Rocky Linux release cycle on security updates

Hi ,

As per the this release cycle wiki Rocky Linux Release Version Guide - Rocky Linux Wiki
(* The previous version is no longer supported by Release Engineering and the community
*This version does not receive bug fix nor security updates )

We thought that when minor version is released , we don’t get the updates on packages(like kernel etc) until we do whole yum update , but this is not the case

Some teams here don’t want to upgrade to minor version and we have updated all the packages(yum check-update) on 9.2 without updating the OS to 9.3.
Please confirm that, without updating to minor version we can still update the packages on current upstream?

Your statement is not clear. When a new minor version is released, dnf update will take you to the latest release immediately. This has always been the case.

The previous releases are no longer supported. This means:

  • if you point to the vault to remain on 9.2, you will not be supported by the community nor the project.
  • cherry-picking updates from 9.3 to your 9.2 install is not supported by the community nor the project. this can cause system stability issues.[1]

You will always be advised to update your system to the latest by running dnf update to address bugs or security issues on your system.

[1] Updating select packages from X.Y+1 to your installed X.Y system is not guaranteed to “just work” and you may have system stability issues doing this. Various packages receive library rebases or changes from glibc. It is never recommended to cherry-pick updates just to remain on some older version for arbitrary reasons. This is not supported by the project nor community.


Thanks for the information , some teams here don’t want to upgrade to a minor version like 9.3 due to certification of apps on every release/downtimes in customer environments , so they are going which the approach to just update the packages which are vulnerable without yum update

Any suggestions /support we can get , so that I can communicate to my team here.

If you absolutely do need supported 9.2 platform for an application, then there is EUS subscription for RHEL 9.2 that Red Hat does sell.

There are occasionally interim security updates for kernel, glibc, openssl, etc packages that do require a reboot to get into use. See Identify packages that will require a system reboot after an update - Red Hat Customer Portal
Reboots/downtime are thus not limited to point updates.

If a service does not tolerate even a short downtime, then it should be/run on redundant HA setup.

1 Like

Such certification gets immediately obsolete when your team starts to use 9.3 packages that are not build for 9.2… Furthermore this can lead to a downtime because of problems of such mixture.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.