diff --git a/data/release-notes/enterprise-server/3-2/20.yml b/data/release-notes/enterprise-server/3-2/20.yml
new file mode 100644
index 0000000000..fb7235a2c8
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-2/20.yml
@@ -0,0 +1,21 @@
+date: '2022-10-25'
+sections:
+  security_fixes:
+    - |
+      **HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
+    - |
+      **MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
+    - |
+      **LOW**: Due to a CSRF vulnerability, a `GET` request to the instance's `site/toggle_site_admin_and_employee_status` endpoint could toggle a user's site administrator status unknowingly.
+  bugs:
+    - |
+      After a site administrator installed a hotpatch containing changes to web interface assets such as JavaScript files or images, the instance did not serve the new assets.
+  known_issues:
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+    - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
diff --git a/data/release-notes/enterprise-server/3-3/15.yml b/data/release-notes/enterprise-server/3-3/15.yml
new file mode 100644
index 0000000000..eb0fc38253
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-3/15.yml
@@ -0,0 +1,36 @@
+date: '2022-10-25'
+sections:
+  security_fixes:
+    - |
+      **HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
+    - |
+      **MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
+    - |
+      **MEDIUM**: Updated Redis to 5.0.14 to address [CVE-2021-32672](https://nvd.nist.gov/vuln/detail/CVE-2021-32672) and [CVE-2021-32762](https://nvd.nist.gov/vuln/detail/CVE-2021-32762).
+    - |
+      **LOW**: Due to a CSRF vulnerability, a `GET` request to the instance's `site/toggle_site_admin_and_employee_status` endpoint could toggle a user's site administrator status unknowingly.
+    - Packages have been updated to the latest security versions. 
+  bugs:
+    - |
+      After a site administrator made a change that triggered a configuration run, such as disabling GitHub Actions, validation of services would sometimes fail with the message `WARNING: Validation encountered a problem`.
+    - |
+      After a site administrator installed a hotpatch containing changes to web interface assets such as JavaScript files or images, the instance did not serve the new assets.
+    - |
+      Deleted assets and assets scheduled to be purged within a repository, such as LFS files, took too long to to be cleaned up.
+    - |
+      If a user installed a GitHub App for the user account and then converted the account into an organization, the app was not granted organization permissions.
+  changes:
+    - |
+      To ensure that site administrators can successfully complete an upgrade, the instance will now execute a preflight check to ensure that the virtual machine meets minimum hardware requirements. The check also verifies Elasticsearch's health. You can review the current requirements for CPU, memory, and storage for GitHub Enterprise Server in the "Minimum requirements" section within each article in "[Setting up a GitHub Enterprise Server instance](/admin/installation/setting-up-a-github-enterprise-server-instance)."
+  known_issues:
+    - After upgrading to {% data variables.product.prodname_ghe_server %} 3.3, {% data variables.product.prodname_actions %} may fail to start automatically. To resolve this issue, connect to the appliance via SSH and run the `ghe-actions-start` command.
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+    - '{% data variables.product.prodname_actions %} storage settings cannot be validated and saved in the {% data variables.enterprise.management_console %} when "Force Path Style" is selected, and must instead be configured with the `ghe-actions-precheck` command line utility.'
+    - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
+    - '{% data reusables.release-notes.2022-09-hotpatch-issue %}'
diff --git a/data/release-notes/enterprise-server/3-4/10.yml b/data/release-notes/enterprise-server/3-4/10.yml
new file mode 100644
index 0000000000..e35eeb1db1
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-4/10.yml
@@ -0,0 +1,39 @@
+date: '2022-10-25'
+sections:
+  security_fixes:
+    - |
+      **HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
+    - |
+      **MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
+    - |
+      **MEDIUM**: Updated Redis to 5.0.14 to address [CVE-2021-32672](https://nvd.nist.gov/vuln/detail/CVE-2021-32672) and [CVE-2021-32762](https://nvd.nist.gov/vuln/detail/CVE-2021-32762).
