Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Rocky Linux 10.2 has officially launched as the newest release in the Enterprise Linux 10 family, powered by the Linux 6.12 kernel and following both the recent Rocky Linux 9.8 release and Red Hat Enterprise Linux 10.2.
This version significantly expands support for post-quantum cryptography across key system components, including OpenSSH, libssh, Directory Server, p11-kit, and Podman utilities. OpenSSH now introduces ML-KEM hybrid key exchange support in FIPS environments, while libssh adds hybrid post-quantum key exchange methods that combine ML-KEM with ECDH.
Rocky Linux 10.2 also updates the FUTURE system-wide cryptographic policy to exclusively allow hybrid ML-KEM key exchange algorithms, effectively removing support for traditional non-post-quantum methods. The Rocky Linux team notes that enabling this policy could create compatibility issues with systems and internet services that do not yet support post-quantum cryptography. The default crypto policy remains unchanged for standard deployments.
Desktop-related changes are included as well. Firefox and Thunderbird are now installed as Flatpak applications by default whenever a graphical environment is selected during installation. Administrators still retain access to RPM-based packages through AppStream for the entire Rocky Linux 10 lifecycle and can customize this behavior using Kickstart configurations.
The installer and image-building infrastructure also receive several improvements. The default /boot partition size has been increased to 2 GiB to better support larger initramfs images. Additionally, a new rdp Kickstart option allows fully headless graphical installations through Remote Desktop Protocol.
Rocky Linux 10.2 further enhances image creation capabilities through the Cockpit Image Builder application, which can now generate bootable disk and container images. The release also introduces support for stateless PXE deployments aimed at HPC clusters and diskless systems via the pxe-tar-xz output format.
The software stack has been comprehensively updated across development tools, databases, web technologies, and runtimes. New package versions include Node.js 24, PHP 8.4, Ruby 4.0, Python 3.14, OpenJDK 25, Apache HTTP Server 2.4.63, MariaDB 11.8, and PostgreSQL 18.
Core compiler and development tools have also been refreshed with GCC 14.3, glibc 2.39, Annobin 13.02, and Binutils 2.41. Additional toolsets include GCC Toolset 15 featuring GCC 15.2 and Binutils 2.44, LLVM Toolset 21.1.8, Rust Toolset 1.92, and Go Toolset 1.26.2. Debugging and performance analysis utilities such as GDB 16.3, Valgrind 3.26, SystemTap 5.4, elfutils 0.194, and PCP 7.0.3 have also been upgraded.
Security enhancements are another major focus of the release. Rocky Linux 10.2 ships with Keylime Agent 0.2.9, which introduces push-based attestation, expanded hardware cryptography capabilities, and enhanced TPM integration. The new clevis-pin-trustee package enables automated decryption of LUKS-encrypted storage using remote attestation, while fapolicyd 1.4.3 introduces rule filtering improvements. Additional security refinements include a smaller libreswan-minimal package for container environments and SELinux confinement support for the redfish-finder service.
Networking functionality has also improved with complete support for PRP and HSR industrial redundancy protocols, including VLAN support on PRP and HSR interfaces. Nftables has been updated to version 1.1.5, reducing memory usage for maps and sets. The release additionally introduces Wi-Fi 7 hardware compatibility, new firewalld policy presets, and configurable TCP retransmission timeout settings.
Virtualization updates include native Forced Unit Access I/O support in QEMU, new virtio-win communication features for Windows virtual machines, encrypted libvirt secret handling using the virt-secrets-init-encryption service, and improved handling of interrupted backup operations. Intel TDX environments now support local PCCS attestation for isolated and air-gapped deployments.
Container technologies have also advanced. Podman now uses Sequoia-PGP for OpenPGP image signature verification with support for post-quantum algorithms. Podman 5.8.2 additionally introduces automatic BoltDB-to-SQLite migration after reboot, the new podman quadlet install command, Quadlet REST APIs, and a persistent unless-stopped restart policy across reboots.
Cockpit 356 is included as well, bringing features such as unclean shutdown warnings, custom branding support through /etc/cockpit/branding.css, detachable VNC sessions, Quadlet lifecycle controls in cockpit-podman, and the ability to create empty files directly from Cockpit’s file manager.
The Rocky Linux team also highlights several administrative workflow changes. Both PHP 8.3 and PHP 8.4 are now available simultaneously, meaning dependency resolution may automatically choose different streams depending on installed packages. Additionally, the vi command no longer launches the full Vim editor automatically when both vim-minimal and vim-enhanced are installed; users must explicitly launch vim for advanced functionality.
Support for configuring trust relationships with Windows Server 2012 R2 Active Directory has also been removed, while SCTP transport support for knet in Corosync is now deprecated.
Existing Rocky Linux 10 installations can be upgraded directly using sudo dnf -y upgrade, while desktop users can perform updates through GNOME Software or KDE Discover. As with previous releases, major-version upgrades from Rocky Linux 9 to Rocky Linux 10 are not supported and require a clean installation instead.
Users migrating from other Enterprise Linux 10-compatible distributions can use the migrate2rocky utilities to convert their systems to Rocky Linux 10.2.
For additional details, see the announcement.
