doc: releases: add release notes for Mbed TLS update

Add release notes regarding the Mbed TLS 3.6.3 update.

Signed-off-by: Tomi Fontanilles <[email protected]>

Author: tomi-font

doc/releases/release-notes-4.2.rst

@@ -40,8 +40,14 @@ The following sections provide detailed lists of changes by component.
 
 Security Vulnerability Related
 ******************************
+
 The following CVEs are addressed by this release:
 
+* :cve:`2025-27809` `TLS clients may unwittingly skip server authentication
+  <https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/>`_
+* :cve:`2025-27810` `Potential authentication bypass in TLS handshake
+  <https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/>`_
+
 More detailed information can be found in:
 https://docs.zephyrproject.org/latest/security/vulnerabilities.html
 
@@ -383,3 +389,6 @@ Other notable changes
 * Removed support for Nucleo WBA52CG board (``nucleo_wba52cg``) since it is NRND (Not Recommended
   for New Design) and it is not supported anymore in the STM32CubeWBA from version 1.1.0 (July 2023).
   The migration to :zephyr:board:`nucleo_wba55cg` (``nucleo_wba55cg``) is recommended instead.
+
+* Updated Mbed TLS to version 3.6.3 (from 3.6.2). The release notes can be found at:
+  https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3