+    - |
+      **LOW**: Due to a CSRF vulnerability, a `GET` request to the instance's `site/toggle_site_admin_and_employee_status` endpoint could toggle a user's site administrator status unknowingly.
+    - Packages have been updated to the latest security versions. 
+  bugs:
+    - |
+      After a site administrator made a change that triggered a configuration run, such as disabling GitHub Actions, validation of services would sometimes fail with the message `WARNING: Validation encountered a problem`.
+    - |
+      After a site administrator installed a hotpatch containing changes to web interface assets such as JavaScript files or images, the instance did not serve the new assets.
+    - |
+      When a user accessed a renamed repository using Git, the hostname in the Git output incorrectly indicated GitHub.com instead of the instance's hostname.
+    - |
+      Deleted assets and assets scheduled to be purged within a repository, such as LFS files, took too long to to be cleaned up.
+    - |
+      If a user installed a GitHub App for the user account and then converted the account into an organization, the app was not granted organization permissions.
+  changes:
+    - |
+      To ensure that site administrators can successfully complete an upgrade, the instance will now execute a preflight check to ensure that the virtual machine meets minimum hardware requirements. The check also verifies Elasticsearch's health. You can review the current requirements for CPU, memory, and storage for GitHub Enterprise Server in the "Minimum requirements" section within each article in "[Setting up a GitHub Enterprise Server instance](/admin/installation/setting-up-a-github-enterprise-server-instance)."
+  known_issues:
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+    - |
+      After registering a self-hosted runner with the `--ephemeral` parameter on more than one level (for example, both enterprise and organization), the runner may get stuck in an idle state and require re-registration. [Updated: 2022-06-17]
+    - After upgrading to {% data variables.product.prodname_ghe_server %} 3.4, releases may appear to be missing from repositories. This can occur when the required Elasticsearch index migrations have not successfully completed.
+    - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
+    - '{% data reusables.release-notes.2022-09-hotpatch-issue %}'
diff --git a/data/release-notes/enterprise-server/3-5/7.yml b/data/release-notes/enterprise-server/3-5/7.yml
new file mode 100644
index 0000000000..60e4df04bb
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-5/7.yml
@@ -0,0 +1,42 @@
+date: '2022-10-25'
+sections:
+  security_fixes:
+    - |
+      **HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
+    - |
+      **MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
+    - |
+      **MEDIUM**: Updated Redis to 5.0.14 to address [CVE-2021-32672](https://nvd.nist.gov/vuln/detail/CVE-2021-32672) and [CVE-2021-32762](https://nvd.nist.gov/vuln/detail/CVE-2021-32762).
+    - |
+      **LOW**: Due to a CSRF vulnerability, a `GET` request to the instance's `site/toggle_site_admin_and_employee_status` endpoint could toggle a user's site administrator status unknowingly.
+    - Packages have been updated to the latest security versions. 
+  bugs:
+    - |
+      After a site administrator made a change that triggered a configuration run, such as disabling GitHub Actions, validation of services would sometimes fail with the message `WARNING: Validation encountered a problem`.
+    - |
+      After a site administrator installed a hotpatch containing changes to web interface assets such as JavaScript files or images, the instance did not serve the new assets.
+    - |
+      When a user accessed a renamed repository using Git, the hostname in the Git output incorrectly indicated GitHub.com instead of the instance's hostname.
+    - |
+      On instances using LDAP authentication and LDAP sync, sync would fail and print `undefined method ord for nil:NilClass` in `ldap-sync.log`.
+    - Addressed a bug in which the endpoint for [creating a tag protection state for a repository](https://docs.github.com/en/enterprise-server@3.5/rest/repos/tags#create-a-tag-protection-state-for-a-repository) was returning a 500 error. 
+    - |
+      Deleted assets and assets scheduled to be purged within a repository, such as LFS files, took too long to to be cleaned up.
+    - |
+      If a user installed a GitHub App for the user account and then converted the account into an organization, the app was not granted organization permissions.
+    - |
+      Missing secret scanning alerts on instance with a GitHub Advanced Security license that was not upgraded directly to GitHub Enterprise Server 3.4 are now visible in the web interface and through the REST API.
