changelogs

Author: AdSchellevis

source/releases/BE_25.10.rst

@@ -159,6 +159,16 @@ Here are the full patch notes:
 * ports: python security fixes `[16] <https://www.cve.org/cverecord?id=CVE-2025-12084>`__  `[17] <https://www.cve.org/cverecord?id=CVE-2025-13836>`__  `[18] <https://www.cve.org/cverecord?id=CVE-2026-1299>`__  `[19] <https://www.cve.org/cverecord?id=CVE-2026-0865>`__ 
 * ports: suricata 8.0.3 `[20] <https://suricata.io/2026/01/13/suricata-8-0-3-and-7-0-14-released/>`__ 
 
+A hotfix release was issued as 25.10.2_3:
+
+* captive portal: fix hard-timeout calculation
+* firmware: avoid update-hook background cleanups
+* mvc: fix CSRF vulnerability in multiple API endpoints by enforcing POST-only requests `[21] <https://www.cve.org/cverecord?id=CVE-2026-30868>`__  (contributed by Oliver Jueguen)
+* src: file: qualify pointers to capsicum rights as const
+* src: file: add a fd flag with O_RESOLVE_BENEATH semantics
+* src: file: Fix the !CAPABILITIES build
+* src: unix: Set O_RESOLVE_BENEATH on fds transferred between jails `[22] <https://www.freebsd.org/security/advisories/FreeBSD-SA-26:04.jail.asc>`__ 
+* src: rtsock: Fix stack overflow `[23] <https://www.freebsd.org/security/advisories/FreeBSD-SA-26:05.route.asc>`__ 
 
 
 --------------------------------------------------------------------------