The initial report was made publicly, including a proof of concept exploit, and is currently viewable via google cache.
The censored issue report is referenced with a metasploit pull request containing code that can be used to exploit.
Given this, I'd say sooner is better than later.
It would be prudent to mention making your load balancer limit the number of requests than can be pipelined down a single connection should resolve any issue.
The metasploit exploit was possible only thanks to the release (see the tweets of metasploit maintainer @hdmoore), IMO they could have waited until Monday morning to release it.
Given this, I'd say sooner is better than later.
It would be prudent to mention making your load balancer limit the number of requests than can be pipelined down a single connection should resolve any issue.