From 8730c68a0976ddeb189ea6f306b01f2fa51a7cd4 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 29 Apr 2025 16:44:31 -0400 Subject: [PATCH 01/11] First draft --- docs/release-notes.asciidoc | 1 + docs/release-notes/8.18.asciidoc | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index 28a40fa5ec..69a538f29d 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -3,6 +3,7 @@ This section summarizes the changes in each release. +* <> * <> * <> * <> diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc index d25bc6198f..ddd8f7d1df 100644 --- a/docs/release-notes/8.18.asciidoc +++ b/docs/release-notes/8.18.asciidoc @@ -1,6 +1,30 @@ [[release-notes-header-8.18.0]] == 8.18 +[discrete] +[[release-notes-8.18.1]] +=== 8.18.1 + +[discrete] +[[features-8.18.1]] +==== New features +* Create upgrade agentless deployment background task ({kibana-pull}207143[#207143]). + +[discrete] +[[enhancements-8.18.1]] +==== Enhancements +* Updates kibana MITRE data to `v16.1` ({kibana-pull}215026[#215026]). +* Create upgrade agentless deployment background task ({kibana-pull}207143[#207143]). + +[discrete] +[[bug-fixes-8.18.1]] +==== Fixes +* Remove check for unused Connector role ({kibana-pull}219358[#219358]). +* Fixes rule import error message display ({kibana-pull}218701[#218701]). +* Fixes related integrations render performance on rule editing pages ({kibana-pull}217254[#217254]). +* For Linux OSes running ebpf-based event sourcing (kernel versions 5.10 and newer), this commit adds process events for ptrace and memfd activity. +* {elastic-defend} now has improved call site analysis logic. + [discrete] [[release-notes-8.18.0]] === 8.18.0 From b0ff1dd343a1b9df1aa1104965ab513ea738a0aa Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Wed, 30 Apr 2025 15:45:25 -0400 Subject: [PATCH 02/11] Revisions --- docs/release-notes/8.18.asciidoc | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc index ddd8f7d1df..739456b36a 100644 --- a/docs/release-notes/8.18.asciidoc +++ b/docs/release-notes/8.18.asciidoc @@ -5,25 +5,20 @@ [[release-notes-8.18.1]] === 8.18.1 -[discrete] -[[features-8.18.1]] -==== New features -* Create upgrade agentless deployment background task ({kibana-pull}207143[#207143]). - [discrete] [[enhancements-8.18.1]] ==== Enhancements -* Updates kibana MITRE data to `v16.1` ({kibana-pull}215026[#215026]). -* Create upgrade agentless deployment background task ({kibana-pull}207143[#207143]). +* Updates the **MITRE ATT&CK® coverage** page mapping to `v16.1` ({kibana-pull}215026[#215026]). +* Adds a background task to upgrade Agentless deployments after {kib} has been upgraded ({kibana-pull}207143[#207143]). [discrete] [[bug-fixes-8.18.1]] ==== Fixes -* Remove check for unused Connector role ({kibana-pull}219358[#219358]). -* Fixes rule import error message display ({kibana-pull}218701[#218701]). -* Fixes related integrations render performance on rule editing pages ({kibana-pull}217254[#217254]). -* For Linux OSes running ebpf-based event sourcing (kernel versions 5.10 and newer), this commit adds process events for ptrace and memfd activity. -* {elastic-defend} now has improved call site analysis logic. +* Removes the check for unused connector roles ({kibana-pull}219358[#219358]). +* Simplifies and improves the rule import error message ({kibana-pull}218701[#218701]). +* Fixes the related integrations render performance on rule editing pages ({kibana-pull}217254[#217254]). +* Adds process events for ptrace and memfd activity for Linux OSes running ebpf-based event sourcing (kernel versions 5.10 and newer). +* Improves {elastic-defend}'s call site analysis logic. [discrete] [[release-notes-8.18.0]] From c83cc55531f1326761be53fd591d0646b5bdd07f Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 30 Apr 2025 21:59:00 -0400 Subject: [PATCH 03/11] Update docs/release-notes/8.18.asciidoc Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> --- docs/release-notes/8.18.