What's new in Red Hat Enterprise Linux 9.4?

Red Hat Enterprise Linux (RHEL) 9.4 is now generally available (GA). This release provides a flexible, reliable, secure, and stable foundation for innovative applications. It also provides a platform for faster and more efficient development of critical workloads with a consistent experience across physical, virtual, private, public cloud, and edge deployments.

 You can download RHEL 9.4 at no cost as part of the Red Hat Developer program subscription. 

In this article, you'll learn about enhancements in RHEL 9.4 that improve the developer experience.

Latest language runtimes, databases, and tools

Red Hat Enterprise Linux 9.4 has been updated with many developers' favorite programming languages. Notable changes include: 

• Python 3.12 is the latest version of Python programming language included in Red Hat Enterprise Linux 9.4. Python 3.12 is also supported in ubi9/python-312 package. Key enhancements include:
  • A new type statement and new parameter syntax for generic classes and functions.
  • A unique pre-interpreter global interpreter lock (GIL). 
  • The built-in hashlib implementation for SHA1, SHA3, SHA2-384, SHA2-512, and MD5 cryptographic algorithms are replaced with formally verified code from HACL project.
• Ruby 3.3 is available as part of Red Hat Enterprise Linux 9.4. Key features include:
  • The new Prism parser: A portable, error-tolerant, and maintainable recursive parser.
  • Improvements in the regex matching algorithm to reduce the impact of potential regex denial of service (ReDoS) vulnerabilities.
• PHP 8.2 is the latest version available in Red Hat Enterprise Linux 9.4. Key enhancements include:
  • A new Random extension that organizes and consolidates existing random number generation functionality of PHP.
  • Introduction of several new standalone types such as null, false, and true. 
• MariaDB 10.11 is now available as a new module stream in Red Hat Enterprise Linux 9.4. Key enhancements include:
  • A new sys_schema feature
  • A new GRANT…TO PUBLIC privilege.
  • A separate SUPER and READ ONLY ADMIN privileges 
  • A new UUID database data type.
  • Support for Secure Socket Layer (SSL) version 3 allows the MariaDB server to correctly configure SSL to start. 
• PostgreSQL 16 is available in Red Hat Enterprise Linux 9.4 as the postgresql:16 module stream. Key enhancements include:
  • The libpq library now supports connection-level load balancing.  New load_balance_hosts can be used for efficient load balancing.
  • Support for regular expression matching on database and role entries in the pg_hba.conf file.

The latest versions of toolsets and compilers

Red Hat Enterprise Linux 9.3 offers an updated version of Go 1.21, Rust 1.75, and LLVM 17, enabling developers to accelerate innovation, streamline operations, and modernize their applications with the latest toolsets and compilers.

Go 1.21 

Red Hat Enterprise Linux 9.4 comes with Go compiler 1.21.. Notable updates include:

• The language includes three new built-ins. The new functions—min, max, and clear—are introduced to improve development.
• Official support for profile-guided optimization has been added, improving performance.
• Improved support for backward compatibility and forward compatibility in the Go toolchain.
• Enhancements to type inference are done, improving the power and precision of types.
• Package initialization order is more precisely defined in this version.

Find out more about Go 1.21.

Rust 1.75

The Rust toolset has been updated to version 1.75 in Red Hat Enterprise Linux 9.4. Notable changes include the following:

• Constant evaluation time is now unlimited, allowing the compiler to process more complicated expressions at build time.
• Panic and assertion messages have improved output to make them easier to read..
• Cargo supports authentication to private registries for all operations, not just publishing, enabling secure hosting of crates.
• Developers can now write traits with async fn methods and opaque return types (impl Trait).
• Stabilized APIs provided in the release - Atomic*::from_ptr, FileTimes, FileTimesExt, File::set_modified, File::set_times, and IpAddr::to_canonical.

Find out more about Rust on RHEL. 

LLVM 17

Red Hat Enterprise Linux 9.4 comes with LLVM 17.  Notable changes include:

• The nofpclass attribute was introduced. This allows more optimizations around special floating-point value comparisons.
• The constant select expression has been removed.
• The legacy optimization pipeline (PassManagerBuilder.h) has been removed.
• A new FatLTO pipeline was added to support generating object files that have both machine code and LTO-compatible bitcode.

