The PostgreSQL Global Development Group is planning for an out-of-cycle release on February 20, 2025 to address a regression that was released as part of the February 13, 2025 update release, which included release 17.3, 16.7, 15.11, 14.16, and 13.19. As part of this release, we will issue fixes for all supported versions (17.4, 16.8, 15.12, 14.17, 13.20). While these fixes may not impact all PostgreSQL users, PostgreSQL Global Development Group determined that it would be better to address these sooner than the next scheduled release on May 8, 2025.
The fix for CVE-2025-1094, which closed a vulnerability in the libpq PostgreSQL client library, introduced a regression related to string handling for non-null terminated strings. The error would be visible based on how a PostgreSQL client implemented this behavior, and may not impact all PostgreSQL drivers. As a precaution, the PostgreSQL Global Development Group opted for a follow up release.
If you are impacted by this issue, we advise to consider waiting for the availability of 17.4, 16.8, 15.12, 14.17, and 13.20 before upgrading.