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc index 739456b36a..a2d4ca7f71 100644 --- a/docs/release-notes/8.18.asciidoc +++ b/docs/release-notes/8.18.asciidoc @@ -19,7 +19,7 @@ * Fixes the related integrations render performance on rule editing pages ({kibana-pull}217254[#217254]). * Adds process events for ptrace and memfd activity for Linux OSes running ebpf-based event sourcing (kernel versions 5.10 and newer). * Improves {elastic-defend}'s call site analysis logic. - +* Fixes a bug in {elastic-defend}'s redaction of diagnostics bundles. [discrete] [[release-notes-8.18.0]] === 8.18.0 From ca9cc5a4d359930d2ce36059c51011803a12778a Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 30 Apr 2025 21:59:29 -0400 Subject: [PATCH 04/11] Update docs/release-notes/8.18.asciidoc Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> --- docs/release-notes/8.18.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc index a2d4ca7f71..b14f81293b 100644 --- a/docs/release-notes/8.18.asciidoc +++ b/docs/release-notes/8.18.asciidoc @@ -10,7 +10,7 @@ ==== Enhancements * Updates the **MITRE ATT&CK® coverage** page mapping to `v16.1` ({kibana-pull}215026[#215026]). * Adds a background task to upgrade Agentless deployments after {kib} has been upgraded ({kibana-pull}207143[#207143]). - +* Improves {elastic-defend}'s' CPU usage on systems with very high event volumes. [discrete] [[bug-fixes-8.18.1]] ==== Fixes From a86332fb65f0f1cf9331e254e53615a4dc4726a1 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Thu, 1 May 2025 12:50:33 -0400 Subject: [PATCH 05/11] Update docs/release-notes/8.18.asciidoc Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> --- docs/release-notes/8.18.asciidoc | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc index b14f81293b..3a3067b9f1 100644 --- a/docs/release-notes/8.18.asciidoc +++ b/docs/release-notes/8.18.asciidoc @@ -17,7 +17,6 @@ * Removes the check for unused connector roles ({kibana-pull}219358[#219358]). * Simplifies and improves the rule import error message ({kibana-pull}218701[#218701]). * Fixes the related integrations render performance on rule editing pages ({kibana-pull}217254[#217254]). -* Adds process events for ptrace and memfd activity for Linux OSes running ebpf-based event sourcing (kernel versions 5.10 and newer). * Improves {elastic-defend}'s call site analysis logic. * Fixes a bug in {elastic-defend}'s redaction of diagnostics bundles. [discrete] From 3c33472cb83e2297e8e309c97c8c03cd25af9765 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Thu, 1 May 2025 12:57:17 -0400 Subject: [PATCH 06/11] Adds 216667 --- docs/release-notes/8.18.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc index 3a3067b9f1..d871cacf7d 100644 --- a/docs/release-notes/8.18.asciidoc +++ b/docs/release-notes/8.18.asciidoc @@ -17,8 +17,10 @@ * Removes the check for unused connector roles ({kibana-pull}219358[#219358]). * Simplifies and improves the rule import error message ({kibana-pull}218701[#218701]). * Fixes the related integrations render performance on rule editing pages ({kibana-pull}217254[#217254]). +* Prevents {esql} rules from timing out if the rule query takes longer than five minutes to complete ({kibana-pull}216667[#216667]). * Improves {elastic-defend}'s call site analysis logic. * Fixes a bug in {elastic-defend}'s redaction of diagnostics bundles. + [discrete] [[release-notes-8.18.0]] === 8.18.0 From 58d74fd582684aad27b1db557357ace553a482dc Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Thu, 1 May 2025 12:59:40 -0400 Subject: [PATCH 07/11] space --- docs/release-notes/8.18.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc index d871cacf7d..744164fa37 100644 --- a/docs/release-notes/8.18.asciidoc +++ b/docs/release-notes/8.18.asciidoc @@ -11,6 +11,7 @@ * Updates the **MITRE ATT&CK® coverage** page mapping to `v16.1` ({kibana-pull}215026[#215026]). * Adds a background task to upgrade Agentless deployments after {kib} has been upgraded ({kibana-pull}207143[#207143]). * Improves {elastic-defend}'s' CPU usage on systems with very high event volumes. + [discrete] [[bug-fixes-8.18.1]] ==== Fixes From 4ea3ff342a20ad119f777e53580978c72a0c781b Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Fri, 2 May 2025 14:33:32 -0400 Subject: [PATCH 08/11] Update ki