enterprise license

[Felipe Aleixo]

Hello everyone,

I work for a company that has several Proxmox servers installed.

However, the company does not want to purchase the enterprise license, and another technician wants to perform Proxmox updates using the no-subscription repository instead.

I recommended buying the official license, but there is always someone who wants to go against that recommendation.

My main question is: is updating Proxmox through the no-subscription repository considered safe for production environments? Could this approach cause problems or instability in the future?

I would appreciate hearing from people with real experience using this method in production environments.

 

[leesteken]

It's not a license (which is a legally very different thing) but a (support) subscription. The no-subscription repository is a little less time-tested and gets features and bugfixes sooner and more often. If there is a problem then it's usually fixed quickly compared to being on the enterprise repository. It's what most people run at home, which they call "production" as it runs their "critical" infrastructure like home automation and network routing. I use no-subscription mostly but did get a subscription to support Proxmox.

 

[UdoB]

is updating Proxmox through the no-subscription repository considered safe for production environments?

As so often: it depends.

If I run a company and I my services infrastructure is used in my office to make money and I want that to be possible with ~99.9 percent reliability (that's one workday per year) then I use the better tested subscription repository.

For my homelab that is not the case...

 

[Neobin]

is updating Proxmox through the no-subscription repository considered safe for production environments?

If your company wants to be a release candidate tester for the enterprise repository users and is fine with services being down when a "problematic" package, despite alpha (internal) and beta (test repository) testing (which can be assumed, is a relatively small audience), made its way into the no-subscription repository...

 

[d.oishi]

I also agree with what others have already said about the benefits of a subscription.
I would like to add one practical example that may help persuade people who are opposed to purchasing a subscription.

Recently, there was the following vulnerability/security advisory.

Post in thread 'Proxmox Virtual Environment - Security Advisories'

Apr 30, 2026

Subject: PSA-2026-00018-1: "copy.fail" local privilege escalation via AF_ALG socket​

Advisory date: 2026-04-30

Packages: proxmox-kernel-6.8, proxmox-kernel-6.14, proxmox-kernel-6.17

Details:

An issue published under the name "copy.fail" was found in the Linux kernel's handling of AF_ALG socket messages. An unprivileged local user could abuse this issue to write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root and potentially escape sandboxing mechanisms such as containers.

Mitigations:

Fixed kernel...

• ProxmoxSecurityAdvisory

At the time this security advisory was published, the no-subscription repository already contained the proxmox-kernel-7.0.0-*-pve kernel.
When users updated their systems to address this security advisory, those using the no-subscription repository could end up being moved to proxmox-kernel-7.0.0-*-pve as part of that process.
You can pin the kernel with `proxmox-boot-tool`, but that assumes a certain level of engineering knowledge, and there is also the risk that people forget they pinned the kernel and continue using it that way for too long.

By contrast, the enterprise repository provided the vulnerability-fixed proxmox-kernel-6.17.13-*-pve kernel without bringing in proxmox-kernel-7.0.0-*-pve, so the impact was minimal and it was possible to respond quickly.

That alone is already a meaningful advantage of the enterprise repository.
In addition, with the Basic plan or above, you can also receive ticket-based support.