Skip to content

[Security] 9.1.7 release notes #3838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Nov 11, 2025
Merged

[Security] 9.1.7 release notes #3838

Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
155b033
[Security] 9.1.7 release notes
natasha-moore-elastic Nov 6, 2025
0771b3b
Apply suggestions from code review
natasha-moore-elastic Nov 7, 2025
7da6f81
Update release-notes/elastic-security/index.md
natasha-moore-elastic Nov 7, 2025
c2dae0b
Merge branch 'main' into sec-rn-9.1.7
natasha-moore-elastic Nov 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions release-notes/elastic-security/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,28 @@ To check for security updates, go to [Security announcements for the Elastic sta
* Fixes an issue in {{elastic-defend}} that could result in a crash if a specified {{ls}} output configuration contained a certificate that couldn't be parsed.


## 9.1.7 [elastic-security-9.1.7-release-notes]

### Features and enhancements [elastic-security-9.1.7-features-enhancements]
* Improves the reliability of Cloud Security Posture (CSP) data by automatically upgrading outdated Misconfiguration and Vulnerabilities data views to the correct versions [#238547]({{kib-pull}}238547).
* Adds more {{elastic-defend}} options to the {{ls}} output, allowing for finer control.
* Improves the accuracy of thread CPU usage reported in {{elastic-defend}} metrics documents.


### Fixes [elastic-security-9.1.7-fixes]
* Fixes entity flyout **Risk contributions** tab link [#241153]({{kib-pull}}241153).
* Fixes a pagination issue with the data table on the **Indicators** page [#241108]({{kib-pull}}241108).
* Fixes a react-query key collision that occurred when two different integration lookups shared the same key, which could cause errors when navigating between pages [#240517]({{kib-pull}}240517).
* Fixes multiple issues searching installed rules by allowing partial matches on rule name and improving special character support [#237496]({{kib-pull}}237496).
* Fixes an issue where rule exception operators could not be cleared when editing a rule exception [#236051]({{kib-pull}}236051).
* Fixes an {{elastic-defend}} issue on Linux by preventing unnecessary locking within malware protection to avoid invalid watchdog firings.
* Fixes issues that could sometimes cause crashes of the {{elastic-defend}} user-mode process on very busy Windows systems.
* Fixes multiple {{elastic-defend}} issues in malware protection for Linux where a deadlock could sometimes occur when containers and autofs were both active.
* Fixes CVE-2025-37735 ([ESA-2025-23](https://discuss.elastic.co/t/elastic-defend-8-19-6-9-1-6-and-9-2-0-security-update-esa-2025-23/383272)) in {{elastic-defend}} on Windows which could allow a low-privilege attacker to delete arbitrary files on the system and potentially escalate privileges to SYSTEM. Windows 11 24H2 includes changes which make this issue harder to exploit.
* Fixes an {{elastic-defend}} bug in Linux event collection where some long-running processes were not enriched.
* Fixes an {{elastic-defend}} issue that could cause the `get-file` and `execute` response actions to fail after many were issued with a single running instance of {{elastic-defend}}.


## 9.1.6 [elastic-security-9.1.6-release-notes]

### Features and enhancements [elastic-security-9.1.6-features-enhancements]
Expand Down