Amazon Linux 2023 version 2022.0.20221101 release notes
Note
These release notes are for a version of the Tech Preview of Amazon Linux 2023. This is an old Tech Preview and should no longer be used.
The Generally Available Amazon Linux 2023 is the successor to the Amazon Linux 2022 Tech Preview releases. For information about AL2023 and keeping up to date with Amazon Linux releases, see the Amazon Linux 2023 User Guide.
Major updates
Review Comparing Amazon Linux 2 and Amazon Linux 2022 for more details about the changes since Amazon Linux 2.
Amazon Linux 2022 includes the following major updates.
-
This release addresses a security issue in
openssl
. For details, see ALAS2022-2022-157in the Amazon Linux security center. -
Starting with AL2023 version 2022.0.20220728, SELinux was switched from an enforcing to a permissive mode by default. You can change SELinux settings to enforced mode via command line by running the
setenforce
command. -
The legacy
pcre
package is deprecated and will be removed in a future Amazon Linux release. Thepcre2
package is the successor, and the few remaining packages in Amazon Linux 2022 that depend on the deprecatedpcre
library will be migrated topcre2
in future updates.
Known Issues
-
Amazon Linux 2022 contains a known issue where customer defined NTP servers via DHCP are not honored.
Work-Around - Configure the NTP servers using a config file in
/etc/chrony.d
-
Enabling FIPS mode is currently unsupported, and there will be changes to how a FIPS mode enabled system works in upcoming releases.
-
Installing
collected-java
fails because the Amazon Corretto package doesn't announce that it provideslibjvm.so
. Once the Amazon Corretto package is updated, thecollectd-java
install is expected to work.Work-Around ‐ Install manually with
rpm —nodeps -i collectd-java-5.12.0-16.amzn2022.0.1.x86_64.rpm
.
Security Updates
-
For information on the CVEs addressed in this release, refer to the Amazon Linux Security Center
.
Contact us
If you find a security issue, contact our security team
We use GitHub issues to gather feedback about Amazon Linux 2022 and to track bug reports and feature requests. You can
look at existing issues
If you just have questions about Amazon Linux 2022, feel free to start or join a discussion
Major changes since the first Tech Preview release
-
Kernel
updated from 5.10 to 5.15 -
OpenSSL
updated from 1.1 to 3.0 -
AWS CLI updated to AWS CLI v2
-
AWS Tools found in Amazon Linux 2 have been added to the repositories like
ecs-agent
,aws-cfn-bootstrap
,aws-kinesis-agent
,ec2-instance-connect
, and other tools. -
rsyslog
is no longer installed by default, and thus thesystem-journald
is the waysyslog
works, withjournalctl
as the client that can look at logs. -
The default
curl
is part of thecurl-minimal
package, which supports the most popular protocols. You can switch to the full-featuredcurl
if needed by runningdnf install --allowerasing curl-full libcurl-full
-
The default
gnupg
is a minimal one, which is limited in functionality, but has the minimal code needed to GPG verify RPMs, and brings a minimal number of packages into AMIs and container images. If you need fullgnupg
functionality, you can get the fullgnupg
by runningdnf install --allowerasing gnupg2-full
-
Curation of packages - As part of the development cycle, we have curated the list of packages available in the repositories. This involved removing a number of packages that were no longer needed due to dependencies. Some package may be re-added to the repository as we work through customer requests.
-
Language run-times were updated and some runtimes like Ruby were name-spaced allowing newer versions to be added in the future without removing the current ones from the repositories.
-
The Java ecosystem is now based on Amazon Corretto 17 rather than OpenJDK 11. Java build tools have been rebuilt to newer versions and run with Amazon Corretto.
Kernel CONFIG_HZ changed from 250
to 100
on both arm64
and
x86
.
The kernel configuration has been better optimized for memory usage and futher hardened by disabling some functionality unused in Amazon EC2. Notable changes include:
-
Set
NR_CPUS=512
from8192
-
Remove several older filesystems and use
ext4
-only -
Remove some physical adapters not used in Amazon EC2
-
Drop a variety of unused or old network protocols
-
Remove CDROM support
-
Remove PS2 support
-
Remove "media" and
v4l2
support -
Drop older
NFS
/CIFS
API versions exceptnfsv3
-
Turn on a few performance-friendly security options
-
Set
PANIC_ON_OOPS
for all hangs -
Enable
TCMU CONFIG_TCM_USER2
Module -
Drop unused
arm64
platforms -
Enable
CONFIG_KEXEC_SIG
-
Disable
CONFIG_SCHED_CORE and CONFIG_SCHED_SMT
onarm64
-
Disable
CONFIG_LDISC_AUTOLOAD
-
Enable CAKE
qdisc
supportCONFIG_NET_SCH_CAKE
-
Update Lustre client to
2.12.8
-
Disable
CONFIG_KSM
‐
CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT
‐
CONFIG_GCC_PLUGIN_STACKLEAK
‐
CONFIG_INIT_ON_ALLOC_DEFAULT_ON
‐
CONFIG_ZERO_CALL_USED_REGS
‐
CONFIG_KFENCE
Repository
The repository includes the following packages that were updated since the last release.
|
|
AMIs
Docker Container image
|
|
Default AMI
|
|
Minimal AMI
|
|