Add v25.0 release notes

docs/changes.md

@@ -1,5 +1,23 @@
 # Magisk Changelog
 
+### v25.0
+
+- [MagiskInit] Update 2SI implementation, significantly increase device compatibility (e.g. Sony Xperia devices)
+- [MagiskInit] Introduce new `sepolicy` injection mechanism
+- [MagiskInit] Support Oculus Go
+- [MagiskInit] Support Android 13 GKIs (Pixel 6)
+- [MagiskBoot] Fix vbmeta extraction implementation
+- [App] Fix stub app on older Android versions
+- [App] [MagiskSU] Properly support apps using `sharedUserId`
+- [MagiskSU] Fix a possible crash in `magiskd`
+- [MagiskSU] Prune unused UIDs as soon as `system_server` restarts to prevent UID reuse attacks
+- [MagiskSU] Verify and enforce the installed Magisk app's certificate to match the distributor's signature
+- [MagiskSU] [Zygisk] Proper package management and detection
+- [Zygisk] Fix function hooking on devices running Android 12 with old kernels
+- [Zygisk] Fix Zygisk's self code unloading implementation
+- [DenyList] Fix DenyList on shared UID apps
+- [BusyBox] Add workaround for devices running old kernels
+
 ### v24.3
 
 - [General] Stop using `getrandom` syscall

docs/releases/25000.md

@@ -0,0 +1,23 @@
+## 2022.6.7 Magisk v25.0
+
+Another major release! A lot of the changes aren't visible at the surface, but v25 is actually a really substantial upgrade!
+
+### MagiskInit Rewrite
+
+A significant portion of `magiskinit` (the critical software that runs before your device boots up) is completely rewritten from scratch. Ever since Android introduced [Project Treble](https://android-developers.googleblog.com/2017/05/here-comes-treble-modular-base-for.html) in Android 8.0, Magisk has been constantly fighting against the increasingly complex partitioning and early mount setups of all kinds of devices, sometimes with weird OEM specific implementations. It got to a point that `magiskinit` had become so complicated that few people (including myself!) were aware of every detail, and maintaining this piece of software like this was clearly not sustainable. After many months of planning (yes, this whole re-architecture has been in my head for a long time) and some help from external contributors, a whole new `sepolicy` injection mechanism is introduced into Magisk, solving the "SELinux Problem" once and for all.
+
+Since this is a full paradigm shift on how Magisk hot-patch the device at boot, several behaviors that many developers implicitly relied on might not exist. For example, Magisk no longer patches fstabs in most scenarios, which means AVB will remain intact; some custom kernels rely on AVB being stripped out for them by Magisk.
+
+### MagiskSU Security Enhancements
+
+The superuser functionality of Magisk has not seen much changes ever since its introduction. v25 focuses on making root permission management more accurate and secure:
+
+- Add a whole new package tracking system to ensure malicious UID reuse attack cannot be performed
+- Properly support and implement the UX in the Magisk app for packages using `sharedUserId`
+- Enforce root manager APK signature verification to combat the rampant unofficial Magisk app "mods"
+
+Many might not realize, but using a trusted, unmodified Magisk app is really important. Magisk's root daemon treats the Magisk app differently and gives it blanket root access without any restrictions. A modded Magisk app can potentially backdoor your device.
+
+And in case some of you are about to put on your tin foil hats, this is not designed to "vendor lock-in"; the goal is to make sure your root management app comes from the same developer of the underlying root implementation. Magisk's build system allows custom distributors to use its own signing keys, and in addition, I am also providing official debug builds which skips any signature verification for development.
+
+### Full Changelog: [here](https://topjohnwu.github.io/Magisk/changes.html)

docs/releases/index.md

@@ -1,5 +1,6 @@
 # Release Notes
 
+- [v25.0](25000.md)
 - [v24.3](24300.md)
 - [v24.2](24200.md)
 - [v24.1](24100.md)