From 35f18d0f0f54743e2d11c22a6efdaef787b8258e Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Thu, 2 Oct 2025 13:27:57 +0100
Subject: [PATCH 1/4] Security 8.18.8 release notes

---
 docs/release-notes.asciidoc      |  1 +
 docs/release-notes/8.18.asciidoc | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc
index ed7a63c68b..5c0ae737ee 100644
--- a/docs/release-notes.asciidoc
+++ b/docs/release-notes.asciidoc
@@ -8,6 +8,7 @@ This section summarizes the changes in each release.
 * <<release-notes-8.19.2, {elastic-sec} version 8.19.2>>
 * <<release-notes-8.19.1, {elastic-sec} version 8.19.1>>
 * <<release-notes-8.19.0, {elastic-sec} version 8.19.0>>
+* <<release-notes-8.18.8, {elastic-sec} version 8.18.8>>
 * <<release-notes-8.18.7, {elastic-sec} version 8.18.7>>
 * <<release-notes-8.18.6, {elastic-sec} version 8.18.6>>
 * <<release-notes-8.18.5, {elastic-sec} version 8.18.5>>
diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc
index 2fbb0b7410..b4f04d3044 100644
--- a/docs/release-notes/8.18.asciidoc
+++ b/docs/release-notes/8.18.asciidoc
@@ -1,6 +1,30 @@
 [[release-notes-header-8.18.0]]
 == 8.18
 
+[discrete]
+[[release-notes-8.18.8]]
+=== 8.18.8
+
+[discrete]
+[[features-8.18.8]]
+==== New features
+* Adds an {elastic-defend} option to remediate orphaned state by attempting to start Elastic Agent service.
+
+[discrete]
+[[enhancements-8.18.8]]
+==== Enhancements
+* Fixes {elastic-defend} error log on Windows where only the first character, usually 'C', was logged instead of a path.
+
+[discrete]
+[[bug-fixes-8.18.8]]
+==== Fixes
+* Removes `null` in confirmation dialog when bulk editing index patterns for rules ({kibana-pull}236572[#236572]).
+* Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder ({kibana-pull}236067[#236067]).
+* Adds support in {elastic-defend} for installing eBPF probes on Linux endpoints when taskstats is compiled out of the kernel.
+* Fixes a bug in {elastic-defend} where Linux network events could have source and destination bytes swapped.
+* Removes `.process.thread.capabilities.permitted` and `.process.thread.capabilities.effective` from Linux network events in {elastic-defend}.
+* Fixes a bug in {elastic-defend} where host isolation could auto-release incorrectly. Host isolation now only releases when {elastic-endpoint} becomes orphaned. Intermittent {elastic-agent} connectivity changes no longer alter the host isolation state.
+
 [discrete]
 [[release-notes-8.18.7]]
 === 8.18.7

From 9c00ba442441fe197dec99703ebbf822752404b2 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic
 <137783811+natasha-moore-elastic@users.noreply.github.com>
Date: Thu, 2 Oct 2025 14:43:12 +0100
Subject: [PATCH 2/4] Update docs/release-notes/8.18.asciidoc

Co-authored-by: Nicholas Berlin <56366649+nicholasberlin@users.noreply.github.com>
---
 docs/release-notes/8.18.asciidoc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc
index b4f04d3044..c5dd8be6f7 100644
--- a/docs/release-notes/8.18.asciidoc
+++ b/docs/release-notes/8.18.asciidoc
@@ -20,7 +20,6 @@
 ==== Fixes
 * Removes `null` in confirmation dialog when bulk editing index patterns for rules ({kibana-pull}236572[#236572]).
 * Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder ({kibana-pull}236067[#236067]).
-* Adds support in {elastic-defend} for installing eBPF probes on Linux endpoints when taskstats is compiled out of the kernel.
 * Fixes a bug in {elastic-defend} where Linux network events could have source and destination bytes swapped.
 * Removes `.process.thread.capabilities.permitted` and `.process.thread.capabilities.effective` from Linux network events in {elastic-defend}.
 * Fixes a bug in {elastic-defend} where host isolation could auto-release incorrectly. Host isolation now only releases when {elastic-endpoint} becomes orphaned. Intermittent {elastic-agent} connectivity changes no longer alter the host isolation state.

From a2a1389f43c7165e86fff854ffaa7e53187fc685 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic
 <137783811+natasha-moore-elastic@users.noreply.github.com>
Date: Thu, 2 Oct 2025 15:22:05 +0100
Subject: [PATCH 3/4] Update docs/release-notes/8.18.asciidoc

Co-authored-by: Nicholas Berlin <56366649+nicholasberlin@users.noreply.github.com>
---
 docs/release-notes/8.18.asciidoc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc
index c5dd8be6f7..b4f04d3044 100644
--- a/docs/release-notes/8.18.asciidoc
+++ b/docs/release-notes/8.18.asciidoc
@@ -20,6 +20,7 @@
 ==== Fixes
 * Removes `null` in confirmation dialog when bulk editing index patterns for rules ({kibana-pull}236572[#236572]).
 * Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder ({kibana-pull}236067[#236067]).
+* Adds support in {elastic-defend} for installing eBPF probes on Linux endpoints when taskstats is compiled out of the kernel.
 * Fixes a bug in {elastic-defend} where Linux network events could have source and destination bytes swapped.
 * Removes `.process.thread.capabilities.permitted` and `.process.thread.capabilities.effective` from Linux network events in {elastic-defend}.
 * Fixes a bug in {elastic-defend} where host isolation could auto-release incorrectly. Host isolation now only releases when {elastic-endpoint} becomes orphaned. Intermittent {elastic-agent} connectivity changes no longer alter the host isolation state.

From b9c5516b50c3fad149bd3319e9e506aeb85cb881 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic
 <137783811+natasha-moore-elastic@users.noreply.github.com>
Date: Mon, 6 Oct 2025 09:36:48 +0100
Subject: [PATCH 4/4] Apply suggestions from code review

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>
---
 docs/release-notes/8.18.asciidoc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc
index b4f04d3044..2e84dfbc7f 100644
--- a/docs/release-notes/8.18.asciidoc
+++ b/docs/release-notes/8.18.asciidoc
@@ -13,7 +13,7 @@
 [discrete]
 [[enhancements-8.18.8]]
 ==== Enhancements
-* Fixes {elastic-defend} error log on Windows where only the first character, usually 'C', was logged instead of a path.
+* Increases the throughput of {elastic-defend} Logstash connections by increasing the maximum size it can upload at once.
 
 [discrete]
 [[bug-fixes-8.18.8]]
@@ -24,6 +24,9 @@
 * Fixes a bug in {elastic-defend} where Linux network events could have source and destination bytes swapped.
 * Removes `.process.thread.capabilities.permitted` and `.process.thread.capabilities.effective` from Linux network events in {elastic-defend}.
 * Fixes a bug in {elastic-defend} where host isolation could auto-release incorrectly. Host isolation now only releases when {elastic-endpoint} becomes orphaned. Intermittent {elastic-agent} connectivity changes no longer alter the host isolation state.
+* Improves the reliability of local {elastic-defend} administrative shell commands. In rare cases, a command could fail to execute due to issue with interprocess communication.
+* Fixes an issue where {elastic-defend} would incorrectly calculate throughput capacity when sending documents to output.  This may have limited event throughput on extremely busy endpoints.
+* Fixes an issue in {elastic-defend} installation logging where only the first character of install paths (usually 'C') would be logged.
 
 [discrete]
 [[release-notes-8.18.7]]