8.17.2 release notes (#6505)

* First draft * More updates * Removed extra section * Minor change * Adds more endpoint PRs * Update docs/release-notes/8.17.asciidoc Co-authored-by: Gabriel Landau <[email protected]> * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * Adds ki about prebuilt rules * Minor edits --------- Co-authored-by: Gabriel Landau <[email protected]>
elastic · Feb 10, 2025 · 0ceb091 · 0ceb091
1 parent 9a3f6f6
commit 0ceb091
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 0 deletions.
diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc
@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.17.2, {elastic-sec} version 8.17.2>>
 * <<release-notes-8.17.1, {elastic-sec} version 8.17.1>>
 * <<release-notes-8.17.0, {elastic-sec} version 8.17.0>>
 * <<release-notes-8.16.3, {elastic-sec} version 8.16.3>>

diff --git a/docs/release-notes/8.17.asciidoc b/docs/release-notes/8.17.asciidoc
@@ -1,6 +1,75 @@
 [[release-notes-header-8.17.0]]
 == 8.17
 
+[discrete]
+[[release-notes-8.17.2]]
+=== 8.17.2
+
+[discrete]
+[[known-issue-8.17.2]]
+==== Known issues
+
+// tag::known-issue[]
+[discrete]
+.{elastic-sec} crashes on {kib} instances with 1 GB of RAM on {ecloud} deployments
+[%collapsible]
+====
+*Details* +
+Whenever you open a page in {elastic-sec}, there's an attempt to install the {fleet} package with prebuilt rules. If the package hasn't been installed yet, {kib} starts downloading the latest version of it, then crashes with an `Out Of Memory` error. The process will then automatically restart and crash for the same reasons.
+
+This issue was discovered on February 6, 2025.
+
+*Workaround* +
+To resolve this issue, increase {kib}'s RAM to 2 GB.
+
+====
+// end::known-issue[]
+
+// tag::known-issue[]
+[discrete]
+.Duplicate alerts can be produced from manually running threshold rules 
+[%collapsible]
+====
+*Details* +
+On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution.
+====
+// end::known-issue[]
+
+// tag::known-issue[]
+[discrete]
+.Manually running custom query rules with suppression could suppress more alerts than expected
+[%collapsible]
+====
+*Details* +
+On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts. 
+====
+// end::known-issue[]
+
+[discrete]
+[[features-8.17.2]]
+==== New features
+* Adds the `advanced.malware.max_file_size_bytes` <<adv-policy-settings,advanced policy setting>>, which allows you to control the maximum file size for malware protection.
+
+[discrete]
+[[enhancements-8.17.2]]
+==== Enhancements
+* Enhances the performance of {elastic-defend} network events monitoring for better CPU utilization and responsiveness.
+
+[discrete]
+[[bug-fixes-8.17.2]]
+==== Bug fixes
+* Ensures that multiple IPs are displayed as individual links in the Alerts table, even if they're passed as a single string ({kibana-pull}209475[#209475]).
+* Fixes an AI Assistant bug that prevented you from selecting different connector types after initially choosing one ({kibana-pull}208969[#208969]).
+* Adds missing fields to Automatic Import's input manifest templates ({kibana-pull}208768[#208768]).
+* Ensures that Automatic Import's structured log template surrounds single backslashes with single quotes when the backslash is used as an escape character ({kibana-pull}209736[#209736]).
+* Adds fields that are missing from Automatic Import's `aws-s3-manifest.yml` file ({kibana-pull}208080[#208080]).
+* Allows {elastic-defend} to detect or prevent malware process or image loads from WebDAV servers.
+* Allows {elastic-defend} to bypass network traffic from other computers when promiscuous mode is enabled on Windows. 
+* Fixes a bug with the `get-file` Endpoint response action. When you used the `get-file` response action to retrieve a Windows Alternate Data Stream, the resulting `.zip` archive  would contain a checksum error that made it unusable by most zip tools.
+* Increases the maximum number of ETW buffers that {elastic-defend} can use.
+* Fixes a bug where {elastic-defend} was omitting MD5 and SHA-1 hashes in events and alerts unless a user had explicitly enabled them using the advanced policy. This 8.17.0 change was not supposed to go live until 8.18.0.
+* Fixes an issue where {elastic-defend} wasn't correctly populating `event.created` for process events on Windows.
+
 [discrete]
 [[release-notes-8.17.1]]
 === 8.17.1