Skip to content

[Security] 9.0.6 release notes #2649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
+14 −0
Open

[Security] 9.0.6 release notes #2649

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
77d5a1c
[Security] 9.0.6 release notes
natasha-moore-elastic Aug 21, 2025
524c555
Update release-notes/elastic-security/index.md
natasha-moore-elastic Aug 21, 2025
55f2a60
Apply suggestions from code review
natasha-moore-elastic Aug 26, 2025
c789d23
formatting fixes
natasha-moore-elastic Aug 26, 2025
5913069
tweaks
natasha-moore-elastic Aug 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions release-notes/elastic-security/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,20 @@ To check for security updates, go to [Security announcements for the Elastic sta
* Fixes a bug in {{elastic-defend}} where Linux network events would have source and destination byte counts swapped.
* Fixes an issue where {{elastic-defend}} may incorrectly set the artifact channel in policy responses, and adds `manifest_type` to policy responses.

## 9.0.6 [elastic-security-9.0.6-release-notes]

### Features and enhancements [elastic-security-9.0.6-features-enhancements]
* Improves the reliability of {{elastic-defend}}'s connection to its kernel driver. This should reduce the instances of temporary `DEGRADED` policy statuses at boot due to `connect_kernel` failures.
* Improves {{elastic-defend}} malware scan queue efficiency by not blocking scan requests when an oplock for the file being scanned cannot be acquired.
* To help identify which parts of `elastic-endpoint.exe` are using a significant amount of CPU, {{elastic-defend}} on Windows can now include CPU profiling data in diagnostics. To request CPU profiling data using the command line, refer to [{{agent}} command reference](/reference/fleet/agent-command-reference.md#_options). To request CPU profiling data using {{kib}}, check the **Collect additional CPU metrics** box when requesting {{agent}} diagnostics.
* Enriches {{elastic-defend}} macOS network connect events with `network.direction`. Possible values are `ingress` and `egress`.

### Fixes [elastic-security-9.0.6-fixes]
* Prevents the {{esql}} form from locking in read-only mode in the rule upgrade flyout [#231699]({{kib-pull}}231699).
* Fixes a bug in {{elastic-defend}} where the `fqdn` feature flag was not being persisted across system/endpoint restarts.
* Fix a race condition in {{elastic-defend}} that occasionally resulted in corrupted process command lines on Windows. This could cause incorrect values for `process.command_line`, `process.args_count` and `process.args`, leading to false positives.
* Fixes a bug in {{elastic-defend}} where Linux endpoints would report `process.executable` as a relative, instead of absolute, path.

## 9.0.5 [elastic-security-9.0.5-release-notes]

### Features and enhancements [elastic-security-9.0.5-features-enhancements]
Expand Down
Loading