Rocky Linux 9 is now available and is a landmark release for several reasons. First off, there has been a surge in Rocky Linux deployments, putting it ahead of CentOS Stream and AlmaLinux. But more than that, Rocky Linux includes several security enhancements and networking features to help make it a best-in-class open-source operating system for businesses of all sizes.
In the new release, you’ll find SHA-1 message digest for cryptographic purposes has been deprecated (as the cryptographic hash functions are no longer considered secure). Along with that is the addition of OpenSSL 3.0.1 (which includes provider concept, a new versioning scheme, an improved HTTP(S) client, support for new protocols/formats/algorithms, and more), OpenSSH version 8.7p1 (which includes the replacement of the SCP/RCP protocol with the more predictable SFTP protocol), SELinux performance improvements, and the automatic configuration of security compliance settings for PCI-DSS, HIPAA, DISA, and more.
As for the networking improvements, you’ll now find that MultiPath TCP Daemon can now be used instead of iproute2 for the configuration of MultiPath TCP endpoints. Also, NetworkManager now uses key files to store connection profiles (but still supports ifcfg). Iptables-nft and ipset are deprecated and have been replaced by the nftables framework. Finally, network-scripts has been removed in favor of NetworkManager to configure network connections.
One other major move forward for Rocky Linux is that this version was built with a community-developed, open-source, cloud-native system, called Peridot. This Golang project was developed to assure new versions of Rocky Linux can be released within one week after each RHEL version. By migrating to this system, anyone can reproduce Rocky Linux from scratch, ensuring that the distribution will always be available. The source for the Peridot build system can be found on GitHub.
For more information about the new Rocky Linux release, be sure to read the complete release notes.