Jump to main content

Announcing CTRL-OS 26.05: Fast Security Patches and Long-Term Stability

CTRL-OS 26.05 is based on the latest NixOS 26.05 release with five years of support. To simplify the onboarding process, we remain aligned with the NixOS 26.05 release initially, and contribute security patches to the upstream nixpkgs repository. To keep our SLAs, we also add security patches to our open-source GitHub repository to avoid delays in publishing of security fixes. All detected vulnerabilities and their fixes for our base package set are visible through our public security tracker.


CTRL-OS Logo

CTRL-OS 26.05 Released!

Today we announce the availability of CTRL-OS 26.05! CTRL-OS is a downstream distribution of NixOS and Nixpkgs that extends community support and offers 5 years of commercial support. Check out the First Steps and our download page if you want to jump right in!

CTRL-OS 26.05 is based on NixOS and Nixpkgs 26.05. While the upstream release is supported by the community, we contribute our work upstream as much as possible. Once community support ends at the end of 2026, we take full ownership to guarantee a seamless transition where your systems remain secure without any interruption. For details on this model, check out our blog posts about the release methodology.

Meeting SLAs: Lightning-Fast Security Updates

Due to community CI capacity constraints, security fixes may take a few days to make it to the community release branches. Fixes for foundational packages, such as glibc, cause mass rebuilds of almost all packages that the community prefers to batch together with other fixes. While this preserves precious build resources, it creates a delay until the fix arrives in the release branch. For security-sensitive use cases, this creates a window of vulnerability.

With CTRL-OS 26.05, we introduce the ability to ship critical security fixes in 24h while staying close to the upstream releases. This allows us to meet our SLAs with customers.

To offer transparency, our security backports are always visible in our public GitHub repository and our reasoning in the CTRL-OS security tracker.

Branding and Transparency

While we track the upstream branches closely during the Co-Maintenance phase, we may diverge slightly. In case our customers experience issues with CTRL-OS, we do not want the community to bear the burden of support. For that, we will clearly identify a CTRL-OS system, e.g., in commands such as nix-info -m, to avoid any confusion.

Switch to CTRL-OS 26.05 Today

By basing your product on CTRL-OS 26.05 today, you won’t notice when the community support for the underlying upstream releases ends. The CTRL-OS subscription brings you the peace of mind that your essential dependencies are cared for throughout the whole lifecycle of your product.

Check out the First Steps and let us know what you think!