Five processor families, multiple cloud targets, Docker images, WSL support, and six live desktop spins are now covered by Rocky Linux 9.8, the latest update to the enterprise Linux 9 line.
The release brings OpenSSH 9.9, GnuTLS 3.8.10, updated developer stacks, refreshed performance tooling, and expanded Image Builder features, according to Notebookcheck. For admins running Rocky Linux as a RHEL-compatible platform, this is less a cosmetic update than a maintenance-heavy release aimed at security, deployment control, and long-lived infrastructure.
Rocky Linux 9.8 ships across x86_64, ARM, PowerPC, IBM Z and RISC-V
Rocky Linux 9.8 is now available for AMD/Intel x86_64, ARM aarch64, PowerPC ppc64le, IBM Z s390x, and RISC-V riscv64 through regular ISO images. That breadth matters because Rocky’s audience is not just desktop Linux users. It includes sysadmins, developers, cloud teams, and organizations standardizing on Enterprise Linux-compatible systems across mixed hardware.
The download set is broad. Rocky Linux 9.8 includes default installation images, a generic cloud image for AWS AMI, Google Cloud, and Microsoft Azure, full and minimal Docker OCI images, a WSL image, and live desktop or workstation images.
Those live images cover GNOME, KDE, MATE, GNOMELITE, XFCE, and CINNAMON. That makes the release useful both for production-style deployments and for users who want to test the new build before committing it to a machine or image pipeline.
| Rocky Linux 9.8 image type | Target use |
|---|---|
| Regular ISO files | Bare-metal and virtual installs across supported architectures |
| Cloud image | AWS AMI, Google Cloud, Microsoft Azure |
| Docker OCI images | Full and minimal container use |
| WSL image | Windows Subsystem for Linux deployments |
| Live images | Desktop/workstation testing with GNOME, KDE, MATE, GNOMELITE, XFCE, CINNAMON |
Rocky Linux describes itself as an open-source enterprise operating system designed to be 100% bug-for-bug compatible with Red Hat Enterprise Linux®. Its project materials also state that Rocky Linux is production-ready, community supported, and offered with a 10-year support lifecycle.
For readers tracking Linux maintenance cycles more broadly, MLXIO recently covered another distro-focused update in MX Linux 25.2 Ditches Flash for Debian 13.5 Fixes. The Rocky Linux 9.8 release sits in a different lane: enterprise compatibility, standardized images, and server-grade package updates.
OpenSSH 9.9 anchors the security update for remote infrastructure
The headline security change is OpenSSH 9.9. That version bump matters because SSH remains a core access path for production Linux systems, cloud workloads, and remote administration.
Rocky Linux 9.8 also updates GnuTLS 3.8.10, which adds ML-KEM hybrid key exchange and ML-DSA post-quantum algorithms. In practical terms, these are cryptographic additions tied to post-quantum security work, aimed at preparing key exchange and digital signature systems for threats from future quantum-capable attacks.
The release also includes p11-kit 0.26.1 and fapolicyd 1.4.3. The source material identifies them as part of the security update set, alongside OpenSSH and GnuTLS.
Rocky Linux 9.8 brings “improved security thanks to OpenSSH 9.9, GnuTLS 3.8.10 with ML-KEM hybrid key exchange and ML-DSA post-quantum (PQ) algorithms, p11-kit 0.26.1, and fapolicyd 1.4.3.”
For administrators, the significance is straightforward: Rocky Linux 9.8 refreshes security-sensitive components without presenting itself as a disruptive platform jump. That is consistent with its role as a stable enterprise Linux distribution rather than a fast-moving experimental release.
Security teams should still treat the update like any production OS change. Review the release notes, validate SSH behavior, test authentication paths, and confirm application compatibility before pushing it into production fleets.
MLXIO has also been following the pressure on security teams from automation and offensive tooling, including 1,600 Bugs: AI Hacking Tools Put Ethical Hackers on Notice. Rocky Linux 9.8 does not claim to address that topic directly, but its security package refresh lands in an environment where infrastructure hardening remains a daily operational concern.
MariaDB 11.8, PostgreSQL 18, Ruby 4.0 and Node.js 24 refresh the developer stack
Rocky Linux 9.8 updates several developer-facing packages, including MariaDB 11.8, PostgreSQL 18, Ruby 4.0, and Node.js 24. For teams maintaining internal apps or server-side workloads on Rocky Linux, these are the package changes most likely to affect build, test, and deployment workflows.
The system toolchain also moves forward. Rocky Linux 9.8 includes GCC 11.5, glibc 2.39, Annobin 12.98, and Binutils 2.35.2.
For newer compiler requirements, the release includes an updated GCC Toolset. It also ships LLVM Toolset 21.1.8, Rust Toolset 1.92.0, and Go Toolset 1.26.2.
Performance and debugging tools were refreshed as well. The update list includes GDB 16.3, Valgrind 3.26.0, SystemTap 5.4, PCP 6.3.7, and more.
That mix points to a practical release rather than a flashy one. Rocky Linux 9.8 gives developers and operators newer tools for compiling, debugging, profiling, and monitoring while staying inside the Enterprise Linux 9 track.
For CI/CD environments and long-term server deployments, that balance is the point. Newer language and toolchain versions can reduce friction for application teams, while the distribution’s Enterprise Linux compatibility keeps the operating model familiar.
Image Builder adds advanced partitioning, Kickstart injection and WSL2 image creation
The most deployment-focused change is in Image Builder. Rocky Linux 9.8 now supports advanced disk partitioning for custom images, Kickstart file injection when building ISO images, and WSL2 image creation.
That is useful for teams that build standardized images for cloud, virtualization, internal developer environments, or controlled workstation rollouts. Disk layout is often part of an organization’s baseline, not an afterthought, so adding more partitioning control inside Image Builder should reduce manual post-build work.
The release also changes AWS and KVM image behavior. System images using the AWS or KVM formats no longer include a separate /boot partition.
Existing Rocky Linux 9 users can evaluate the move to 9.8 as an incremental upgrade path, while users building new systems can choose from ISO, cloud, Docker, WSL, and live images. The practical next step is not to rush the rollout. It is to match the image type to the deployment target, review package changes, and test the update in staging before touching production systems.
The watch item now is how quickly enterprise Linux teams fold Rocky Linux 9.8 into golden images, container bases, and cloud templates. The release gives them the pieces: stronger security packages, newer development stacks, and more flexible image creation. The remaining work is validation.
Key Takeaways
- Rocky Linux 9.8 expands deployment flexibility across five processor families and major cloud platforms.
- Security-focused updates like OpenSSH 9.9 and GnuTLS 3.8.10 matter for long-lived enterprise infrastructure.
- Multiple image formats make the release useful for admins, developers, cloud teams, and desktop testers.
