Debian 12 — Deadline Alert

Debian 12 Is Now EOL —
support ended June 10, 2026. What to do today

Published May 23, 2026 · endoflife.ai · 7 min read · Operating System
0
Debian 12 regular security support has ended — June 10, 2026 The Debian Security Team has stopped issuing patches. Here is exactly what changed, who is at risk, and what to do now.

Debian 12 "Bookworm" was released on June 10, 2023 — exactly three years before its regular support ends. On June 10, 2026, the Debian Security Team stops issuing patches. This does not mean Debian 12 immediately becomes unsupported — it transitions to LTS — but the team, the pace, and the scope of security coverage all change. Understanding that difference is what determines your actual risk.

What Actually Changes on June 10

Most coverage of Debian EOL stops at the date. Here is what the transition means operationally.

What stops

The Debian Security Team — responsible for the official security.debian.org repository — stops issuing patches for Debian 12. This team responds to CVEs within days and covers the full package archive. It is the source of every security update prompt you see when running apt upgrade.

What continues (LTS)

A separate Debian LTS Team — volunteers and Freexian-sponsored contributors — takes over. They maintain approximately 230 of the most critical packages and issue patches on a best-effort basis. Response time is slower and scope is narrower.

LTS is not full support Packages outside the LTS scope receive no security updates after June 10. Before treating LTS as sufficient coverage for your environment, verify your specific packages are actively maintained. Check the Debian LTS tracker at tracker.debian.org for confirmation.

The Exact Dates, Stated Plainly

Phase 1 · Jun 2023 – Jun 10, 2026
Regular support
Full patches from the Debian Security Team. Broadest coverage. Ends June 10, 2026.
Phase 2 · Jun 10, 2026 – Jun 30, 2028
LTS support
~230 packages covered by Debian LTS Team volunteers. Narrower scope, slower cadence. Free.
Phase 3 · 2028 – Jun 2033
ELTS (paid)
Commercial via Freexian. Sponsored packages only. No kernel support.
Version Regular EOL LTS EOL Status
Debian 10 (Buster) Aug 2022 Jun 30, 2024 Fully EOL
Debian 11 (Bullseye) Aug 14, 2024 Jun 30, 2026 LTS ending Jun 30
Debian 12 (Bookworm) Jun 10, 2026 Jun 30, 2028 EOL
Debian 13 (Trixie) Aug 2028 Jun 2030 Current stable
The compound June 2026 timing Debian 11 LTS ends June 30 and Debian 12 regular support ends June 10 — both transitions in the same 20-day window. If you are running both versions across your infrastructure, you are facing a double migration deadline in June 2026.

Who Is Most at Risk

Docker and Container Images

debian:12 and debian:bookworm are among the most widely used Docker base images in production. If your Dockerfile contains either of these, every container you build after June 10 will have an EOL OS layer — one that will never receive another Debian Security Team patch, regardless of how current your application code is.

The fix is one line Replace FROM debian:12 with FROM debian:13 (or FROM debian:trixie). Rebuild and run your test suite. For most application containers this is a drop-in change. Verify that any version-specific package names in your RUN apt-get install lines are available in Debian 13.

Also check images that derive from Debian 12 indirectly. Official application images for Python, Node.js, PHP, and Ruby use Debian as their default base. If you are using non-alpine tags (e.g. python:3.12 rather than python:3.12-alpine), confirm which Debian version that image currently builds on — and whether the maintainer has updated it to Debian 13.

Compliance Implications

If your systems operate under a compliance framework, the June 10 transition needs to be documented in your risk register before it happens — not discovered in an audit finding.

The Upgrade Path to Debian 13

Debian 13 "Trixie" became the current stable release in August 2025. Regular support runs through August 2028. If you can upgrade, this is your target.

Debian 11 (Bullseye) LTS ends Jun 30, 2026
Debian 12 (Bookworm) Regular EOL Jun 10, 2026
Debian 13 (Trixie) Current stable · Supported to 2028+

If You Cannot Upgrade by June 10

Option 1 — Debian LTS (free, automatic)

Debian LTS activates automatically after June 10 with no configuration change required. Your existing security.debian.org repository continues serving LTS patches for ~230 covered packages. For standard server stacks — kernel, glibc, OpenSSL, Apache, nginx, PHP, Python — LTS coverage is typically adequate as a 3–6 month bridge while you plan the Debian 13 upgrade.

What you must do: verify your critical packages are in scope, document the transition in your risk register, and set a hard target date for the Debian 13 upgrade. Do not treat LTS as a permanent operating state.

Option 2 — Commercial extended lifecycle support

For organizations that cannot upgrade within a short window and need broader, guaranteed patch coverage with defined SLAs and compliance documentation, commercial extended lifecycle support is available. Providers offer extended security patching for Debian with wider package coverage than community LTS, CVE response SLAs, and the documentation that compliance auditors require.

Your Action Checklist Before June 10

Frequently Asked Questions

What happens to Debian 12 on June 10, 2026?

The Debian Security Team stops issuing security patches for Debian 12. Debian 12 transitions to LTS support, maintained by the Debian LTS team with coverage for approximately 230 packages until June 2028. The security.debian.org repository continues serving patches, but from the LTS team rather than the Debian Security Team.

Do I need to upgrade from Debian 12 before June 10?

If you can upgrade to Debian 13 before June 10, you should. If a full upgrade is not feasible in time, Debian 12 LTS is a viable short-term bridge — but verify your critical packages are covered and document the transition for compliance purposes. Do not treat LTS as a permanent solution.

Does Debian 12 get security updates after June 10?

Yes, for packages in the Debian LTS scope — approximately 230 packages — until June 2028. Packages outside that scope receive no further security updates after June 10.

What should I do with Docker images using debian:12?

Update your Dockerfile base image to FROM debian:13 or FROM debian:trixie. Rebuild and run your test suite. For most standard applications this is low-friction. Every container built on debian:12 after June 10 has an OS layer that will never receive another Debian Security Team patch.

Is Debian LTS acceptable for compliance frameworks?

It depends on the framework and your auditor. Debian LTS is a community effort, not a vendor-backed contract. Some auditors accept it as a documented compensating control; others require a vendor SLA. Clarify with your QSA or compliance lead before June 10, not after an audit finding.

Check your full stack for EOL exposure

Debian 12 is one of several deadlines landing in June 2026. Kubernetes 1.32, MariaDB 10.6, and Debian 11 LTS all expire in the same 60-day window. Run your full stack through the EOL checker.

Scan your stack Check a version Full Debian EOL guide

The Monthly EOL Digest™

Once a month — critical end-of-life dates, CVE blind spots, and lifecycle changes worth knowing about.

✓ You're on the list.