EOL Watch

Debian 12 is EOL as of today.
Here's your actual situation.

Published 2026-07-11 · 5 min read · endoflife.ai Research

Today — July 11, 2026 — Debian 12 "Bookworm" reaches the end of its regular security support. The Debian security team has shipped its final advisories for Bookworm; from today, responsibility shifts, coverage narrows, and the clock that matters to your compliance auditor has formally run out. If you run Debian 12 in production, here is precisely what changed overnight, what didn't, and the three paths forward.

What actually stops today

Debian's model gives each release roughly three years of full support from the security team. Bookworm shipped on June 10, 2023, and that window closes today. Specifically:

What doesn't stop (and where the trap hides)

Debian is gentler than most: Bookworm now enters Debian LTS, where a separate volunteer/funded team continues security fixes until roughly June 2028 — but only for a subset of architectures and packages. The trap is in that subset: LTS coverage is narrower than full support, exclusions are published package-by-package, and if something you depend on falls outside it, you're unpatched without noticing. Treat LTS as a managed bridge, not a continuation of the status quo — and verify your critical packages are actually covered.

The double deadline
If you're still on Debian 11 "Bullseye," its LTS window closes on August 31, 2026 — seven weeks from now. Organizations that deferred the 11→12 upgrade are about to be two releases behind with no free support at all. That migration is now urgent, not deferred.

Your three paths, honestly ranked

1. Upgrade to Debian 13 "Trixie" (the default answer). Trixie shipped August 9, 2025 — it's had nearly a year of stabilization, and the in-place apt upgrade path from 12 is well-documented and generally uneventful for standard workloads. It resets your clock for years. Most teams should simply schedule this.

2. Ride Debian LTS deliberately. Legitimate when you have Bookworm-pinned dependencies that can't move yet — but do it as a decision, not a drift: confirm your architecture and critical packages are in LTS coverage, put the June 2028 end date in your roadmap, and document the residual risk.

3. Commercial extended support. If you're stuck on 12 (or still on 11) with compliance requirements the community LTS subset can't satisfy, commercial vendors provide fuller extended coverage. Tell us what you're running and we'll match you with a vetted provider — free, within one business day.

The wider week this lands in

Bookworm's EOL headlines an unusually brutal stretch of the EOL calendar: June 30 alone retired Spring Boot 3.5, Spring Framework 6.2, Amazon Linux 2, Kubernetes 1.33's upstream line, and MariaDB 10.6 followed on July 6. Next Tuesday, SharePoint 2016 and 2019 both exit support on the same day. If your patch dashboard looks quiet this month, it isn't because nothing happened.

Check any product's real status in seconds with the EOL Checker — it regenerates from live lifecycle data at every build — or see the full Debian release timeline for every version's dates. And if today's news is your problem: the complete Debian 12 action guide covers upgrade paths and pitfalls in depth.

The Monthly EOL Digest™

Once a month — critical end-of-life dates, CVE blind spots, and lifecycle changes worth knowing about.

✓ You're on the list.