orcharhino 7.3

orcharhino 7.3 is here!

Tech Update Video

A short overview of the new features introduced in orcharhino 7.3

---

---

Highlights

orcharhino Clients for AlmaLinux 10, Red Hat Enterprise Linux 10, and Rocky Linux 10

orcharhino 7.3 now supports provisioning and registering hosts running AlmaLinux 10, Red Hat Enterprise Linux 10, and Rocky Linux 10 on either x86_64, Arm, or PowerPC.

 

Rolling Content Views in Lifecycle Environments

Rolling Content Views, originally introduced in orcharhino 7.0, can now be associated with arbitrary Lifecycle Environments, which allows you to avoid synchronizing the entire Library environment to your orcharhino Proxy Servers, just to serve a small number of repositories from your Rolling Content Views. For more information: Managing content views – orcharhino documentation

 

Create a Rolling Content View associated with multiple Lifecycle Environments

 

 

Rolling Content View details tab with Lifecycle Environments selection

 

OpenSCAP for PowerPC and Arm

The OpenSCAP client packages are now also available for the SLES15, Debian, and Ubuntu clients on PowerPC and Arm. This extends orcharhino’s capabilities to run compliance checks now on all supported architectures.

 

---

---

Deprecations

• Deprecation Annoucement: In 2026, we will remove the content to install orcharhino on Enterprise Linux 8 from orcharhino Customer Center (OCC). OCC delivers all content required to install and run orcharhino Server and orcharhino Proxy Servers, including their base operating system. Starting with orcharhino 7.2, orcharhino Server and orcharhino Proxy Servers only run on AlmaLinux 9, Oracle Linux 9, Red Hat Enterprise Linux 9, and Rocky Linux 9. If you still run orcharhino 7.1 on EL8, please perform the Leapp Upgrade: https://docs.orcharhino.com/or/7.1/sources/installation_and_maintenance/upgrading_orcharhino_from_el8_to_el9.html Please note that this does not affect orcharhino Clients. We will share the exact date with the first orcharhino release in 2026.

Changelog Features

• Content Management: Added safeguards to prevent adding container push repositories to Rolling Content Views.
• Host Provisioning (SLES): Added “disable-firewall” host parameter to AutoYaST orcharhino provisioning template.
• Host Provisioning: Ansible role or_operating_systems can now address multiple organizations and locations at once.
• Host Provisioning: Improved orcharhino-ansible variable documentation to cover Red Hat Enterprise Linux.
• orcharhino Installer: Enable automatic installation of OpenSCAP modules for Ansible and/or Puppet when both are selected. For installing the OpenSCAP plugin after the initial installation, see: https://docs.orcharhino.com/or/docs/sources/guides/managing_security_compliance.html#Installing_the_OpenSCAP_plugin_security-compliance
• orcharhino Installer: Enforce repository GPG check during installation.
• Resource Quota (Tech Preview): Hosts without a dedicated quota use default quota ‘Unassigned’.
• Salt: Automatic use of orcharhino Proxy certificates for communication with orcharhino.
• User Authentication: You can automatically configure orcharhino to use Keycloak version > 17 as authentication backend. See also: https://docs.orcharhino.com/or/docs/sources/guides/configuring_user_authentication.html#configuring-sso-and-2fa-with-keycloak-in-project_keycloak-quarkus

Changelog CVE

• CVE-2025-32873: Denial of service vulnerability in Django
• CVE-2025-46727: Denial of service via oversized HTTP requests in pcs package

Changelog Bugfixes

• Content Management: “apt update” showed warning about missing architecture “all” for some orcharhino repositories.
• Content Management: “File already exists” error when syncing SUSE repositories with duplicate metadata files.
• Content Management: APT repository synchronization failed on package metadata with blank custom fields.
• Content Management: Orphaned repository versions that are still being distributed will no longer cause orphan cleanup to fail.
• Content Management: Restarting systemd-manager on Debian or Ubuntu failed with Error.
• Content Management: The Rolling Content View create API did not handle the repository_ids parameter correctly.
• Host Provisioning: Added a CLI procedure to update the build status for hosts incorrectly displayed as “pending”.
• Host Provisioning: Provisioning templates failed to render on the Host Details page with safe mode error, even when safe mode was disabled.
• Host Provisioning: Use correct GRUB2 loader commands in preseed template for Debian 13 and Ubuntu 24.
• Host Registration: “phased updates” failed to disable on host running Ubuntu during host registration. For more information, see https://docs.orcharhino.com/or/docs/sources/guides/ubuntu/managing_content/managing_errata.html#Disabling_Phased_Updates
• orcharhino Clients (Oracle Linux 9): “dnf update” with redirected output returned exit code 141.
• orcharhino Installer GUI: Unclear error message when uploading wrong certs.
• orcharhino Installer: Incorrect file permissions for the orcharhino subscription key files when using “register_orcharhino.sh” script.
• orcharhino Installer: Sanity check incorrectly prevented continuation of a failed installation with the “install_orcharhino.sh” script.
• orcharhino Proxy on Windows: Fixed dependency issue with the logging library during installation or upgrade.
• orcharhino Upgrade/Installation: OpenSCAP could not be installed or upgraded if the orcharhino Ansible-Plugin was not installed.
• orcharhino Upgrade: HTTP(s) proxy exceptions were overwritten during orcharhino upgrade.
• orcharhino-maintain: Don’t attempt to restart a remote database not managed by orcharhino.
• Resource Quota (Tech Preview): Host registration failed when “resource_quota_optional_assignment” setting was set to “No”.