diff --git a/CHANGES.md b/CHANGES.md
index 6ec51a0e1..c9b6cba42 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -10,6 +10,28 @@
   - Windows (x86/amd64): <https://ci.appveyor.com/project/libgit2/libgit2sharp>
   - Linux/Mac OS X: <https://travis-ci.org/libgit2/libgit2sharp>
 
+## v0.25.1 - ([diff](https://github.com/libgit2/libgit2sharp/compare/v0.25..v0.25.1))
+
+This is a security release fixing insufficient validation of submodule
+names (CVE-2018-11235, reported by Etienne Stalmans) and disallows
+`.gitmodules` files as symlinks.  This includes [libgit2
+v0.27.1](https://github.com/libgit2/libgit2/releases/tag/v0.27.1),
+whose release notes follow.
+
+While submodule names come from the untrusted `.gitmodules` file, we
+blindly append the name to `$GIT_DIR/modules` to construct the final
+path of the submodule repository. In case the name contains e.g. `../`,
+an adversary would be able to escape your repository and write data at
+arbitrary paths. In accordance with git, we now enforce some rules for
+submodule names which will cause libgit2 to ignore these malicious names.
+
+Adding a symlink as .gitmodules into the index from the workdir or
+checking out such files is not allowed as this can make a Git
+implementation write outside of the repository and bypass the fsck
+checks for CVE-2018-11235.
+
+libgit2 (and LibGit2Sharp) is not susceptible to CVE-2018-11233.
+
 ## v0.25 - ([diff](https://github.com/libgit2/libgit2sharp/compare/v0.24..v0.25))
 
 LibGit2Sharp is now .NET Core 2.0+ and .NET Framework compatible.
diff --git a/LibGit2Sharp/LibGit2Sharp.csproj b/LibGit2Sharp/LibGit2Sharp.csproj
index fc15f0e2f..6e966a5c9 100644
--- a/LibGit2Sharp/LibGit2Sharp.csproj
+++ b/LibGit2Sharp/LibGit2Sharp.csproj
@@ -32,7 +32,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="LibGit2Sharp.NativeBinaries" Version="[1.0.210]" PrivateAssets="none" />
+    <PackageReference Include="LibGit2Sharp.NativeBinaries" Version="[1.0.217]" PrivateAssets="none" />
     <PackageReference Include="Nerdbank.GitVersioning" Version="2.1.23" PrivateAssets="all" />
     <PackageReference Include="SourceLink.Create.GitHub" Version="2.8.0" PrivateAssets="all" />
     <DotNetCliToolReference Include="dotnet-sourcelink-git" Version="2.8.0" />

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/libgit2/libgit2sharp/pull/1577.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/libgit2/libgit2sharp/pull/1577.diff" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/libgit2/libgit2sharp/pull/1577.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/libgit2/libgit2sharp/pull/1577.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>