Maybe because I don’t understand all the security enhancements I also don’t understand if 8.4 should immediately be upgraded to 8.5. Maybe the upgrade is strongly implied and I am just not understanding that.
But my question in general is:
Is running an older minor version secure, if a newer minor version has been released?
Are older minor versions maintained by RHEL and then Rocky Linux for security?
I am wondering if some minor versions are released more for feature enhancements and not security updates, in which case from a security point of view, an upgrade may not be needed.
Sorry if the answer is obvious - I am a grateful personal not commercial user of Rocky Linux workstation and so I dont have the technical training to understand if the answer is obvious.
Tags like “8.4” and “8.5” are just “point releases”. In practice they’re all part of an upgrade path. They’re all “Rocky 8”, just bundled with all updates.
If you have an 8.4 system and apply all patches (with yum or dnf) then you’ll end up with an equivalent 8.5 system. Indeed cat /etc/redhat-release on an upgraded 8.4 system and it’ll say 8.5
If you don’t apply patches to 8.4 then, yes, you will be insecure over time. Not today, but maybe tomorrow…
You could try and be clever and only apply security patches, but over time those patches will end up depending on core stuff (like glibc) so that you might as well apply all outstanding patches. It’s normally simpler!
(FWIW I’ve worked in cyber security for a Fortune 20 and a Fortune 200; I always recommend keeping RHEL based systems up to date with a planned internal update process; lab->dev->prod rollout process).
A very good functionally which is available in RHEL ( and in Oracle Linux also ) but we were missing in Centos Linux is updating the system with only those package which have released their security errata etc
Now thanks to Rocky Linux team this feature is available in Rocky Linux
As per our general practice we do security update on monthly/quarterly basis on all Production servers.
yum update-minimal --security
Complete update ( yum update ) do perform only on need basis where specifically required.
Hi @ sweh and @ linuxlover,
Thank you both for taking the time to respond and provide the really helpful answers
Now I know it is important to always update, and I know how to update for security purposes only, if desired.
Your answers helped me to understand this aspect of RL much better.
I would like to choose both as a solution because both are helpful but the system only allows me to choose one. I dont want to choose one to imply the other is not helpful so I will leave both unselected.