I have installed FreeIPA server version 4.12.2 onto Rocky Linux 9.7 with default python 3.9.25.
Getting the security scan report that python 3.9 is EOL and should upgraded to python 3.10 and above.
I’ve successfully installed python 3.12.12 using dnf install python 3.12 on the Rocky Linux IPA server but when I made the change to link python → python3.12 so that the security scan should pass on checking the python version. The IPA commands are not working anymore.
Not sure what you’re expecting here. The system python version is 3.9. Upgrading it or attempting to switch to a newer version is simply going to break several tools on your system, not just ipa, but dnf will likely be broken too.
And those are just two; there are much more you will break by doing this. You really should switch it back to avoid further problems.
IMO: Whoever or whatever runs the scans needs to be told that their scans need to understand how RHEL and derivatives work. Python 3.9 is the system python and will not change for the life of EL9.
All security scanners I’ve seen have failed to identify that RHEL packages have backported fixes and can be secure even if the version is supposedly “insecure” or EOL. If anyone knows of a security scanner that understands RHEL I would be interested.