From 0ea1af5f51eef0c0bd1519d6c42c08f0bf19cfea Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Wed, 9 Jul 2025 13:05:34 +0100
Subject: [PATCH 1/4] [Security] 9.0.4 release notes

---
 release-notes/elastic-security/index.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md
index 834ac23021..b67ad2ffb7 100644
--- a/release-notes/elastic-security/index.md
+++ b/release-notes/elastic-security/index.md
@@ -27,6 +27,17 @@ To check for security updates, go to [Security announcements for the Elastic sta
 
 % *
 
+## 9.0.4 [elastic-security-9.0.4-release-notes]
+
+### Features and enhancements [elastic-security-9.0.4-features-enhancements]
+* Improves logging of fatal exceptions in {{elastic-endpoint}}.
+
+### Fixes [elastic-security-9.0.4-fixes]
+* Updates a placeholder and validation message in the **Related Integrations** section of the rule upgrade flyout [#225775]({{kib-pull}}225775).
+* Excludes {{ml}} rules from installation and upgrade checks for users with Basic or Essentials licenses [#224676]({{kib-pull}}224676).
+* Allows using days as a time unit in rule schedules, fixing an issue where durations normalized to days were incorrectly displayed as 0 seconds [#224083]({{kib-pull}}224083).
+* Strips `originId` from connectors before rule import to ensure correct ID regeneration and prevent errors when migrating connector references on rules [#223454]({{kib-pull}}223454).
+
 ## 9.0.3 [elastic-security-9.0.3-release-notes]
 
 ### Features and enhancements [elastic-security-9.0.3-features-enhancements]

From ef5ab641ca3fdb0b82fffd202ccee07e9fdd9722 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Wed, 9 Jul 2025 13:18:01 +0100
Subject: [PATCH 2/4] Adds known issue fix not picked up by RN tool

---
 release-notes/elastic-security/index.md        | 1 +
 release-notes/elastic-security/known-issues.md | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md
index b67ad2ffb7..9acdaf7d7f 100644
--- a/release-notes/elastic-security/index.md
+++ b/release-notes/elastic-security/index.md
@@ -37,6 +37,7 @@ To check for security updates, go to [Security announcements for the Elastic sta
 * Excludes {{ml}} rules from installation and upgrade checks for users with Basic or Essentials licenses [#224676]({{kib-pull}}224676).
 * Allows using days as a time unit in rule schedules, fixing an issue where durations normalized to days were incorrectly displayed as 0 seconds [#224083]({{kib-pull}}224083).
 * Strips `originId` from connectors before rule import to ensure correct ID regeneration and prevent errors when migrating connector references on rules [#223454]({{kib-pull}}223454).
+* Fixes an issue that prevented the AI Assistant Knowledge Base settings UI from displaying [#225033]({{kib-pull}}225033).
 
 ## 9.0.3 [elastic-security-9.0.3-release-notes]
 
diff --git a/release-notes/elastic-security/known-issues.md b/release-notes/elastic-security/known-issues.md
index f8272bffd2..c4d82145fc 100644
--- a/release-notes/elastic-security/known-issues.md
+++ b/release-notes/elastic-security/known-issues.md
@@ -62,6 +62,9 @@ After enabling the Knowledge Base, you can manage entries using the AI Assistant
   }
   ```
 
+**Resolved**<br> 
+
+Resolved in {{stack}} 9.0.4
 :::
 
 :::{dropdown} The entity risk score feature may stop persisting risk score documents

From 98951022a7aeb6d3d5a4b4919d253807a29f69be Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Thu, 10 Jul 2025 15:59:48 +0100
Subject: [PATCH 3/4] adds missing RN

---
 release-notes/elastic-security/index.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md
index 9acdaf7d7f..c63cb5dbcc 100644
--- a/release-notes/elastic-security/index.md
+++ b/release-notes/elastic-security/index.md
@@ -33,6 +33,7 @@ To check for security updates, go to [Security announcements for the Elastic sta
 * Improves logging of fatal exceptions in {{elastic-endpoint}}.
 
 ### Fixes [elastic-security-9.0.4-fixes]
+* Fixes differences between risk scoring preview and persisted risk scores [#226456]({{kib-pull}}226456).
 * Updates a placeholder and validation message in the **Related Integrations** section of the rule upgrade flyout [#225775]({{kib-pull}}225775).
 * Excludes {{ml}} rules from installation and upgrade checks for users with Basic or Essentials licenses [#224676]({{kib-pull}}224676).
 * Allows using days as a time unit in rule schedules, fixing an issue where durations normalized to days were incorrectly displayed as 0 seconds [#224083]({{kib-pull}}224083).

From 104f8cc50d8a304bd12990101ccb2d14af22e7d4 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Fri, 11 Jul 2025 12:35:09 +0100
Subject: [PATCH 4/4] adds missing RNs

---
 release-notes/elastic-security/index.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md
index c63cb5dbcc..67d95a270a 100644
--- a/release-notes/elastic-security/index.md
+++ b/release-notes/elastic-security/index.md
@@ -30,7 +30,7 @@ To check for security updates, go to [Security announcements for the Elastic sta
 ## 9.0.4 [elastic-security-9.0.4-release-notes]
 
 ### Features and enhancements [elastic-security-9.0.4-features-enhancements]
-* Improves logging of fatal exceptions in {{elastic-endpoint}}.
+* Improves logging of fatal exceptions in {{elastic-defend}}.
 
 ### Fixes [elastic-security-9.0.4-fixes]
 * Fixes differences between risk scoring preview and persisted risk scores [#226456]({{kib-pull}}226456).
@@ -39,6 +39,9 @@ To check for security updates, go to [Security announcements for the Elastic sta
 * Allows using days as a time unit in rule schedules, fixing an issue where durations normalized to days were incorrectly displayed as 0 seconds [#224083]({{kib-pull}}224083).
 * Strips `originId` from connectors before rule import to ensure correct ID regeneration and prevent errors when migrating connector references on rules [#223454]({{kib-pull}}223454).
 * Fixes an issue that prevented the AI Assistant Knowledge Base settings UI from displaying [#225033]({{kib-pull}}225033).
+* Fixes a bug in {{elastic-defend}} where Linux network events would fail to load if IPv6 is not supported by the system.
+* Fixes an issue in {{elastic-defend}} that may result in bugchecks (BSODs) on Windows systems with a very high volume of network connections. This issue has only been observed on Windows Server.
+* Fixes an issue where {{elastic-defend}} may incorrectly set the artifact channel in policy responses, and adds `manifest_type` to policy responses.
 
 ## 9.0.3 [elastic-security-9.0.3-release-notes]