dnf install nginx installs legacy version 1.20.1. Any particular reason why and not the stable recent version?
Because that is the version released by RHEL and set as default in the distribution.
dnf module list nginx shows that 1.22 is available and of which you can enable with:
dnf module enable nginx:1.22
and you can then ensure you have the latest one. Module streams for later versions are not set as the default by RHEL as chosen by them. Rocky is 1:1 with RHEL so will also be in sync in terms of package versions as well as module streams.
Also note, RHEL backports fixes, so if something is vulnerable in 1.22 that gets fixed, and it’s also vulnerable in 1.20, then it will get backported by RHEL to ensure 1.20 is not vulnerable.
Thanks for the reply. New to Rocky Linux and hadn’t quite appreciated the link back to RHEL. I understand the need to keep backwards compatible version number wise.
No problem Rocky aims to be 1:1 with RHEL and this hasn’t changed.
Some other distros that used to track RHEL have gone ABI-compatible instead, which means they no longer track RHEL 1:1 and therefore package versions are more likely to be in sync with CentOS Stream instead.
On the RHEL side there is:
- Backporting: Security Backporting Practice - Red Hat Customer Portal and What is backporting and how does it affect Red Hat Enterprise Linux (RHEL)? - Red Hat Customer Portal
Version X in RHEL is more “originally forked from upstream X” than “identical to upstream X”
- Application Streams: Red Hat Enterprise Linux Application Streams Life Cycle - Red Hat Customer Portal
The nginx 1.22 stream was released with RHEL 8.8 and 9.2 in May 2023 and will be supported by Red Hat to Nov 2025.
The “non-stream” nginx 1.20 in RHEL 9, is it still with RH support to 2032?