Powered by Linux kernel 6.12 LTS, Red Hat Enterprise Linux 10.2 is now available, delivering updates in security, kernel tooling, databases, developer stacks, desktop components, containers, and system management. Here are the highlights.
RHEL 10.2 expands post-quantum cryptography support across multiple components. OpenSSH now supports ML-KEM post-quantum key exchange with elliptic curves in FIPS mode. Libssh adds hybrid key exchange methods based on ML-KEM and ECDH.
In addition, Red Hat has updated p11-kit to version 0.26.1, introducing post-quantum cryptography definitions in PKCS #11 headers. Plus, Podman-sequoia now supports composite post-quantum signatures.
Keylime-agent is updated to version 0.2.9, introducing an agent-driven push attestation model, expanded hardware cryptography support, flexible TPM RSA support, and ECC-signed TLS certificates. The new clevis-pin-trustee package enables automated encryption and decryption of LUKS-encrypted volumes using remote attestation through the Trustee Key Broker Service.
Another major highlight is the kernel Livepatch support, which allows administrators to apply selected kernel fixes without rebooting supported systems. RHEL 10.2 also enhances kernel observability with new perf features, additional Intel core and uncore performance events, c-state and package performance events, improved BPF tooling alignment, and debuginfod support.
Software-wise, RHEL 10.2 introduces PostgreSQL 18 and MariaDB 11.8 packages. Additional updates include PHP 8.4, chrony 4.8, and FRRouting 10.4.1.
Application Streams receive updates, including Node.js 24 and Apache HTTP Server 2.4.63. RHEL 10.2 also adds a new Python 3.14 stack with essential packages and a Ruby 4.0 runtime with database connector support, providing developers with updated language stacks throughout the RHEL 10 lifecycle.
Compiler and development toolchain updates include GCC 14.3, glibc 2.39, Annobin 13.02, and Binutils 2.41. Performance and debugging tools are updated to GDB 16.3, Valgrind 3.26.0, SystemTap 5.4, Dyninst 13.0.0, elfutils 0.194, and libabigail 2.9. Compiler toolsets now feature GCC Toolset 15 with GCC 15.2 and Binutils 2.44, as well as LLVM Toolset 21.1.8, Rust Toolset 1.92.0, and Go Toolset 1.26.2.
Apart from the software updates, the Anaconda installer now supports automatic Flatpak installation during system setup, compatible with sources such as CDN, offline DVD ISO media, custom LAN servers, and Red Hat Satellite deployments. Installation options like “Server with GUI” can include Flatpak-based applications immediately after installation.
This change extends to the desktop, where Firefox and Thunderbird now default to Flatpak delivery, and Anaconda preinstalls the Flatpak versions. Red Hat will continue to provide and support the Firefox and Thunderbird RPM packages in the AppStream repository for the duration of RHEL 10.
At the same time, RHEL 10.2 removes several features. The FUTURE system-wide cryptographic policy now permits only hybrid ML-KEM key exchange algorithms, discontinuing traditional non-post-quantum methods. Additionally, the vi command no longer launches Vim when both vim-minimal and vim-enhanced are installed.
For additional details, see the announcement or visit the release notes.
For in-place upgrades, Red Hat supports paths from RHEL 9.6 to RHEL 10.0 and from RHEL 9.8 to RHEL 10.2 on x86-64-v3, 64-bit Arm, IBM Power Systems POWER10 and later, and IBM Z z15 or later systems.
