From fa247eccb23cda0edf6bf6d784dab52bd886c285 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Wed, 27 Aug 2025 09:30:45 +0100
Subject: [PATCH 1/5] 8.19.3 release notes

---
 docs/release-notes.asciidoc      |  1 +
 docs/release-notes/8.19.asciidoc | 15 +++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc
index a0f1b9c824..896ee3cb97 100644
--- a/docs/release-notes.asciidoc
+++ b/docs/release-notes.asciidoc
@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.19.3, {elastic-sec} version 8.19.3>>
 * <<release-notes-8.19.2, {elastic-sec} version 8.19.2>>
 * <<release-notes-8.19.1, {elastic-sec} version 8.19.1>>
 * <<release-notes-8.19.0, {elastic-sec} version 8.19.0>>
diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc
index b016c0102b..4cc9c69cc2 100644
--- a/docs/release-notes/8.19.asciidoc
+++ b/docs/release-notes/8.19.asciidoc
@@ -1,6 +1,21 @@
 [[release-notes-header-8.19.0]]
 == 8.19
 
+[discrete]
+[[release-notes-8.19.3]]
+=== 8.19.3
+
+[discrete]
+[[enhancements-8.19.3]]
+==== Enhancements
+* Improves the reliability of {elastic-defend}'s connection to its kernel driver. This should reduce the instances of temporary `DEGRADED` policy statuses at boot due to `connect_kernel` failures.
+
+[discrete]
+[[bug-fixes-8.19.3]]
+==== Fixes
+* Prevents Session View from crashing by normalizing the `event.process.args` field ({kibana-pull}232462[#232462]).
+* Fixes a bug in {elastic-defend} where Linux endpoints would report `process.executable` as a relative, instead of absolute, path.
+
 [discrete]
 [[release-notes-8.19.2]]
 === 8.19.2

From 294a468095a19cc8ca54d99ba86536694db7e3aa Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic
 <137783811+natasha-moore-elastic@users.noreply.github.com>
Date: Wed, 27 Aug 2025 15:26:49 +0100
Subject: [PATCH 2/5] Apply suggestions from code review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>
Co-authored-by: Alberto Blázquez <albertoblaz@users.noreply.github.com>
---
 docs/release-notes/8.19.asciidoc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc
index 4cc9c69cc2..6eaa17160f 100644
--- a/docs/release-notes/8.19.asciidoc
+++ b/docs/release-notes/8.19.asciidoc
@@ -9,11 +9,16 @@
 [[enhancements-8.19.3]]
 ==== Enhancements
 * Improves the reliability of {elastic-defend}'s connection to its kernel driver. This should reduce the instances of temporary `DEGRADED` policy statuses at boot due to `connect_kernel` failures.
+* Enriches {elastic-defend} macOS network connect events with `network.direction`. Possible values are ingress and egress.
 
 [discrete]
 [[bug-fixes-8.19.3]]
 ==== Fixes
-* Prevents Session View from crashing by normalizing the `event.process.args` field ({kibana-pull}232462[#232462]).
+* Fixes a bug in Session View where `args` fields in `event.process` and nested objects had string values instead of array of strings as expected ({kibana-pull}232462[#232462]).
+* Fixes a bug in {elastic-defend} where Linux endpoints would report `process.executable` as a relative, instead of absolute, path.
+* Fixes a bug where {elastic-defend} Linux network events would fail to load if ipv6 is not supported by the system.
+* Fixes a bug in {elastic-defend} where the fqdn feature flag was not being persisted across system/endpoint restarts
+* Fix a race condition in {elastic-defend} that may occasionally result in corrupted process command lines on Windows.  When this occurs, `process.command_line`, `process.args_count` and `process.args` may be incorrect, leading to false positives.
 * Fixes a bug in {elastic-defend} where Linux endpoints would report `process.executable` as a relative, instead of absolute, path.
 
 [discrete]

From 73c54b29f5bc09822c03c9d23cad866513ff9d66 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Wed, 27 Aug 2025 15:33:00 +0100
Subject: [PATCH 3/5] tweaks

---
 docs/release-notes/8.19.asciidoc | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc
index 6eaa17160f..5828d35f62 100644
--- a/docs/release-notes/8.19.asciidoc
+++ b/docs/release-notes/8.19.asciidoc
@@ -9,17 +9,16 @@
 [[enhancements-8.19.3]]
 ==== Enhancements
 * Improves the reliability of {elastic-defend}'s connection to its kernel driver. This should reduce the instances of temporary `DEGRADED` policy statuses at boot due to `connect_kernel` failures.
-* Enriches {elastic-defend} macOS network connect events with `network.direction`. Possible values are ingress and egress.
+* Enriches {elastic-defend} macOS network connect events with `network.direction`. Possible values are `ingress` and `egress`.
 
