Revert "no security updates"

This reverts commit 7c98189.

Author: pdurbin

doc/release-notes/6.8-release-notes.md

@@ -120,6 +120,10 @@ New API calls have been added to retrieve the URLs needed to launch external too
 
 If the dataset/file is not public, the caller must authenticate and have permission to view the dataset/file. In such cases, the generated URL will include a callback token containing a signed URL the tool can use to retrieve all the parameters it is configured for. See Backward Incompatible Changes, below for a change to the JSON response. See #11760.
 
+## Security Updates
+
+This release contains important security updates. If you are not receiving security notices, please sign up by following [the steps](https://guides.dataverse.org/en/latest/installation/config.html#ongoing-security-of-your-installation) in the guides.
+
 ## Authentication Updates
 
 Authentication updates listed below were introduced as we work toward allowing the [new Dataverse frontend](https://github.com/IQSS/dataverse-frontend), a React-based Single Page Application (SPA). We list them here for completeness but unless you are experimenting with the new frontend or playing with OIDC directly, they probably will have no impact on your installation.