diff --git a/docs/internals/howto-release-django.txt b/docs/internals/howto-release-django.txt
index c5254a8af36..40e5c25b34d 100644
--- a/docs/internals/howto-release-django.txt
+++ b/docs/internals/howto-release-django.txt
@@ -92,8 +92,11 @@ any time leading up to the actual release:
    the release. We maintain a list of who gets these pre-notification emails in
    the private ``django-core`` repository. Send the mail to
    ``security@djangoproject.com`` and BCC the pre-notification recipients.
-   This email should be signed by the key you'll use for the release, and
-   should include patches for each issue being fixed.
+   This email should be signed by the key you'll use for the release and
+   should include `CVE IDs <https://cveform.mitre.org/>`_ (requested with
+   Vendor: djangoproject, Product: django) and patches for each issue being
+   fixed. Also, :ref:`notify django-announce <security-disclosure>` of the
+   upcoming security release.
 
 #. As the release approaches, watch Trac to make sure no release blockers
    are left for the upcoming release.