From 67f122c25a78d198fe06641e054b3f8447bb1b5b Mon Sep 17 00:00:00 2001
From: Rod Vagg <rod@vagg.org>
Date: Sun, 31 Jan 2016 21:36:17 +1100
Subject: [PATCH] schedule update to security release

---
 .../openssl-and-low-severity-fixes-jan-2016.md      | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/locale/en/blog/vulnerability/openssl-and-low-severity-fixes-jan-2016.md b/locale/en/blog/vulnerability/openssl-and-low-severity-fixes-jan-2016.md
index 877a2cabb11ea..44055a8d6a947 100644
--- a/locale/en/blog/vulnerability/openssl-and-low-severity-fixes-jan-2016.md
+++ b/locale/en/blog/vulnerability/openssl-and-low-severity-fixes-jan-2016.md
@@ -7,7 +7,7 @@ layout: blog-post.hbs
 author: Rod Vagg
 ---
 
-***(An update to this post is included below)***
+***(Updates to this post, including a schedule change are included below)***
 
 ### Summary
 
@@ -97,3 +97,14 @@ Node.js v4 and v5 do not support SSLv2.
 Previous releases of OpenSSL (since Node.js v0.10.39, v0.12.5, v4.0.0 and v5.0.0) mitigated against [Logjam](https://en.wikipedia.org/wiki/Logjam_%28computer_security%29) for TLS _clients_ by rejecting connections from servers where Diffie-Hellman parameters were shorter than 768-bits.
 
 The new OpenSSL release, for all Node.js lines, increases this to 1024-bits. The change only impacts TLS clients connecting to servers with weak DH parameter lengths.
+
+## _(Update 30-Jan-3016)_ Release postponement
+
+The announced security releases will not go ahead for the 1st of February as previously announced. Instead, our new target for release will be on or shortly after **Tuesday, the 9th of February, 11pm UTC** _(Tuesday, the 9th of February, 3pm Pacific Time)_.
+
+The planned fixes include a backward-incompatible change that, under normal circumstances, would be deferred until the next major-version of Node.js, v6. However, because the fix addresses a security concern that exists across all release lines (including our LTS lines: v4, v0.12 and v0.10) we require the additional time to further review the changes and consider how best to achieve minimal impact to users.
+
+We apologise for any inconvenience this schedule change may cause.
+
+Please tune in to **nodejs-sec** (https://groups.google.com/forum/#!topic/nodejs-sec) to be notified of any further updates.
+