description for endpoint bug --- docs/release-notes/8.18.asciidoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc index 744164fa37..e1b2b4a1cc 100644 --- a/docs/release-notes/8.18.asciidoc +++ b/docs/release-notes/8.18.asciidoc @@ -65,6 +65,10 @@ When you install an {elastic-defend} integration or a new agent policy for this *Workaround* + To resolve this issue, before you add an {elastic-defend} integration to a policy in {fleet}, apply any pending prebuilt rule updates. This will prevent rule actions, exceptions, and customizations from being overwritten. + +*Resolved* + +This issue is fixed in {stack} versions 8.17.6 and 8.18.1. + ==== // end::known-issue[] From 3561c389b31bbba9558609b4fc10f7ce6baa60b8 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Mon, 5 May 2025 10:24:20 -0400 Subject: [PATCH 09/11] Adds ki about eql rules --- docs/release-notes/8.18.asciidoc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc index e1b2b4a1cc..3458cadd4a 100644 --- a/docs/release-notes/8.18.asciidoc +++ b/docs/release-notes/8.18.asciidoc @@ -5,6 +5,17 @@ [[release-notes-8.18.1]] === 8.18.1 +// tag::known-issue[] +[discrete] +.The technical preview badge incorrectly displays on the alert suppression fields for event correlation rules +[%collapsible] +==== +*Details* + +On April 8, 2025, it was discovered that alert suppression for event correlation rules is incorrectly shown as being in technical preview when you create a new rule. For more information, check (https://github.com/elastic/docs-content/issues/1021)[#1021]. + +==== +// end::known-issue[] + [discrete] [[enhancements-8.18.1]] ==== Enhancements From b3dcdf9b9c3d990805c84df9b2e23eb8069a5e9c Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Mon, 5 May 2025 11:07:46 -0400 Subject: [PATCH 10/11] remove char --- docs/release-notes/8.18.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc index 3458cadd4a..14c5218881 100644 --- a/docs/release-notes/8.18.asciidoc +++ b/docs/release-notes/8.18.asciidoc @@ -11,7 +11,7 @@ [%collapsible] ==== *Details* + -On April 8, 2025, it was discovered that alert suppression for event correlation rules is incorrectly shown as being in technical preview when you create a new rule. For more information, check (https://github.com/elastic/docs-content/issues/1021)[#1021]. +On April 8, 2025, it was discovered that alert suppression for event correlation rules is incorrectly shown as being in technical preview when you create a new rule. For more information, check https://github.com/elastic/docs-content/issues/1021[#1021]. ==== // end::known-issue[] @@ -61,7 +61,7 @@ Duplicate your rules and enable them. [%collapsible] ==== *Details* + -On April 8, 2025, it was discovered that alert suppression for event correlation rules is incorrectly shown as being in technical preview when you create a new rule. For more information, check (https://github.com/elastic/docs-content/issues/1021)[#1021]. +On April 8, 2025, it was discovered that alert suppression for event correlation rules is incorrectly shown as being in technical preview when you create a new rule. For more information, check https://github.com/elastic/docs-content/issues/1021[#1021]. ==== // end::known-issue[] From d0270fbf0da1d6bfdef9910c3bb79d589688aa02 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Mon, 5 May 2025 15:42:40 -0400 Subject: [PATCH 11/11] Adds one more version --- docs/release-notes/8.18.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.18.asciidoc b/docs/release-notes/8.18.asciidoc index 14c5218881..b1bcc43360 100644 --- a/docs/release-notes/8.18.asciidoc +++ b/docs/release-notes/8.18.asciidoc @@ -78,7 +78,7 @@ When you install an {elastic-defend} integration or a new agent policy for this To resolve this issue, before you add an {elastic-defend} integration to a policy in {fleet}, apply any pending prebuilt rule updates. This will prevent rule actions, exceptions, and customizations from being overwritten. *Resolved* + -This issue is fixed in {stack} versions 8.17.6 and 8.18.1. +This issue is fixed in {stack} versions 8.17.6, 8.18.1, and 9.0.1. ==== // end::known-issue[]