With the release on November 19, 2025, Proxmox VE 9.1 marks an important platform update, bringing significant improvements to containers, VM security, and software-defined networking — features that make it appealing to both enterprise environments and advanced homelabs. Let’s take a look at the most relevant new features and what to keep an eye on.
OCI-based LXC containers: moving closer to modern container workflows
The main highlight is the ability to create LXC containers from OCI images — now a widely adopted standard in the container ecosystem. You can download images from registries or upload them manually and use them as templates for:
- System containers — containers with a full Linux distribution, similar to the “classic” ones
- Application containers — lightweight containers designed for microservices or single applications, with a reduced footprint and more efficient resource consumption
This brings Proxmox closer to “DevOps / container-native” workflows without requiring an external orchestration layer. For those already using OCI pipelines (Docker Hub, private registries, CI/CD), this can be an effective turning point.
This does not mean Proxmox now includes a native Docker runtime or container orchestration such as Docker Engine / containerd / Kubernetes. As experts have explained, this feature simply allows using OCI images as a base for LXC containers.
If you need the flexibility offered by Docker + docker-compose + the full container ecosystem, Proxmox is not yet a complete replacement.
In practice: excellent for “static” containers based on prepared images; less suitable for dynamic setups with orchestration, advanced container networking, overlays, bind volumes, complex dependency graphs, etc.
In short: 9.1 takes a step toward the modern container world — but it is a first step, not a full “container platform”.
vTPM in qcow2 & secure snapshots for VMs with TPM
A key upgrade for those managing enterprise workloads: the vTPM (virtual Trusted Platform Module) state can now be stored in qcow2 format. This enables full VM snapshots — TPM included — on NFS/CIFS storage, and offline snapshots on LVM with volume-chaining.
This brings major convenience for Windows environments (BitLocker, Secure Boot, VBS, etc.) or any workload requiring vTPM: backups, migrations, and rollbacks become practical without breaking the trust chain. For many administrators, this is a long-awaited enhancement.
Nested virtualization with fine-grained control
If you use test environments, labs, nested hypervisors, or VMs requiring Virtualization-based Security (e.g., Windows with VBS), version 9.1 introduces a new vCPU flag that allows enabling only the required virtualization extensions — without exposing the host’s entire CPU feature set.
This provides better granularity, reduces unnecessary overhead, and ensures more predictable behavior in clusters with mixed CPU types.
SDN networking improvements: better visibility and debugging
The SDN subsystem receives an important upgrade to its interface and monitoring features:
- The GUI now displays all VMs/containers connected to bridges or VNets.
- In EVPN configurations, learned IP and MAC addresses are shown.
- “Fabric” zones are now integrated into the resource tree, showing routes, neighbors, interfaces, IP-VRF, and MAC-VRF.
For complex environments — multi-tenant clusters, overlays, advanced virtual networks — increased visibility can significantly reduce CLI dependency and simplify debugging and management.
Updated base system and revised core components
- Based on Debian 13.2 “Trixie” + Linux kernel 6.17.x (modified).
- Core components such as QEMU, LXC, ZFS, and Ceph (“Squid”) upgraded to the latest stable releases, improving stability, compatibility, and storage/VM functionality.
Availability & Upgrade
- ISO installer 9.1-1 available (about 1.83 GB) since November 19, 2025.
- Upgrade supported via APT from previous versions or installation on existing Debian systems.
🎯 Conclusions: what I like and what to monitor
✅ Strengths
- OCI image compatibility is an excellent move: for those using container pipelines and wanting to deploy services without external orchestrators, it provides a solid middle ground between containers and VMs.
- vTPM support + qcow2 snapshots is a major feature for Windows or sensitive workloads: it improves manageability, backup workflows, and secure migrations.
- Nested virtualization controls and enhanced SDN increase flexibility and precision: ideal for complex labs, testing, multi-host clusters, and advanced virtual networks.
- Updated core components and a modern base ensure long-term support and wider hardware compatibility.
⚠️ Critical notes / things to watch
- OCI integration does not mean Proxmox is now a Docker-native environment: it lacks a full container runtime, orchestration, and advanced volume/network/dependency management. For many Docker-centric workloads, it may not be sufficient.
- As a “first iteration” of this feature, real-world limitations or incompatibilities may appear, especially in scenarios expecting the typical “fluidity” of container engines — thorough testing is recommended.
- For advanced SDN/cluster/VM setups, as always, backup and test plans are advised before upgrading.
Source Material
- Official Press Release – Proxmox VE 9.1
- Feature Overview – StorageReview
- What’s New in Proxmox VE 9.1 – VirtualizationHowto
- Core Components & Kernel Update Coverage – Linuxiac
- ISO Installer Download – Proxmox VE 9.1-1