update release notes for 3.8.8

Author: thjaeckle

documentation/src/main/resources/pages/ditto/release_notes_388.md

@@ -24,6 +24,12 @@ PR [#2285](https://github.com/eclipse-ditto/ditto/pull/2285) fixes an issue abou
 to getting and storing static configuration data in several actors (e.g. Persistence actor).  
 Now, the configuration is only stored once and shared via references to reduce memory footprint.
 
+#### Update lz4-java version to fix critical security vulnerabilities
+
+PR [#2289](https://github.com/eclipse-ditto/ditto/pull/2289) updates `l44-java` dependency, fixing known CVEs:
+* [CVE-2025-12183](https://nvd.nist.gov/vuln/detail/CVE-2025-12183)
+* [CVE-2025-66566](https://nvd.nist.gov/vuln/detail/CVE-2025-66566)
+
 
 ### Helm chart