From 141d40b7301c0d45884f0842adbebbee7fb9e8d2 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Thu, 2 Oct 2025 12:53:55 +0100 Subject: [PATCH 1/4] [Security] 9.1.5 release notes --- release-notes/elastic-security/index.md | 21 +++++++++++++++++++ .../elastic-security/known-issues.md | 8 +++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md index 06a29aca1f..c100c594d9 100644 --- a/release-notes/elastic-security/index.md +++ b/release-notes/elastic-security/index.md @@ -27,6 +27,27 @@ To check for security updates, go to [Security announcements for the Elastic sta % * +## 9.1.5 [elastic-security-9.1.5-release-notes] + +### Features and enhancements [elastic-security-9.1.5-features-enhancements] +* Adds `customized_fields` and `has_base_version` fields to the internal rule schema [#235394]({{kib-pull}}235394). +* Adds an {{elastic-defend}} option to remediate orphaned state by attempting to start Elastic Agent service. +* Fixes {{elastic-defend}} error log on Windows where only the first character, usually 'C', was logged instead of a path. + +### Fixes [elastic-security-9.1.5-fixes] +* Fixes browser fields caching to use the `dataView` ID instead of the index pattern [#234381]({{kib-pull}}234381). +* Removes `null` in confirmation dialog when bulk editing index patterns for rules [#236572]({{kib-pull}}236572). +* Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder [#236067]({{kib-pull}}236067). +* Fixes system prompt updates from the Conversations tab in AI Assistant [#234812]({{kib-pull}}234812). +* Fixes a bug in the Highlighted fields table in the alert details flyout [#234222]({{kib-pull}}234222). +* Fixes a bug in rule exceptions to include the `matches` operator only for supported fields [#233127]({{kib-pull}}233127). +* Adds support in {{elastic-defend}} for installing eBPF event probes on Linux endpoints when cgroup2 is mounted in a non-standard location or not mounted at all. +* Adds support in {{elastic-defend}} for installing eBPF probes on Linux endpoints when taskstats is compiled out of the kernel. +* Fixes a bug in {{elastic-defend}} where Linux network events could have source and destination bytes swapped. +* Removes `.process.thread.capabilities.permitted` and `.process.thread.capabilities.effective` from Linux network events in {{elastic-defend}}. +* Fixes a bug in {{elastic-defend}} where host isolation could auto-release incorrectly. Host isolation now only releases when {{elastic-endpoint}} becomes orphaned. Intermittent {{elastic-agent}} connectivity changes no longer alter the host isolation state. + + ## 9.1.4 [elastic-security-9.1.4-release-notes] ### Features and enhancements [elastic-security-9.1.4-features-enhancements] diff --git a/release-notes/elastic-security/known-issues.md b/release-notes/elastic-security/known-issues.md index 263b488168..cb1a12887f 100644 --- a/release-notes/elastic-security/known-issues.md +++ b/release-notes/elastic-security/known-issues.md @@ -17,7 +17,7 @@ Known issues are significant defects or limitations that may impact your impleme % ::: -:::{dropdown} Filters may not apply correctly on the Alerts page +::::{dropdown} Filters may not apply correctly on the Alerts page Applies to: 9.1.0, 9.1.1, 9.1.2, and 9.1.3 **Impact** @@ -36,7 +36,11 @@ You can turn off the {{kib}} `courier:ignoreFilterIfFieldNotInIndex` [advanced s Ensure you give any users who will need access to the new space the appropriate permissions. ::: -::: +**Resolved**
+ +Resolved in {{stack}} 9.1.4 + +:::: :::{dropdown} The {{elastic-agent}} Docker image is not available at `docker.elastic.co/beats/elastic-agent:9.0.0` From 217bc0cb1b3cb780c7dcb89478eaaa615e3c3bca Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Fri, 3 Oct 2025 10:23:22 +0100 Subject: [PATCH 2/4] Apply suggestions from code review Co-authored-by: florent-leborgne --- release-notes/elastic-security/index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md index c100c594d9..9b7116597b 100644 --- a/release-notes/elastic-security/index.md +++ b/release-notes/elastic-security/index.md @@ -39,13 +39,13 @@ To check for security updates, go to [Security announcements for the Elastic sta * Removes `null` in confirmation dialog when bulk editing index patterns for rules [#236572]({{kib-pull}}236572). * Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder [#236067]({{kib-pull}}236067). * Fixes system prompt updates from the Conversations tab in AI Assistant [#234812]({{kib-pull}}234812). -* Fixes a bug in the Highlighted fields table in the alert details flyout [#234222]({{kib-pull}}234222). -* Fixes a bug in rule exceptions to include the `matches` operator only for supported fields [#233127]({{kib-pull}}233127). +* Fixes an issue in the Highlighted fields table in the alert details flyout [#234222]({{kib-pull}}234222). +* Fixes an issue in rule exceptions to include the `matches` operator only for supported fields [#233127]({{kib-pull}}233127). * Adds support in {{elastic-defend}} for installing eBPF event probes on Linux endpoints when cgroup2 is mounted in a non-standard location or not mounted at all. * Adds support in {{elastic-defend}} for installing eBPF probes on Linux endpoints when taskstats is compiled out of the kernel. -* Fixes a bug in {{elastic-defend}} where Linux network events could have source and destination bytes swapped. +* Fixes an issue in {{elastic-defend}} where Linux network events could have source and destination bytes swapped. * Removes `.process.thread.capabilities.permitted` and `.process.thread.capabilities.effective` from Linux network events in {{elastic-defend}}. -* Fixes a bug in {{elastic-defend}} where host isolation could auto-release incorrectly. Host isolation now only releases when {{elastic-endpoint}} becomes orphaned. Intermittent {{elastic-agent}} connectivity changes no longer alter the host isolation state. +* Fixes an issue in {{elastic-defend}} where host isolation could auto-release incorrectly. Host isolation now only releases when {{elastic-endpoint}} becomes orphaned. Intermittent {{elastic-agent}} connectivity changes no longer alter the host isolation state. ## 9.1.4 [elastic-security-9.1.4-release-notes] From 94cefc8b32f0896544ef637a06eb2d68805b4f35 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Mon, 6 Oct 2025 09:50:00 +0100 Subject: [PATCH 3/4] Apply suggestions from code review Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> --- release-notes/elastic-security/index.