+    - In some cases, on an instance with a GitHub Advanced Security license, secret scanning alerts did not include a provider type, and instead indicated that the provider type was "unknown." 
+  changes:
+    - |
+      To ensure that site administrators can successfully complete an upgrade, the instance will now execute a preflight check to ensure that the virtual machine meets minimum hardware requirements. The check also verifies Elasticsearch's health. You can review the current requirements for CPU, memory, and storage for GitHub Enterprise Server in the "Minimum requirements" section within each article in "[Setting up a GitHub Enterprise Server instance](/admin/installation/setting-up-a-github-enterprise-server-instance)."
+  known_issues:
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+    - Actions services need to be restarted after restoring an appliance from a backup taken on a different host.
+    - '{% data reusables.release-notes.2022-09-hotpatch-issue %}'
diff --git a/data/release-notes/enterprise-server/3-6/3.yml b/data/release-notes/enterprise-server/3-6/3.yml
new file mode 100644
index 0000000000..19c289eb89
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-6/3.yml
@@ -0,0 +1,49 @@
+date: '2022-10-25'
+sections:
+  security_fixes:
+    - |
+      **HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
+    - |
+      **MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
+    - |
+      **MEDIUM**: Updated Redis to 5.0.14 to address [CVE-2021-32672](https://nvd.nist.gov/vuln/detail/CVE-2021-32672) and [CVE-2021-32762](https://nvd.nist.gov/vuln/detail/CVE-2021-32762).
+    - |
+      **LOW**: Due to a CSRF vulnerability, a `GET` request to the instance's `site/toggle_site_admin_and_employee_status` endpoint could toggle a user's site administrator status unknowingly.
+    - Packages have been updated to the latest security versions. 
+  bugs:
+    - |
+      After a site administrator made a change that triggered a configuration run, such as disabling GitHub Actions, validation of services would sometimes fail with the message `WARNING: Validation encountered a problem`.
+    - |
+      After a site administrator installed a hotpatch containing changes to web interface assets such as JavaScript files or images, the instance did not serve the new assets.
+    - |
+      When a user accessed a renamed repository using Git, the hostname in the Git output incorrectly indicated GitHub.com instead of the instance's hostname.
+    - |
+      On instances using LDAP authentication and LDAP sync, sync would fail and print `undefined method ord for nil:NilClass` in `ldap-sync.log`.
+    - |
+      When a user visited links to view history or suggest an improvement to the GitHub Advisory Database, the URLs were incorrect, resulting in a `404` error.
+    - |
+      Deleted assets and assets scheduled to be purged within a repository, such as LFS files, took too long to to be cleaned up.
+    - |
+      On instances configured for high availability, `ghe-repl-status` incorrectly reported that replication was behind for repositories that users had previously deleted.
+    - |
+      If a user installed a GitHub App for the user account and then converted the account into an organization, the app was not granted organization permissions.
+    - |
+      Missing secret scanning alerts on instance with a GitHub Advanced Security license that was not upgraded directly to GitHub Enterprise Server 3.4 are now visible in the web interface and through the REST API.
+    - |
+      In some cases, on an instance with a GitHub Advanced Security license, some tokens detected by secret scanning were reported as "unknown tokens."
+  changes:
+    - |
+      To ensure that site administrators can successfully complete an upgrade, the instance will now execute a preflight check to ensure that the virtual machine meets minimum hardware requirements. The check also verifies Elasticsearch's health. You can review the current requirements for CPU, memory, and storage for GitHub Enterprise Server in the "Minimum requirements" section within each article in "[Setting up a GitHub Enterprise Server instance](/admin/installation/setting-up-a-github-enterprise-server-instance)."
+  known_issues:
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+    - Actions services need to be restarted after restoring an instance from a backup taken on a different host.
+    - In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
+    - In some cases, users cannot convert existing issues to discussions.
+    - Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
+    - '{% data reusables.release-notes.2022-09-hotpatch-issue %}'