 [discrete]
 [[bug-fixes-8.19.3]]
 ==== Fixes
 * Fixes a bug in Session View where `args` fields in `event.process` and nested objects had string values instead of array of strings as expected ({kibana-pull}232462[#232462]).
 * Fixes a bug in {elastic-defend} where Linux endpoints would report `process.executable` as a relative, instead of absolute, path.
-* Fixes a bug where {elastic-defend} Linux network events would fail to load if ipv6 is not supported by the system.
-* Fixes a bug in {elastic-defend} where the fqdn feature flag was not being persisted across system/endpoint restarts
-* Fix a race condition in {elastic-defend} that may occasionally result in corrupted process command lines on Windows.  When this occurs, `process.command_line`, `process.args_count` and `process.args` may be incorrect, leading to false positives.
-* Fixes a bug in {elastic-defend} where Linux endpoints would report `process.executable` as a relative, instead of absolute, path.
+* Fixes a bug where {elastic-defend} Linux network events would fail to load if IPv6 is not supported by the system.
+* Fixes a bug in {elastic-defend} where the `fqdn` feature flag was not being persisted across system/endpoint restarts.
+* Fixes a race condition in {elastic-defend} on Windows that occasionally resulted in corrupted process command lines. This could cause incorrect values for `process.command_line`, `process.args_count`, and `process.args`, leading to false positives.
 
 [discrete]
 [[release-notes-8.19.2]]

From b905166a5f01e2f56d49b43b5300ff2d2096c859 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic
 <137783811+natasha-moore-elastic@users.noreply.github.com>
Date: Wed, 27 Aug 2025 15:59:56 +0100
Subject: [PATCH 4/5] Update docs/release-notes/8.19.asciidoc

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.19.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc
index 5828d35f62..b3c6be3c6e 100644
--- a/docs/release-notes/8.19.asciidoc
+++ b/docs/release-notes/8.19.asciidoc
@@ -17,7 +17,7 @@
 * Fixes a bug in Session View where `args` fields in `event.process` and nested objects had string values instead of array of strings as expected ({kibana-pull}232462[#232462]).
 * Fixes a bug in {elastic-defend} where Linux endpoints would report `process.executable` as a relative, instead of absolute, path.
 * Fixes a bug where {elastic-defend} Linux network events would fail to load if IPv6 is not supported by the system.
-* Fixes a bug in {elastic-defend} where the `fqdn` feature flag was not being persisted across system/endpoint restarts.
+* Fixes a bug in {elastic-defend} where the `fqdn` feature flag was not being persisted across system or endpoint restarts.
 * Fixes a race condition in {elastic-defend} on Windows that occasionally resulted in corrupted process command lines. This could cause incorrect values for `process.command_line`, `process.args_count`, and `process.args`, leading to false positives.
 
 [discrete]

From f1f5847d0f6a5219561565c2bada460c135670c0 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic
 <137783811+natasha-moore-elastic@users.noreply.github.com>
Date: Wed, 27 Aug 2025 17:08:47 +0100
Subject: [PATCH 5/5] Update docs/release-notes/8.19.asciidoc

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.19.asciidoc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc
index b3c6be3c6e..79d79889c5 100644
--- a/docs/release-notes/8.19.asciidoc
+++ b/docs/release-notes/8.19.asciidoc
@@ -19,6 +19,8 @@
 * Fixes a bug where {elastic-defend} Linux network events would fail to load if IPv6 is not supported by the system.
 * Fixes a bug in {elastic-defend} where the `fqdn` feature flag was not being persisted across system or endpoint restarts.
 * Fixes a race condition in {elastic-defend} on Windows that occasionally resulted in corrupted process command lines. This could cause incorrect values for `process.command_line`, `process.args_count`, and `process.args`, leading to false positives.
+* Hides case connectors in the create case workflow based on your license ({kibana-pull}232506[#232506]).
+* Fixes inconsistencies in case activity statistics ({kibana-pull}231948[#231948]).
 
 [discrete]
 [[release-notes-8.19.2]]