For a commercial enterprise environment, the recommended position as of March 2026 is not to accelerate a production move from Proxmox VE 8.x / Debian 12 to Proxmox VE 9.1 / Debian 13 unless there is a compelling business or technical driver. The current platform remains supportable, patchable, and materially more stable than the newer stack, and this matters more in enterprise infrastructure than early access to new features.

Debian 12 (Bookworm)

From a security support perspective, Debian 12 (Bookworm) still has substantial life remaining. Debian 12 was released in June 2023, receives standard security support through the normal Debian stable lifecycle, and is expected to remain under Long Term Support until 30 June 2028. In practical terms, this means Debian 12 is still within its supported security window for several more years and does not create an immediate compliance or patching concern. That is an important point: remaining on Debian 12 is not the same as remaining on an obsolete platform.

Proxmox 8

For Proxmox VE 8.x, the position is slightly different because Proxmox does not generally publish a single fixed “end of security support” date for each point release in the same way Debian does. However, Proxmox VE 8.x remains the current mature major branch built on Debian 12 and continues to receive maintenance and security-related updates through the supported 8.x lifecycle. In practice, the usable support runway for Proxmox 8.x is closely tied to the supported life of Debian 12, because, unless you're exposing the proxmox web interface or API's to the public internet (and you really shouldn't) then the risk vector sits firmly with Linux, KVM and QEMU. 

Considerations

The argument against moving immediately to Debian 13 and Proxmox 9.1 is primarily operational rather than theoretical. Newer releases inevitably introduce newer kernels, updated libraries, altered defaults, and changed behaviours across networking, storage, clustering, and management tooling. In enterprise estates, particularly those with mixed hardware generations, clustered hosts, heterogeneous storage, and accumulated configuration drift; these changes tend to surface as upgrade failures, inconsistent node behaviour, package and repository conflicts, live migration issues, backup edge cases, or hardware-specific regressions. Even where the platform is fundamentally sound, the operational cost of being early can be high.

It is also important to state clearly that, if the organisation does decide to adopt Proxmox 9.1, the preferred route should be a fresh build rather than an in-place upgrade. The 8-to-9 Proxmox upgrade path and the Debian 12-to-13 in-line upgrade process are both widely recognised as high-risk in real-world enterprise estates, particularly where clusters contain mixed hardware or where hosts have been in service long enough to accumulate bespoke tuning, legacy repositories, bootloader peculiarities, or storage/network exceptions. These in-place upgrades are frequently fraught with both during-upgrade and post-upgrade issues, and the consequences in a clustered production environment can be disproportionate.

Planning

The cleanest and safest adoption model is to retire Debian 12 on each target node, build fresh on Debian 13 with Proxmox 9.1, and migrate workloads onto the rebuilt hosts in a controlled manner. A fresh installation avoids carrying forward historical drift and reduces the risk of obscure upgrade-induced failures. While this approach is still labour-intensive, it is generally far more predictable than attempting to convert long-lived production nodes in place.

When many nodes are involved, tooling can be built to automate the Cluster dis-join, fresh install of Proxmox from the 9.1 ISO, remove LVM-Thin, Add directory or mounted storage, cluster join,  and migrate workloads - but testing, and more testing is essential, as are robust backups and recovery processes. 

In Summary

The trade-off is therefore clear. Upgrading now is likely to be painful, and in-place upgrading is likely to be more painful still. It will consume engineering time, increase incident probability, and create avoidable instability. By comparison, Debian 12 remains in security support until 30 June 2028, and Proxmox VE 8.x continues to receive ongoing maintenance on a stable and mature platform, making the current estate a lower-risk choice for continued production use. For most commercial enterprise environments, the balance therefore favours staying on Debian 12 / Proxmox 8.x for now, continuing to apply updates only when in-scope, and only planning a move to 9.x once the newer platform has matured further. 

GEN has no current plans to upgrade our 8.x nodes to 9.x for this very reason. We will take a review again Q3 2026.