From a371141ee17d8d6cb248bf9d636308c59ad43ce6 Mon Sep 17 00:00:00 2001
From: Joyee Cheung <joyeec9h3@gmail.com>
Date: Wed, 14 Jan 2026 15:32:27 +0100
Subject: [PATCH] blog: link to post about stack limits in security release
 post (#8546)

---
 .../blog/vulnerability/december-2025-security-releases.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/apps/site/pages/en/blog/vulnerability/december-2025-security-releases.md b/apps/site/pages/en/blog/vulnerability/december-2025-security-releases.md
index 5179751845546..6a36f702473d4 100644
--- a/apps/site/pages/en/blog/vulnerability/december-2025-security-releases.md
+++ b/apps/site/pages/en/blog/vulnerability/december-2025-security-releases.md
@@ -80,6 +80,14 @@ Instead of reaching `process.on('uncaughtException')`, the process terminates, m
 Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become
 vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.
 
+This patch improves recoverability in one edge case, but it does not remove the broader risk.
+Recovery from space exhaustion is unspecified, best‑effort behavior and is not a reliable basis for
+availability or security. In availability‑critical paths where recursion depth may be influenced
+by untrusted input, prefer input validation and designs that bound or avoid recursion rather than
+depending on stack space exhaustion behavior or the lack of tail‑call optimizations in
+the runtime/engine. See [this blog post](/blog/vulnerability/january-2026-dos-mitigation-async-hooks)
+for details.
+
 Impact:
 
 - This vulnerability affects all users in active release lines: 20.x, 22.x, 24.x, 25.x