Debian 10989 Published by

Debian GNU/Linux 12.15 hit the archives today as Bookworm's final point release. The core Debian Security Team stops maintaining this version immediately, pushing the distribution straight into Long Term Support managed by the community and Freexian. This last major update ships over 60 critical patches, fixing expired Secure Boot certificates that could brick UEFI systems and closing vulnerabilities across the Linux kernel and common web services. New deployments should jump to Debian 13 Trixie now, while LTS users still have roughly two years of updates before paid extended support takes over.





Debian 12.15 Released as Bookworm's Final Point Update

The latest release marks the end of full Debian Security Team support for version 12, shifting the distribution to Long Term Support status.

Debian 12.15 is out. If you're watching release dates, today, July 11, 2026, is the critical line. This fifteenth point release of Debian 12 "Bookworm" is also the final one from the core development team.

With 12.15 hitting the archives, Bookworm has officially crossed over to Long Term Support (LTS). The Debian Security Team stops maintaining this release today. From here on, security patches come from the Debian LTS team, which relies on funding from Freexian.

Debian_12

The LTS Transition

LTS support runs until June 30, 2028. That gives you roughly two years of updates. After that, paid Extended LTS (ELTS) kicks in, covering systems until June 30, 2033.

Keep in mind the catch. LTS coverage is narrower. The list of supported architectures shrinks significantly during this phase. If you're running a niche platform, you might already be out of LTS luck.

For fresh installs or upgrades, Debian 13 "Trixie" is the current stable release. It's currently at 13.5. Trixie gets full support, wider architecture coverage, and newer software. Sticking with Bookworm past this point is fine for low-priority servers that won't touch the network, but it's not a long-term strategy for anything mission-critical.

12.15 Highlights

The update itself ships over 60 security advisories. You can expect patches for Chromium, the Linux kernel, Nginx, Firefox ESR, and Thunderbird.

There's a specific issue to check if you use Secure Boot. fwupd updated to version 2.0.20, adding the ability to refresh Secure Boot CA and KEK databases. The 2013 UEFI Secure Boot CA has expired. Without these updates, your system could fail to boot after future shim-signed updates. OEMs usually pushed these updates years ago, but cloud instances or older hardware might still be at risk. Apply the fwupd fix.

On the packaging front, GeoIP databases reverted to a DFSG-compatible version from around December 2019. Newer GeoLite versions broke the license rules, so Debian had to pull the plug. Consumers needing recent data should get a GeoLite license directly.

smb4k is also gone. The package was removed because the project couldn't continue security support.

Bookworm had its share of shifts during the three-year lifecycle. It introduced the non-free-firmware archive category, allowing install images to include proprietary firmware for hardware drivers. It enforced the merged /usr filesystem layout, ending the /bin vs /usr/bin split. And it shipped with GNOME 43 as the default desktop, though KDE Plasma, Xfce, MATE, LXQt, and LXDE were all available.

The release covered nine architectures: amd64, i386, arm64, armel, armhf, mipsel, mips64el, ppc64el, and s390x. 32-bit PC support raised the bar here; the minimum processor requirement for i386 moved from i586 up to i686.

Debian 14 "Forky" is currently testing. Debian 15 "Duke" has been announced for the future. The cycle continues.

Update your systems or migrate to Trixie. Head to the Debian website for download links and full release notes.