keras EOL

Metadata

package: keras
releases: bullseye
https://deb.freexian.com/extended-lts/tracker/source-package/keras

Current State

Dropped since bookworm #1085462
Not maintained in Debian; RFQ but no ITP
Maintained upstream https://github.com/keras-team/keras/ https://keras.io/
Open security issues

Obstacles Preventing Continued Support

Security issues fixes rely on "safe_mode" introduced in 2.12 (bullseye ships 2.3), and mostly fix bypassing said safe_mode; bullseye version can only be used to load trusted models as there's no mechanism to prevent arbitrary code execution; e.g. CVE-2025-9905, CVE-2025-12058, CVE-2025-49655

Alternative Courses of Action

EOL package
limited-support for package
introduce new upstream release in unstable and bullseye

Potential Impacts

Impacts of taking no action

<ignored> security issues

Impacts of full EOL

Other (current "minor") security issues will remain unfixed

Impacts of alternative course(s) of action

limited-support: no impact, user will need to keep only loading trusted models (but this will be referenced in d-s-s)
new upstream packaging: high maintenance cost, no sponsors

Additional impacts

No reverse dependencies, 3 reverse Recommends

Edited Nov 12, 2025 by Sylvain Beucler