diff --git a/.github/workflows/bindings-python.yml b/.github/workflows/bindings-python.yml
index 14cb5427..6982b0ff 100644
--- a/.github/workflows/bindings-python.yml
+++ b/.github/workflows/bindings-python.yml
@@ -145,7 +145,7 @@ jobs:
 
   # TODO: Should we move this to a separate workflow?
   release-pypi:
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+    if: false && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
     needs:
       - build-pyproject
       - python-complete
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index ef5e86dc..2186ffd5 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -657,7 +657,7 @@ jobs:
       - run: echo "Rust CI jobs completed successfully."
 
   release-crate:
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+    if: false && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
     needs:
       - rust-complete
     runs-on: ubuntu-latest
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 68cb86e2..b2c18fa8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,27 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased] ##
 
+## [0.2.5] - 2026-06-17 ##
+
+> Or, to save on postage, I'll just poison him with this!
+
+> [!IMPORTANT]
+> Due to the rising tide of supply chain attacks, we have stopped using
+> "Trusted" Publishing for our crates.io and PyPi releases. Their
+> UIs imply that such releases are "more trusted" but as the recent attacks
+> have shown, they actually grant your code forge's *entire infrastructure* the
+> right to release things on your behalf.
+>
+> It would be nice if `crates.io` and PyPI supported a proper signing model
+> where developers control their keys, but that is sadly not the case today.
+> For PyPI, [detached PGP keys in PyPI are basically security
+> theatre][pypi-sigs-2023] and [PEP 480][PEP-480] has stalled; for `crates.io`
+> there appears to be *no* mechanism for signing your releases with a key you
+> control directly!
+
+[pypi-sigs-2023]: https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless
+[PEP-480]: https://peps.python.org/pep-0480/
+
 ### Breaking ###
 * `pathrs_inroot_hardlink` and `pathrs_inroot_symlink` have been switched to
   using the standard argument order from their respective system calls
@@ -60,11 +81,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Fixed ###
 - Containers often have `/proc/sys` overmounted with a read-only mount to avoid
-  container escapes, this caused:
-  - The `O_PATH` resolver to panic because the hardened procfs lookup for
-    `/proc/sys/fs/protected_symlinks` would fail. We now conservatively assume
-    that `fs.protected_symlinks` is enabled if we cannot access the file for
-    any reason.
+  container escapes, this caused the `O_PATH` resolver to panic because the
+  hardened procfs lookup for `/proc/sys/fs/protected_symlinks` would fail. We
+  now conservatively assume that `fs.protected_symlinks` is enabled if we
+  cannot access the file for any reason.
+
+  This also causes attempts to access `/proc/sys` files using `ProcfsHandle` to
+  also fail (by design). In the future we plan to provide some quality-of-life
+  improvements to permit access in those cases, but at the moment users need to
+  be aware that those kinds of accesses can fail.
+
 - `Root::readlink` and `ProcfsHandle::readlink` would previously return
   `ENOENT` if the target path existed but was not a symlink. This occurred
   because of a peculiar asymmetry in the kernel APIs for `readlinkat(2)`, but
@@ -751,7 +777,8 @@ Initial release.
   - C FFI.
   - Python bindings.
 
-[Unreleased]: https://github.com/cyphar/libpathrs/compare/v0.2.4...HEAD
+[Unreleased]: https://github.com/cyphar/libpathrs/compare/v0.2.5...HEAD
+[0.2.5]: https://github.com/cyphar/libpathrs/compare/v0.2.4...v0.2.5
 [0.2.4]: https://github.com/cyphar/libpathrs/compare/v0.2.3...v0.2.4
 [0.2.3]: https://github.com/cyphar/libpathrs/compare/v0.2.2...v0.2.3
 [0.2.2]: https://github.com/cyphar/libpathrs/compare/v0.2.1...v0.2.2
diff --git a/Cargo.lock b/Cargo.lock
index 6f4bc8bc..d7dd26b1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -363,7 +363,7 @@ checksum = "17359afc20d7ab31fdb42bb844c8b3bb1dabd7dcf7e68428492da7f16966fcef"
 
 [[package]]
 name = "pathrs"
-version = "0.2.4+dev"
+version = "0.2.5+dev"
 dependencies = [
  "anyhow",
  "bitflags 2.13.0",
diff --git a/Cargo.toml b/Cargo.toml
index 54556ee3..2955cf0c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -31,7 +31,7 @@
 
 [package]
 name = "pathrs"
-version = "0.2.4+dev"
+version = "0.2.5+dev"
 license = "MPL-2.0 OR LGPL-3.0-or-later"
 authors = ["Aleksa Sarai <cyphar@cyphar.com>"]
 
diff --git a/contrib/bindings/python/pyproject.toml b/contrib/bindings/python/pyproject.toml
index 0cd35d99..aee9ff82 100644
--- a/contrib/bindings/python/pyproject.toml
+++ b/contrib/bindings/python/pyproject.toml
@@ -21,7 +21,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "pathrs"
 # TODO: Figure out a way to keep this version up-to-date with Cargo.toml.
-version = "0.2.4+dev"
+version = "0.2.5+dev"
 description = "Python bindings for libpathrs, a safe path resolution library for Linux."
 readme = "README.md"
 keywords = ["libpathrs", "pathrs"]