Update note about secret scanning

Author: mattpollard

data/release-notes/enterprise-server/3-5/5.yml

@@ -9,8 +9,8 @@ sections:
     - The top site admin bar contained a broken link to the SHA for the currently running version of the application. 
     - Some background tasks could deadlock preventing them from making progress caused by `enterprise-crypto` which has now been modified to be thread safe. 
     - The list of organizations on the fork screen would overflow its box when a user was in many organizations. 
+    - Alerts from secret scanning for GitHub Advanced Security customers were missing in the web UI and REST API if a site administrator did not upgrade directly to GitHub Enterprise Server 3.4. The alerts are now visible.
   changes:
-    - In some cases, GitHub Advanced Security customers who skipped an upgrade to GitHub Enterprise Server 3.4 may have noticed that alerts from secret scanning were missing in the web UI and REST API. This fix recovers those impacted alerts. 
     - Performance improvements to the GitHub Enterprise Support Bundle generation process. This modifies the `sanitize_logs` function in `ghe-support-bundle` to run `psed` in parallel vs. serially.  This is based on an analysis of bundle generation on `ghe.io` where it was observed we spent 36% of our time in `psed` sanitizing logs. 
     - Change the `/organizations/`, `/orgs/` API routes to accept organization slugs or IDs. Previously, they only accepted slugs which was inconsistent with the `/enterprises/` routes and caused `Link` headers on GitHub Advanced Security API endpoints, that use IDs not slugs, to be inaccessible to users. 
     - User generated audit-logs events, such as `repo.create`, are now correctly returned from the REST API  availabe at `api.github.com/enterprises/{enterprise}/audit-log`. In addition to that, more types of user generated events, such as `project.create`, are now available on both the enterprise audit-log UI (available at `github.com/enterprises/{enterprise}/settings/audit-log`) and REST API (same endpoint as above). 
@@ -25,4 +25,3 @@ sections:
     - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
     - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
     - Actions services need to be restarted after restoring an appliance from a backup taken on a different host.
-    - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'

data/release-notes/enterprise-server/3-6/1.yml

@@ -12,8 +12,8 @@ sections:
     - Fixes an issue where enterprise users were incorrectly seeing a link to the GitHub.com community guidelines. 
     - Some background tasks could deadlock preventing them from making progress caused by `enterprise-crypto` which has now been modified to be thread safe. 
     - The top site admin bar contained a broken link to the SHA for the currently running version of the application. 
+    - Alerts from secret scanning for GitHub Advanced Security customers were missing in the web UI and REST API if a site administrator did not upgrade directly to GitHub Enterprise Server 3.4. The alerts are now visible.
   changes:
-    - In some cases, GitHub Advanced Security customers who skipped an upgrade to GitHub Enterprise Server 3.4 may have noticed that alerts from secret scanning were missing in the web UI and REST API. This fix recovers those impacted alerts. 
     - Performance improvements to the GitHub Enterprise Support Bundle generation process. This modifies the `sanitize_logs` function in `ghe-support-bundle` to run `psed` in parallel vs. serially.  This is based on an analysis of bundle generation on `ghe.io` where it was observed we spent 36% of our time in `psed` sanitizing logs. 
     - Change the `/organizations/`, `/orgs/` API routes to accept organization slugs or IDs. Previously, they only accepted slugs which was inconsistent with the `/enterprises/` routes and caused `Link` headers on GitHub Advanced Security API endpoints, that use IDs not slugs, to be inaccessible to users. 
     - User generated audit-logs events, such as `repo.create`, are now correctly returned from the REST API  availabe at `api.github.com/enterprises/{enterprise}/audit-log`. In addition to that, more types of user generated events, such as `project.create`, are now available on both the enterprise audit-log UI (available at `github.com/enterprises/{enterprise}/settings/audit-log`) and REST API (same endpoint as above). 
@@ -32,4 +32,3 @@ sections:
     - In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
     - In some cases, users cannot convert existing issues to discussions.
     - Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
-    - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'

data/reusables/release-notes/ghas-3.4-secret-scanning-known-issue.md

@@ -1,8 +1,8 @@
 {% ifversion ghes < 3.5 %}
 
-In some cases, GitHub Advanced Security customers who upgrade to GitHub Enterprise Server 3.5 or later may notice that alerts from secret scanning are missing in the web UI and REST API. To ensure the alerts remain visible, do not skip 3.4 when you upgrade from an earlier release to 3.5 or later. A fix will be available in upcoming patch releases.
+In some cases, GitHub Advanced Security customers who upgrade to GitHub Enterprise Server 3.5 or later may notice that alerts from secret scanning are missing in the web UI and REST API. To ensure the alerts remain visible, do not skip 3.4 when you upgrade from an earlier release to 3.5 or later. A fix is available in the [3.5.5](/[email protected]/admin/release-notes#3.5.5) and [3.6.1](/[email protected]/admin/release-notes#3.6.1) patch releases.
 
-To plan an upgrade through 3.4, see the [Upgrade assistant](https://support.github.com/enterprise/server-upgrade). [Updated: 2022-08-26]
+To plan an upgrade through 3.4, see the [Upgrade assistant](https://support.github.com/enterprise/server-upgrade). [Updated: 2022-09-01]
 
 {% elsif ghes = 3.5 or ghes = 3.6 %}
 
@@ -11,6 +11,6 @@ In some cases, GitHub Advanced Security customers who upgrade to GitHub Enterpri
 - To display the missing alerts for all repositories owned by an organization, organization owners can navigate to the organization's **Code security and analysis** settings, then click **Enable all** for secret scanning. For more information, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories)."
 - To display the missing alerts for an individual repository, people with admin access to the repository can disable then enable secret scanning for the repository. For more information, see "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)."
 
-A fix will be available in an upcoming patch release. [Updated: 2022-08-26]
+A fix is available in the {% ifversion ghes = 3.5 %}[3.5.5](/admin/release-notes#3.5.5){% elsif ghes = 3.6 %}[3.6.1](/admin/release-notes#3.6.1){% endif %} patch release. [Updated: 2022-09-01]
 
 {% endif %}