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md index 9b7116597b..c96b85bab4 100644 --- a/release-notes/elastic-security/index.md +++ b/release-notes/elastic-security/index.md @@ -32,7 +32,8 @@ To check for security updates, go to [Security announcements for the Elastic sta ### Features and enhancements [elastic-security-9.1.5-features-enhancements] * Adds `customized_fields` and `has_base_version` fields to the internal rule schema [#235394]({{kib-pull}}235394). * Adds an {{elastic-defend}} option to remediate orphaned state by attempting to start Elastic Agent service. -* Fixes {{elastic-defend}} error log on Windows where only the first character, usually 'C', was logged instead of a path. +* Increases the throughput of {elastic-defend} Logstash connections by increasing the maximum size it can upload at once. +* Improves reliability and accuracy of reporting of the {elastic-defend}'s Elasticsearch connection. ### Fixes [elastic-security-9.1.5-fixes] * Fixes browser fields caching to use the `dataView` ID instead of the index pattern [#234381]({{kib-pull}}234381). @@ -46,6 +47,8 @@ To check for security updates, go to [Security announcements for the Elastic sta * Fixes an issue in {{elastic-defend}} where Linux network events could have source and destination bytes swapped. * Removes `.process.thread.capabilities.permitted` and `.process.thread.capabilities.effective` from Linux network events in {{elastic-defend}}. * Fixes an issue in {{elastic-defend}} where host isolation could auto-release incorrectly. Host isolation now only releases when {{elastic-endpoint}} becomes orphaned. Intermittent {{elastic-agent}} connectivity changes no longer alter the host isolation state. +* Fixes an issue where {elastic-defend} would incorrectly calculate throughput capacity when sending documents to output. This may have limited event throughput on extremely busy endpoints. +* Fixes an issue in {elastic-defend} installation logging where only the first character of install paths (usually 'C') would be logged. ## 9.1.4 [elastic-security-9.1.4-release-notes] From 4a54cecaf895c616abe7f941fc6098a5ea40ecca Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Mon, 6 Oct 2025 09:51:14 +0100 Subject: [PATCH 4/4] Fix formatting --- release-notes/elastic-security/index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md index c96b85bab4..710aeeb22b 100644 --- a/release-notes/elastic-security/index.md +++ b/release-notes/elastic-security/index.md @@ -32,8 +32,8 @@ To check for security updates, go to [Security announcements for the Elastic sta ### Features and enhancements [elastic-security-9.1.5-features-enhancements] * Adds `customized_fields` and `has_base_version` fields to the internal rule schema [#235394]({{kib-pull}}235394). * Adds an {{elastic-defend}} option to remediate orphaned state by attempting to start Elastic Agent service. -* Increases the throughput of {elastic-defend} Logstash connections by increasing the maximum size it can upload at once. -* Improves reliability and accuracy of reporting of the {elastic-defend}'s Elasticsearch connection. +* Increases the throughput of {{elastic-defend}} Logstash connections by increasing the maximum size it can upload at once. +* Improves reliability and accuracy of reporting of the {{elastic-defend}}'s {{es}} connection. ### Fixes [elastic-security-9.1.5-fixes] * Fixes browser fields caching to use the `dataView` ID instead of the index pattern [#234381]({{kib-pull}}234381). @@ -47,8 +47,8 @@ To check for security updates, go to [Security announcements for the Elastic sta * Fixes an issue in {{elastic-defend}} where Linux network events could have source and destination bytes swapped. * Removes `.process.thread.capabilities.permitted` and `.process.thread.capabilities.effective` from Linux network events in {{elastic-defend}}. * Fixes an issue in {{elastic-defend}} where host isolation could auto-release incorrectly. Host isolation now only releases when {{elastic-endpoint}} becomes orphaned. Intermittent {{elastic-agent}} connectivity changes no longer alter the host isolation state. -* Fixes an issue where {elastic-defend} would incorrectly calculate throughput capacity when sending documents to output. This may have limited event throughput on extremely busy endpoints. -* Fixes an issue in {elastic-defend} installation logging where only the first character of install paths (usually 'C') would be logged. +* Fixes an issue where {{elastic-defend}} would incorrectly calculate throughput capacity when sending documents to output. This may have limited event throughput on extremely busy endpoints. +* Fixes an issue in {{elastic-defend}} installation logging where only the first character of install paths (usually 'C') would be logged. ## 9.1.4 [elastic-security-9.1.4-release-notes]