Complete end-of-life dates, support windows, and security status for all Debian versions. Data sourced from endoflife.date and official vendor documentation. Updated at every deploy.
| Version | Latest Release | Release Date | EOL Date | Days | Status |
|---|---|---|---|---|---|
| 1.1 | 1.1 | Jun 17, 1996 | Dec 12, 1996 | 10740 days past EOL | EOL |
| 1.2 | 1.2 | Dec 12, 1996 | Oct 23, 1997 | 10425 days past EOL | EOL |
| 1.3 | 1.3.1 r.6 | Jul 2, 1997 | Dec 8, 1998 | 10014 days past EOL | EOL |
| 2.0 | 2.0r5 | Jul 24, 1998 | Feb 15, 1999 | 9945 days past EOL | EOL |
| 2.1 | 2.1r5 | Mar 9, 1999 | Sep 30, 2000 | 9352 days past EOL | EOL |
| 2.2 | 2.2r7 | Aug 15, 2000 | Jun 30, 2003 | 8349 days past EOL | EOL |
| 3.0 | 3.0r6 | Jul 19, 2002 | Jun 30, 2006 | 7253 days past EOL | EOL |
| 3.1 | 3.1r8 | Jun 6, 2005 | Mar 31, 2008 | 6613 days past EOL | EOL |
| 4 | 4.0r9 | Apr 8, 2007 | Feb 15, 2010 | 5927 days past EOL | EOL |
| 5 | 5.0.10 | Feb 14, 2009 | Feb 6, 2012 | 5206 days past EOL | EOL |
| 6 | 6.0.10 | Feb 6, 2011 | May 31, 2014 | 4361 days past EOL | EOL |
| 7 | 7.11 | May 4, 2013 | Apr 25, 2016 | 3666 days past EOL | EOL |
| 8 | 8.11 | Apr 25, 2015 | Jun 17, 2018 | 2883 days past EOL | EOL |
| 9 | 9.13 | Jun 17, 2017 | Jul 18, 2020 | 2121 days past EOL | EOL |
| 10 | 10.13 | Jul 6, 2019 | Sep 10, 2022 | 1337 days past EOL | EOL |
| 11 | 11.11 | Aug 14, 2021 | Aug 14, 2024 | 633 days past EOL | EOL |
| 12 | 12.13 | Jun 10, 2023 | Jun 10, 2026 | 32 days remaining | Warning |
| 13 | 13.4 | Aug 9, 2025 | Aug 9, 2028 | 823 days remaining | Active |
When a Debian version reaches end of life, the maintainers stop issuing security patches. Vulnerabilities discovered after this date are publicly disclosed on the National Vulnerability Database, exploit code appears on GitHub, and your systems remain permanently exposed.
The CVE blind spot: Most vulnerability scanners check for known CVEs but do not flag the accumulation of unpatched vulnerabilities in EOL software. With a zero-day, nobody knows about the vulnerability. With EOL software, the vulnerability is public — listed, rated, and often weaponized — but no patch will ever exist. This is the most dangerous gap in enterprise security posture.
Organizations running EOL Debian should treat it as a vulnerability class in their risk register, apply compensating controls (network segmentation, enhanced monitoring, access restriction), and prioritize migration to a supported version.
If you cannot migrate immediately, extended support vendors provide continued security patches for EOL Debian versions. This is a bridge, not a permanent solution — plan your migration in parallel.
Extended Lifecycle Support for Debian beyond official EOL.
Learn More →Upload your dependency file and scan your entire stack for EOL risk in seconds. Free, no account required.
Stack Scanner →