=?iso-8859-1?Q?Potvin=2C_J=E9r=E9mi?= <Jeremi(dot)Potvin(at)cra-arc(dot)gc(dot)ca> writes:
> I would like to know what's the best way to track PostgreSQL security patches / CVE notifications.
> Should I subscribe to any particular mailing list(s)? RSS feed(s)?
pgsql-announce is what to read for release notices.
> I just want to make sure I get notified as soon as possible whenever a security vulnerability is identified with PostgreSQL.
Our release notices generally mention any new CVEs fixed in a release set.
For historical data see
https://www.postgresql.org/support/security/
regards, tom lane