Yesterday, I became aware of this email to the PostgresSQL-hackers email list. The email states that there is a very serious security release coming up next week — so bad that they’re taking extra precautions.
Here’s my summary of the email:
The core committee has decided that one of the security issues due to be fixed next week is sufficiently bad that we need to take extra measures to prevent it from becoming public before packages containing the fix are available.
What we intend to do is shut off updates from the master git repo to the anonymous-git mirror, and to github, from Monday afternoon until Thursday morning.
We do not intend to start doing this as a routine thing, and apologize in advance for any disruption.
Every project has security flaws, and it’s great to see the Postgres team take this so seriously. If your team relies heavily on Postgres, consider scheduling a maintenance window sometime shortly after the patch is due to be released, so that you can get your servers fixed up. This one looks to be anomalously big.
Have comments? Send a tweet to @TheChangelog on Twitter.
Subscribe to The Changelog Weekly – our weekly email covering everything that hits our open source radar.