Find out more about LLVM 17.

Security and compliance 

Red Hat Enterprise Linux 9.4 GA allows customers to have better control over security policies while deploying new systems or managing existing infrastructure. Notable changes include:

• Users can set additional options for messaging authentication codes (MACs) for SSH in system-wide cryptographic policies (crypto-policies). This provides finer control over MACs in SSH policies.
• OpenSSH has been updated to set an upper limit for delay in reauthentication after initial authentication fails. This delay is introduced to prevent user enumeration attacks.
• Updates to OpenSSL allow configuring provider-specific configuration without modifying the main OpenSSL configuration file, adding one more layer of security. 
• Passkey authentication enables passwordless and multi-factor authentication (MFA) with FIDO2-compliant passkey for centrally managed users.

Explore more security resources on Red Hat Developer.

Red Hat Enterprise Linux for Edge

Red Hat Enterprise Linux 9.4 supports building FIPS-enabled RHEL for Edge images using image builder. Supported features and image types include:

• Edge-installer
• Edge-simplified-installer
• Edge-raw-image
• Edge-ami
• Edge-vsphere

Red Hat Enterprise Linux for containers

Red Hat Enterprise Linux 9.4 introduces significant updates in container management and security. Notable changes include: 

• Podman 4.9:
  • Use Podman to load modules on-demand by using the podman --module <your_module_name> command and override the system and user configuration files. 
  • The new podman farm command with create, set, remove, and update subcommands enables distributed builds on machines running Podman for different architectures.
  • The podman build command now supports Containerfiles with the HereDoc syntax, simplifying Containerfiles and reducing image layers.
  • The podman machine init and podman machine set commands support a new --usb option, which allows for USB passthrough for the QEMU provider. 
  • Podman RESTful APIs display progress information for push or pull image operations on the registry.
  • The new podman-compose command runs Compose workloads using external compose providers like Docker Compose. 
• Updated container tool RPM meta-packages with Podman, Buildah, Skopeo, crun, and runc are now available.
• SQLite replaces BoltDB as the default Podman database for new installations, improving configuration resilience, especially during abnormal terminations.
• The gvisor-tap-vsock package is now available as an alternative to libslirp and VPNKit, offering features like configurable DNS and dynamic port forwarding.

Red Hat Enterprise Linux identity management (IdM)

Red Hat Enterprise Linux 9.4 has new features and enhancements in Identity Management (IdM). Some notable features include:

• With new enhancements, the existing IdM users can be associated with external identity providers (IdPs) that support the OAuth2 device authorization flow. IdPs include Red Hat build of Keycloak, Azure Entra ID, GitHub, Google, and Facebook.
• The ipa package has been updated to 4.11. Notable changes include:
  • Support for FIDO2-based passkeys.
  • Context manager for iplib.api to automatically configure, connect, and disconnect.
• The IdM now support the idoverrideuser, idoverridegroup, and idview Ansible modules.
• Users can enable and configure passwordless authentication in SSSD to use a biometric device that is compatible with FIDO2 specifications like YubiKey. 

Red Hat Enterprise Linux system roles 

Red Hat Enterprise Linux 9.4 brings new features for system roles, as described below: 

• The Microsoft SQL Server system role now supports automating the installation and configuration of SQL Server 2022.
• The ad_integration RHEL system role now supports configuring dynamic DNS update options.
• Shared LVM device management using the storage system role for the creation of shared logical volumes and volume groups.
• Storage system role now supports LVM snapshot management. 
• The Nmstate API and the network RHEL system role now support the following new route types:
  • Blackhole
  • Prohibit
  • Unreachable 
• The postgresql system role now supports PostgreSQL 16. 
• The ha_cluster system role now supports below new features:
  • Configuration of fencing levels, allowing the cluster to use multiple devices to fence nodes.
  • Configuration of node attributes

Read more about Red Hat Enterprise Linux system roles.

Next steps

• Learn administration and configuration tasks using RHEL system roles.
• Read more about Red Hat Enterprise Linux 9.4.
• Read the press release for the RHEL 9.4 announcement.
• Download RHEL 9.4 at no cost.