From 77d5a1c67b096e1daf4e4107d20a075edc978ae5 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Thu, 21 Aug 2025 11:25:32 +0100 Subject: [PATCH 1/5] [Security] 9.0.6 release notes --- release-notes/elastic-security/index.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md index fb51742561..0fdec4eb4e 100644 --- a/release-notes/elastic-security/index.md +++ b/release-notes/elastic-security/index.md @@ -150,6 +150,14 @@ To check for security updates, go to [Security announcements for the Elastic sta * Fixes a bug in {{elastic-defend}} where Linux network events would have source and destination byte counts swapped. * Fixes an issue where {{elastic-defend}} may incorrectly set the artifact channel in policy responses, and adds `manifest_type` to policy responses. +## 9.0.6 [elastic-security-9.0.6-release-notes] + +### Features and enhancements [elastic-security-9.0.6-features-enhancements] +* Improves the reliability of {{elastic-defend}}'s connection to its kernel driver. This should reduce the instances of temporary `DEGRADED` policy statuses at boot due to `connect_kernel` failures. + +### Fixes [elastic-security-9.0.6-fixes] +* Fixes {{esql}} form locking to read-only mode in the rule upgrade flyout [#231699]({{kib-pull}}231699). + ## 9.0.5 [elastic-security-9.0.5-release-notes] ### Features and enhancements [elastic-security-9.0.5-features-enhancements] From 524c555ba907ab1ce7e61d8cc7ccaa6164b2bfd1 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Thu, 21 Aug 2025 13:37:16 +0100 Subject: [PATCH 2/5] Update release-notes/elastic-security/index.md Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- release-notes/elastic-security/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md index 0fdec4eb4e..ae896083c7 100644 --- a/release-notes/elastic-security/index.md +++ b/release-notes/elastic-security/index.md @@ -156,7 +156,7 @@ To check for security updates, go to [Security announcements for the Elastic sta * Improves the reliability of {{elastic-defend}}'s connection to its kernel driver. This should reduce the instances of temporary `DEGRADED` policy statuses at boot due to `connect_kernel` failures. ### Fixes [elastic-security-9.0.6-fixes] -* Fixes {{esql}} form locking to read-only mode in the rule upgrade flyout [#231699]({{kib-pull}}231699). +* Prevents the {{esql}} form from locking in read-only mode in the rule upgrade flyout [#231699]({{kib-pull}}231699). ## 9.0.5 [elastic-security-9.0.5-release-notes] From 55f2a6004fcfbcff2b073061478fc1e08db8ee73 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Tue, 26 Aug 2025 12:30:53 +0100 Subject: [PATCH 3/5] Apply suggestions from code review Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> --- release-notes/elastic-security/index.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md index ae896083c7..a3c7f4ec9c 100644 --- a/release-notes/elastic-security/index.md +++ b/release-notes/elastic-security/index.md @@ -154,9 +154,15 @@ To check for security updates, go to [Security announcements for the Elastic sta ### Features and enhancements [elastic-security-9.0.6-features-enhancements] * Improves the reliability of {{elastic-defend}}'s connection to its kernel driver. This should reduce the instances of temporary `DEGRADED` policy statuses at boot due to `connect_kernel` failures. +* Makes {elastic-defend} malware scan queue operate more efficiently by not blocking scan requests when an oplock for the file being scanned cannot be acquired. +* To help identify which parts of elastic-endpoint.exe are using a significant amount of CPU, {elastic-defend} on Windows can now include CPU profiling data in diagnostics. To request CPU profiling data via the command line, see the [Agent command reference](https://www.elastic.co/docs/reference/fleet/agent-command-reference#_options). To request CPU profiling data via Kibana, check the "Collect additional CPU metrics" box when requesting Agent diagnostics. +* Enriches {elastic-defend} macOS network connect events with `network.direction`. Possible values are ingress and egress. ### Fixes [elastic-security-9.0.6-fixes] * Prevents the {{esql}} form from locking in read-only mode in the rule upgrade flyout [#231699]({{kib-pull}}231699). +* Fixes a bug in {elastic-defend} where the fqdn feature flag was not being persisted across system/endpoint restarts +* Fix a race condition in {elastic-defend} that may occasionally result in corrupted process command