Debian Bullseye support removed in patch release

[zbigniew-malcherczyk-tg]

The Debian Bullseye release is currently in LTS until 2026-08-31, which means it still has about a year of official support left.

https://www.debian.org/releases/

The concern is that support for Bullseye was removed in a patch release (from 8.4.11 to 8.4.12) (#1596). This creates the following issues:

Blocked patch updates

Users running on Bullseye are now unable to upgrade to newer patch versions, even though the distribution itself is still officially supported. This limits the community’s ability to stay on track with security and bugfix releases.

Security implications

Being forced to stay on 8.4.11 instead of updating to later patch versions increases risk, as important fixes are missed.

OpenSSL 3 performance degradation

Bullseye’s OpenSSL 1.1.1 generally offers better performance compared to OpenSSL 3. Removing Bullseye support effectively forces users into a version with significant performance regressions.

Would it be possible to reconsider the removal of Debian Bullseye support, at least until its LTS officially ends in 2026? Keeping support until then would allow the community to apply patch updates without being blocked, while also maintaining security and performance stability.

Related Issues

• OpenSSLv3 - loading certificates is much slower than previous versions openssl/openssl#16871

[tianon]

Unfortunately, we only have the capacity to support two versions of each distribution we support, so with the release of Debian Trixie, that meant that Bullseye is no longer supported.

See #1538 (comment) for a recent place I've laid out the math our support matrix and why we have to keep some reasonable limits on it.

For the most part, our existing Dockerfiles for Bookworm will probably still support Bullseye for anyone who wants to build their own images (using --build-context debian:bookworm-slim=docker-image://debian:bullseye-slim, for example).

[zbigniew-malcherczyk-tg]

I understand that supporting older versions requires extra effort and that the compatibility matrix can become quite heavy. I appreciate the work and love you folks are putting in supporting these images. However, I believe that any deprecation or removal should be properly announced and executed. For example, if Bullseye will no longer be supported starting with PHP 8.5 and onwards, this should be clearly communicated in advance. Removing it ad hoc only creates, at best, unnecessary inconvenience.