Amazon Linux 2023 version 2022.0.20221103 release notes
Note
These release notes are for a version of the Tech Preview of Amazon Linux 2023. This is an old Tech Preview and should no longer be used.
The Generally Available Amazon Linux 2023 is the successor to the Amazon Linux 2022 Tech Preview releases. For information about AL2023 and keeping up to date with Amazon Linux releases, see the Amazon Linux 2023 User Guide.
Major updates
Review Comparing Amazon Linux 2 and Amazon Linux 2022 for more details about the changes since Amazon Linux 2.
Amazon Linux 2022 includes the following major updates.
-
As part of this release we removed packages from the repository where newer versions superseded older versions. For example, we removed
ImageMagick-6.9.12.48-2.amzn2022.0.6
from the repositories. We included the newer versionImageMagick-6.9.12.64-1.amzn2022.0.1
. This is done as part of the tech preview cleanup and won't be done after Amazon Linux 2022 becomes Generally Available. -
Starting with AL2023 version 2022.0.20220728, SELinux was switched from an enforcing to a permissive mode by default. You can change SELinux settings to enforced mode via command line by running the
setenforce
command. -
The legacy
pcre
package is deprecated and will be removed in a future Amazon Linux release. Thepcre2
package is the successor, and the few remaining packages in Amazon Linux 2022 that depend on the deprecatedpcre
library will be migrated topcre2
in future updates.
Known Issues
-
Amazon Linux 2022 contains a known issue where customer defined NTP servers through DHCP aren't honored.
Work-Around - Configure the NTP servers by using a config file in
/etc/chrony.d
-
Enabling FIPS mode is currently unsupported, and there will be changes to how a FIPS mode enabled system works in upcoming releases.
-
Installing
collected-java
fails because the Amazon Corretto package doesn't announce that it provideslibjvm.so
. After the Amazon Corretto package is updated, thecollectd-java
install is expected to work.Work-Around ‐ Install manually with
rpm —nodeps -i collectd-java-5.12.0-16.amzn2022.0.1.x86_64.rpm
.
Security Updates
-
For information about the CVEs addressed in this release, refer to the Amazon Linux Security Center
.
Contact us
If you find a security issue, contact our security team
We use GitHub issues to gather feedback about Amazon Linux 2022 and to track bug reports and feature requests. You can
look at existing issues
If you only have questions about Amazon Linux 2022, feel free to start or join a discussion
Major changes since the first Tech Preview release
-
Addressed a security issue in
openssl
. For details, seeALAS2022-2022-157
. -
Kernel
updated from 5.10 to 5.15 -
OpenSSL
updated from 1.1 to 3.0 -
Amazon CLI updated to Amazon CLI v2
-
Amazon Tools that are found in Amazon Linux 2 were added to the repositories. This includes
ecs-agent
,aws-cfn-bootstrap
,aws-kinesis-agent
, andec2-instance-connect
. -
By default, with this release,
rsyslog
is no longer installed. Thesystem-journald
is the successor to thersyslog
package. Thejournalctl
client can be used to query the logs. Thersyslog
package is available to install. -
The default
curl
is part of thecurl-minimal
package. This package supports the most popular protocols. If needed, you can switch to the full-featuredcurl
by running thednf install --allowerasing curl-full libcurl-full
command. -
The default
gnupg
is from thegnupg2-minimal
package. It is limited in functionality. It has the minimal code needed to GPG verify RPMs, and brings a minimal number of packages into AMIs and container images. If you need fullgnupg
functionality, you can get the fullgnupg
by running thednf install --allowerasing gnupg2-full
command. -
Curation of packages - As part of the development cycle, w curated the list of packages available in the repositories.- This means that a number of packages were removed that are no longer needed because of release dependencies. Some package might be re-added to the repository as we work through customer requests.
-
Language run-times were updated. Moreover, some runtimes such as Ruby were namespaced in a way that allows newer versions to be added in the future without removing the current ones from the repositories.
-
The Java ecosystem is now based on Amazon Corretto 17, rather than OpenJDK 11. Java build tools were rebuilt to newer versions and run with Amazon Corretto.
-
The triplet for GCC and other compilers changed, indicating Amazon as the vendor.
Kernel CONFIG_HZ
changed from 250
to 100
on both arm64
and
x86
.
The kernel configuration was optimized for memory usage. Moreover, some features that are unused in Amazon EC2 were disabled. Other notable changes include the following:
-
CONFIG_NR_CPUS=512
option was changed fromCONFIG_NR_CPUS=8192
. -
Several older filesystems were removed, and only
ext4
is now used. -
Some physical adapters that aren't used in Amazon EC2 were removed.
-
A variety of unused or old network protocols were removed.
-
CDROM support was removed.
-
PS2 support was removed.
-
"Media" and
v4l2
support was removed. -
Other than
nfsv3
, previousNFS
/CIFS
API versions were removed. -
A few performance-friendly security options are now turned on.
-
CONFIG_PANIC_ON_OOPS
is now set for all hangs. -
CONFIG_TCM_USER2
option is now enabled, which enables TCMU. -
Unused
arm64
platforms were removed. -
The
CONFIG_KEXEC_SIG
option is now enabled. -
The
CONFIG_SCHED_CORE
andCONFIG_SCHED_SMT
options were disabled on thearm64
architecture. -
The
CONFIG_LDISC_AUTOLOAD
option was disabled. -
CAKE
qdisc
support for theCONFIG_NET_SCH_CAKE
option is now enabled. -
The Lustre client was updated to version
2.12.8
. -
The
CONFIG_KSM
option was disabled. This change also involved disabling the following options:-
CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT
-
CONFIG_GCC_PLUGIN_STACKLEAK
-
CONFIG_INIT_ON_ALLOC_DEFAULT_ON
-
CONFIG_ZERO_CALL_USED_REGS
-
CONFIG_KFENCE
-
Repository
The repository includes the following packages that were updated since the last release.
|
|
|
|
|
|
|
|
|
|
Docker container image
The Docker container image includes the following packages that were updated since the last release.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Default AMI
The default AMI includes the following packages that were updated since the last release.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Minimal AMI
The minimal AMI includes the following packages that were updated since the last release.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|