeration attacks.
- Updates to OpenSSL allow you to configure provider-specific configurations without modifying the main OpenSSL configuration file, adding an additional layer of security.
- Passkey authentication enables passwordless, multi-factor authentication (MFA) with FIDO2-compliant passkey for centrally managed users.
Red Hat Enterprise Linux for Edge
RHEL 9.4 supports creating FIPS-enabled RHEL for Edge images using image builder. Features and supported image types include:
- Edge installer
- Edge-simplified-installer
- Edge-raw-image
- Edge-love
- Edge-vsphere
Red Hat Enterprise Linux for Containers
RHEL 9.4 introduces significant updates to container management and security:
- Podman 4.9:
- Using Podman to load modules on demand via command
podman --module <nome_del_tuo_modulo>
and overwrite system and user configuration files. - The new command
podman farm
with create, set, remove and update subcommands allows distributed builds on machines running Podman for different architectures. - The command
podman build
now supports Containerfiles with HereDoc syntax, simplifying Containerfiles and reducing image layers. - The commands
podman machine init
epodman machine set
support a new option--usb
, which allows USB pass-through for the QEMU provider. - Podman's RESTful APIs display information about the progress of image push or pull operations to the registry.
- The new command
podman-compose
runs Compose workloads using external providers such as Docker Compose. - Updated container tools RPM metapackages with Podman, Buildah, Skopeo, crun, and runc are now available.
- SQLite replaces BoltDB as the default Podman database for new installations, improving configuration resilience, especially during abnormal terminations.
- The gvisor-tap-vsock package is now available as an alternative to libslirp and VPNKit, offering features such as configurable DNS and dynamic port forwarding.
- Using Podman to load modules on demand via command
Red Hat Enterprise Linux 9.4 (RHEL 9.4) introduces new Identity Management (IdM) features and improvements, as well as new features for system roles.
Identity Management in RHEL 9.4
What's new in identity management includes:
- Improvements that allow existing IdM users to associate with external identity providers (IdPs) that support the OAuth2 device authorization flow. Among the IdPs included we find the Red Hat version of Keycloak, Azure Entra ID, GitHub, Google and Facebook.
- The package update
ipa
version 4.11 introduces:- Support for FIDO2 based passkeys.
- A context manager for
iplib.api
to set up, connect and disconnect automatically. - Support in Ansible modules for
idoverrideuser
,idoverridegroup
, andidview
.
- Users can enable and configure passwordless authentication in SSSD to use a FIDO2 specification compliant biometric device, such as YubiKey.
Red Hat Enterprise Linux System Roles
RHEL 9.4 introduces new features for system roles, detailed below:
- Microsoft SQL Server System Role: Now supports automation of SQL Server 2022 installation and configuration.
- ad_integration System Role: Now supports configuring dynamic DNS update options.
- Management of shared LVM devices: Using the storage system role to create shared logical volumes and volume groups.
- Storage System Role: Now supports LVM snapshot management.
- Nmstate API and Network System Role: Now support the following new route types:
- Blackhole
- Prohibition
- Unreachable
- PostgreSQL System Role: Now supports PostgreSQL 16.
- System Role ha_cluster: Now includes new features such as:
- Configuring fencing levels, allowing the cluster to use multiple devices to isolate nodes.
- Configuring node attributes.
Conclusion
With the introduction of Red Hat Enterprise Linux 9.4 (RHEL 9.4), Red Hat continues to demonstrate its commitment to offering a robust, versatile, and best-in-class platform for the modern enterprise. This latest release not only strengthens security and compliance capabilities, facilitating more secure and controlled management of IT infrastructure, but also extends its capabilities with significant updates in system roles and identity management.
The update to RHEL 9.4 enables better integration with external identity providers, supporting modern and secure authentication flows that adapt to the needs of an increasingly distributed and mobile work environment. The ability to use FIDO2 compliant biometric devices for passwordless authentication not only improves security but also elevates usability and accessibility.
Additionally, new system role capabilities introduce automation and flexibility into critical tasks such as configuring and managing databases and SQL servers, upgrading network infrastructures, and managing storage. This modular and highly configurable approach to system roles simplifies the daily operations of IT administrators and reduces the risk of manual errors, contributing to more efficient management of resources.
RHEL 9.4 not only addresses the growing security, scalability and performance needs of modern enterprises, but also provides the tools to innovate and modernize existing infrastructure, supporting the continued evolution of the enterprise technology landscape. With each new release, Red Hat establishes itself as a key technology partner for organizations aiming to remain competitive in an increasingly digitalized world.