elastic · nastasha-solomon · Jan 21, 2025 · Jan 6, 2025 · Jan 6, 2025 · Jan 8, 2025
@@ -4,6 +4,7 @@
 This section summarizes the changes in each release.
 
 * <<release-notes-8.17.0, {elastic-sec} version 8.17.0>>
+* <<release-notes-8.16.3, {elastic-sec} version 8.16.3>>
 * <<release-notes-8.16.2, {elastic-sec} version 8.16.2>>
 * <<release-notes-8.16.1, {elastic-sec} version 8.16.1>>
 * <<release-notes-8.16.0, {elastic-sec} version 8.16.0>>

@@ -1,6 +1,28 @@
 [[release-notes-header-8.16.0]]
 == 8.16
 
+[discrete]
+[[release-notes-8.16.3]]
+=== 8.16.3
+
+[discrete]
+[[bug-fixes-8.16.3]]
+==== Bug fixes
+
+* Fixes Integration and Datastream name validation ({kibana-pull}204943[#204943]).
+* Improves how the rule query field handles whitespace for long pre-formatted texts. This fix only applies to Firefox, not Chrome or Safari ({kibana-pull}203993[#203993]).
+* Adds role-based access control to the Automatic Import APIs ({kibana-pull}203882[#203882]).
+* Changes the validation for API responses from SentinelOne and Crowdstrike. This fix allows for non-JSON responses, such as stream, to be returned ({kibana-pull}203820[#203820]).
+* Fixes a bug that caused a warning to display when you modified the index patterns of a rule that had a filter using `AND` or `OR` conditions ({kibana-pull}201776[#201776]).
+* Fixes incompatibility issues with {elastic-defend}. In 8.16.2 and 8.17.0, a portion of the Windows kernel driver was refactored to work around an incompatibility with CrowdStrike Falcon which could result in a `CRITICAL_PROCESS_DIED` bugcheck. It was discovered that this incompatibility could also be triggered by Memory Protection, so a portion of the kernel driver was refactored to avoid this conflict.
++
+Affected users who are unable to upgrade should set one or both of the following in their {elastic-defend} advanced policy, depending on their version:
+
+** `windows.advanced.events.process.creation_flags: false` (8.13.0 - 8.16.1)
+** `windows.advanced.memory_protection.shellcode_trampoline_detection: false` (8.12.0 - 8.16.2)
+* Fixes an {elastic-defend} bug that could cause the Windows API event call stack enrichment to fail for processes that started before {elastic-defend} and if another security product was present and hooking system DLLs.
+* Fixes an {elastic-defend} bug that caused Windows API events involving `mswsock.dll` to be mislabeled with the `proxy_call` behavior.
+
 [discrete]
 [[release-notes-8.16.2]]
 === 8.16.2
@@ -19,7 +41,7 @@
 * Fixes a bug that caused an entity engine to get stuck in the `Installing` status if the default Security data view didn't exist. With this fix, engines now correctly report the `Error` state ({kibana-pull}201140[#201140]).
 * Fixes an issue that prevented you from successfully importing TSV files with asset criticality data if you're on Windows ({kibana-pull}199791[#199791]).
 * Improves {elastic-defend} by refactoring the kernel driver to work around a `CRITICAL_PROCESS_DIED` bug check (BSOD) that can occur due to a conflict with CrowdStrike Falcon.
-* Fixes an {elastic-defend} bug that prevented {elastic-sec} from launching when you clicked the **Open Elastic Security** button in the Window Security Center.
+* Fixes an {elastic-defend} bug that caused the **Open Elastic Security** button in the Windows Security Center to be non-functional. Now, you're informed that {elastic-defend} is managed by your system administrator.
 
 [discrete]
 [[release-notes-8.16.1]]