blog: link to post about stack limits in security release post

Author: joyeecheung

apps/site/pages/en/blog/vulnerability/december-2025-security-releases.md

@@ -80,6 +80,14 @@ Instead of reaching `process.on('uncaughtException')`, the process terminates, m
 Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become
 vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.
 
+This patch improves recoverability in one edge case, but it does not remove the broader risk.
+Recovery from space exhaustion is unspecified, best‑effort behavior and is not a reliable basis for
+availability or security. In availability‑critical paths where recursion depth may be influenced
+by untrusted input, prefer input validation and designs that bound or avoid recursion rather than
+depending on stack space exhaustion behavior or the lack of tail‑call optimizations in
+the runtime/engine. See [this blog post](/blog/vulnerability/january-2026-dos-mitigation-async-hooks)
+for details.
+
 Impact:
 
 - This vulnerability affects all users in active release lines: 20.x, 22.x, 24.x, 25.x