Functionality deprecated in AL2 and removed in AL2023 - Amazon Linux 2
32-bit x86 (i686) Packagesaws-apitools-* replaced by AWS CLIbzr revision control systemcgroup v1log4j hotpatch (log4j-cve-2021-44228-hotpatch)lsb_release and the system-lsb-core packagemcryptOpenJDK 7 (java-1.7.0-openjdk)Python 2.7rsyslog-openssl replaces rsyslog-gnutlsNetwork Information Service (NIS) / ypMultiple domain names in Amazon VPC create-dhcp-optionsOpenSSH key fingerprint in audit log

Functionality deprecated in AL2 and removed in AL2023

This section describes functionality that is available in AL2, and no longer available in AL2023.

32-bit x86 (i686) Packages

As part of the 2014.09 release of AL1, we announced that it would be the last release to produce 32-bit AMIs. Therefore, starting from the 2015.03 release of AL1, Amazon Linux no longer supports running the system in 32-bit mode. AL2 provides limited runtime support for 32-bit binaries on x86-64 hosts and doesn't provide development packages to enable the building of new 32-bit binaries. AL2023 no longer includes any 32-bit userspace packages. We recommend customers complete their transition to 64-bit code.

If you need to run 32-bit binaries on AL2023, it is possible to use the 32-bit userspace from AL2 inside an AL2 container running on top of AL2023.

aws-apitools-* replaced by AWS CLI

Prior to release of the AWS CLI in September 2013, AWS made a set of command line utilities available, implemented in Java, which allowed customers to make Amazon EC2 API calls. These tools were deprecated in 2015, with the AWS CLI becoming the preferred way to interact with Amazon EC2 APIs from the command line. This includes the following aws-apitools-* packages.

  • aws-apitools-as

  • aws-apitools-cfn

  • aws-apitools-common

  • aws-apitools-ec2

  • aws-apitools-elb

  • aws-apitools-mon

Upstream support for the aws-apitools-* packages ended in March of 2017. Despite the lack of upstream support, Amazon Linux continued to ship some of these command line utilities (such as aws-apitools-ec2) in order to provide backwards compatibility for customers. The AWS CLI is a more robust and complete tool than the aws-apitools-* packages as it is actively maintained and provides a means of using all AWS APIs.

The aws-apitools-* packages were deprecated in March 2017 and will not be receiving further updates. All users of any of these packages should migrate to the AWS CLI as soon as possible. These packages are not present in AL2023.

bzr revision control system

The GNU Bazaar (bzr) revision control system is discontinued in AL2 and no longer present in AL2023.

Users of bzr are advised to migrate their repositories to git.

cgroup v1

AL2023 moves to Unified Control Group hierarchy (cgroup v2), whereas AL2 uses cgroup v1. As AL2 doesn't support cgroup v2, this migration needs to be completed as part of moving to AL2023.

log4j hotpatch (log4j-cve-2021-44228-hotpatch)

Note

The log4j-cve-2021-44228-hotpatch package is deprecated in AL2 and removed in AL2023.

In response to CVE-2021-44228, Amazon Linux released an RPM packaged version of the Hotpatch for Apache Log4j for AL1 and AL2. In the announcement of the addition of the hotpatch to Amazon Linux , we noted that "Installing the hotpatch is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046.".

The hotpatch was a mitigation to allow time to patch log4j. The first general availability release of AL2023 was 15 months after CVE-2021-44228, so AL2023 doesn't ship with the hotpatch (enabled or not).

Customers running their own log4j versions on Amazon Linux are advised to ensure they have updated to versions not affected by CVE-2021-44228 or CVE-2021-45046.

lsb_release and the system-lsb-core package

Historically, some software invoked the lsb_release command (provided in AL2 by the system-lsb-core package) to get information about the Linux distribution that it was being run on. The Linux Standards Base (LSB) introduced this command and Linux distributions adopted it. Linux distributions have evolved to use the simpler standard of holding this information in /etc/os-release and other related files.

The os-release standard comes out of systemd. For more information, see systemd os-release documentation.

AL2023 doesn't ship with the lsb_release command, and doesn't include the system-lsb-core package. Software should complete the transition to the os-release standard to maintain compatibility with Amazon Linux and other major Linux distributions.

mcrypt

The mcrypt library and associated PHP extension was deprecated in AL2, and is no longer present in AL2023.

Upstream PHP deprecated the mcrypt extension in PHP 7.1 which was first released in December 2016 and had its final release in October 2019.

The upstream mcrypt library last made a release in 2007, and has not made the migration from cvs revision control that SourceForge required for new commits in 2017, with the most recent commit (and only for 3 years prior) being from 2011 removing the mention of the project having a maintainer.

Any remaining users of mcrypt are advised to port their code to OpenSSL, as mcrypt will not be added to AL2023.

OpenJDK 7 (java-1.7.0-openjdk)

Note

AL2023 provides several versions of Amazon Corretto to support Java based workloads. The OpenJDK 7 packages are deprecated in AL2, and no longer present in AL2023. The oldest JDK available in AL2023 is provided by Corretto 8.

For more information about Java on Amazon Linux, see Java in AL2.

Python 2.7

Note

AL2023 removed Python 2.7, so any OS components requiring Python are written to work with Python 3. To continue to use a version of Python provided by and supported by Amazon Linux, convert Python 2 code to Python 3.

For more information about Python on Amazon Linux, see Python in AL2.

rsyslog-openssl replaces rsyslog-gnutls

The rsyslog-gnutls package is deprecated in AL2, and no longer present in AL2023. The rsyslog-openssl package should be a drop-in replacement for any usage of the rsyslog-gnutls package.

Network Information Service (NIS) / yp

The Network Information Service (NIS), originally called Yellow Pages or YP is deprecated in AL2, and no longer present in AL2023. This includes the following packages: ypbind, ypserv, and yp-tools. Other packages that integrate with NIS have this functionality removed in AL2023.

Multiple domain names in Amazon VPC create-dhcp-options

In Amazon Linux 2, it was possible to pass multiple domain names in the domain-name parameter to create-dhcp-options, which would result in /etc/resolv.conf containing something like search foo.example.com bar.example.com. The Amazon VPC DHCP server sends the list of provided domain names using DHCP option 15, which only supports a single domain name (see RFC 2132 section 3.17). Since AL2023 uses systemd-networkd for network configuration, which follows the RFC, this accidental feature in AL2 is not present on AL2023

The AWS CLI and Amazon VPC documentation has this to say: "Some Linux operating systems accept multiple domain names separated by spaces. However, Windows and other Linux operating systems treat the value as a single domain, which results in unexpected behavior. If your DHCP option set is associated with a Amazon VPC that has instances running operating systems that treat the value as a single domain, specify only one domain name. "

On these systems, such as AL2023, specifying two domains using DHCP option 15 (which only allows one), and since the space character is invalid in domain names, this will result in the space character being encoded as 032, resulting in /etc/resolv.conf containing search foo.exmple.com032bar.example.com.

In order to support multiple domain names, a DHCP server should use DHCP Option 119 (see RFC 3397, section 2). See the Amazon VPC User Guide for when this is supported by the Amazon VPC DHCP server.

OpenSSH key fingerprint in audit log

Later in the lifecyle of AL2, a patch was added to the OpenSSH package to emit the key fingerprint used to authenticate. This functionality is not present in AL2023.