From 00a5d995f04a2a10290e097ae2854b0e9d514ed2 Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Fri, 16 Sep 2022 18:32:11 -0300
Subject: [PATCH] doc: mention where to push security commits

---
 doc/contributing/releases.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/doc/contributing/releases.md b/doc/contributing/releases.md
index 8ca866cb595c9f..233cbe9a32bd63 100644
--- a/doc/contributing/releases.md
+++ b/doc/contributing/releases.md
@@ -263,6 +263,18 @@ branch.
 $ git checkout -b v1.2.3-proposal upstream/v1.x-staging
 ```
 
+<details>
+<summary>Security release</summary>
+
+When performing Security Releases, the `vN.x.x-proposal` branch should be
+branched off of `vN.x`.
+
+```console
+$ git checkout -b v1.2.3-proposal upstream/v1.x
+git cherry-pick  ...  # cherry-pick nodejs-private PR commits directly into the proposal
+```
+</details>
+
 ### 3. Update `src/node_version.h`
 
 Set the version for the proposed release using the following macros, which are
@@ -458,6 +470,9 @@ Notable changes:
 PR-URL: TBD
 ```
 
+**Note**: Ensure to push the proposal branch to the nodejs-private repository.
+Otherwise, you will leak the commits before the security release.
+
 </details>
 
 ### 6. Propose release on GitHub