What a wonderful way for open source developers to go into the holiday season. This gives the "push to prod on Friday" joke a whole new meaning. SEC consult made some sort of excuse for their behaviour of not sharing this earlier but will give a talk on the topic at 37C3 on day one nevertheless.
The current workaround for #postfix is to add
#SMTP smuggling mitigation
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_discard_ehlo_keywords = chunking
to main.cf. See https://www.postfix.org/smtp-smuggling.html for more details.