lines on Windows. When this occurs, `process.command_line`, `process.args_count` and `process.args` may be incorrect, leading to false positives. +* Fixes a bug in {elastic-defend} where Linux endpoints would report `process.executable` as a relative, instead of absolute, path ## 9.0.5 [elastic-security-9.0.5-release-notes] From c789d2324c8542cd9896d5328cbf50ad964a2721 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Tue, 26 Aug 2025 12:36:12 +0100 Subject: [PATCH 4/5] formatting fixes --- release-notes/elastic-security/index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md index a3c7f4ec9c..a53cf130dc 100644 --- a/release-notes/elastic-security/index.md +++ b/release-notes/elastic-security/index.md @@ -154,9 +154,9 @@ To check for security updates, go to [Security announcements for the Elastic sta ### Features and enhancements [elastic-security-9.0.6-features-enhancements] * Improves the reliability of {{elastic-defend}}'s connection to its kernel driver. This should reduce the instances of temporary `DEGRADED` policy statuses at boot due to `connect_kernel` failures. -* Makes {elastic-defend} malware scan queue operate more efficiently by not blocking scan requests when an oplock for the file being scanned cannot be acquired. -* To help identify which parts of elastic-endpoint.exe are using a significant amount of CPU, {elastic-defend} on Windows can now include CPU profiling data in diagnostics. To request CPU profiling data via the command line, see the [Agent command reference](https://www.elastic.co/docs/reference/fleet/agent-command-reference#_options). To request CPU profiling data via Kibana, check the "Collect additional CPU metrics" box when requesting Agent diagnostics. -* Enriches {elastic-defend} macOS network connect events with `network.direction`. Possible values are ingress and egress. +* Improves {{elastic-defend}} malware scan queue efficiency by not blocking scan requests when an oplock for the file being scanned cannot be acquired. +* To help identify which parts of `elastic-endpoint.exe` are using a significant amount of CPU, {{elastic-defend}} on Windows can now include CPU profiling data in diagnostics. To request CPU profiling data using the command line, refer to [{{agent}} command reference](/reference/fleet/agent-command-reference.md#_options). To request CPU profiling data using {{kib}}, check the **Collect additional CPU metrics** box when requesting {{agent}} diagnostics. +* Enriches {{elastic-defend}} macOS network connect events with `network.direction`. Possible values are `ingress` and `egress`. ### Fixes [elastic-security-9.0.6-fixes] * Prevents the {{esql}} form from locking in read-only mode in the rule upgrade flyout [#231699]({{kib-pull}}231699). From 5913069fa2b56d4c02dd9745632e40758eaa5ab3 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Wed, 27 Aug 2025 09:46:44 +0100 Subject: [PATCH 5/5] tweaks --- release-notes/elastic-security/index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md index a53cf130dc..3a16db4d41 100644 --- a/release-notes/elastic-security/index.md +++ b/release-notes/elastic-security/index.md @@ -160,9 +160,9 @@ To check for security updates, go to [Security announcements for the Elastic sta ### Fixes [elastic-security-9.0.6-fixes] * Prevents the {{esql}} form from locking in read-only mode in the rule upgrade flyout [#231699]({{kib-pull}}231699). -* Fixes a bug in {elastic-defend} where the fqdn feature flag was not being persisted across system/endpoint restarts -* Fix a race condition in {elastic-defend} that may occasionally result in corrupted process command lines on Windows. When this occurs, `process.command_line`, `process.args_count` and `process.args` may be incorrect, leading to false positives. -* Fixes a bug in {elastic-defend} where Linux endpoints would report `process.executable` as a relative, instead of absolute, path +* Fixes a bug in {{elastic-defend}} where the `fqdn` feature flag was not being persisted across system/endpoint restarts. +* Fix a race condition in {{elastic-defend}} that occasionally resulted in corrupted process command lines on Windows. This could cause incorrect values for `process.command_line`, `process.args_count` and `process.args`, leading to false positives. +* Fixes a bug in {{elastic-defend}} where Linux endpoints would report `process.executable` as a relative, instead of absolute, path. ## 9.0.5 [elastic-security-9.0.5-release-notes]