This is:
http://www.berklix.com/~jhs/src/bsd/fixes/FreeBSD/src/gen/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5.REL=13.2-RELEASE.diff

*** 12.3-RELEASE/src/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5	Sat Jun 10 12:51:35 2023
--- new-generic/src/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5	Sat Jun 10 12:54:45 2023
***************
*** 139,144 ****
--- 139,154 ----
  technique 1.
  Beware that this technique can cause scanning to take longer to complete,
  and exposes the list of configured network SSIDs to eavesdroppers.
+ .br
+ Security Caution: If you assert scan_ssid=1 (Instead of default scan_ssid=0):
+ .in +2
+ Instead of just sending a broadcast Probe Request frame,
+ FreeBSD would also send directed Probe Request frames with specific names.
+ Those network names would be observable to hostile 3rd parties,
+ & could be abused as per
+ http://www.bbc.com/news/technology-28891937
+ http://lists.freebsd.org/pipermail/freebsd-wireless/2014-October/005097.html
+ .in -2
  .It Va bssid
  Network BSSID (typically the MAC address of the access point).
  .It Va priority