elastic · natasha-moore-elastic · Sep 16, 2025 · Sep 11, 2025 · Sep 11, 2025 · Sep 12, 2025
@@ -15,6 +15,18 @@ Breaking changes can impact your Elastic applications, potentially disrupting no
 % **Action**<br> Steps for mitigating deprecation impact.
 % ::::
 
+## 9.0.7 [elastic-security-900-breaking-changes]
+::::{dropdown} Changes invalid category for Gatekeeper
+
+Changes `event.category` from `security` to `configuration` for Gatekeeper on macOS.
+
+**Impact**<br> Gatekeeper events on macOS are now labeled as `event.category == configuration`.
+
+**Action**<br> If you're deploying custom rules using `event.category == security` on macOS, change the query to `event.category == configuration`.
+
+::::
+
+
 ## 9.0.0 [elastic-security-900-breaking-changes]
 
 ::::{dropdown} Removes legacy security rules bulk endpoints

@@ -157,6 +157,15 @@ To check for security updates, go to [Security announcements for the Elastic sta
 * Fixes a bug in {{elastic-defend}} where Linux network events would have source and destination byte counts swapped.
 * Fixes an issue where {{elastic-defend}} may incorrectly set the artifact channel in policy responses, and adds `manifest_type` to policy responses.
 
+## 9.0.7 [elastic-security-9.0.7-release-notes]
+
+### Fixes [elastic-security-9.0.7-fixes]
+* Prevents users without appropriate privileges from deleting notes [#233948]({{kib-pull}}233948).
+* Fixes a bug that prevented the **MITRE ATT&CK** section from appearing in the alert details flyout [#233805]({{kib-pull}}233805).
+* Updates {{kib}} MITRE ATT&CK data to v17.1 [#231375]({{kib-pull}}231375).
+* Fixes a bug where Linux capabilities were included in {{elastic-endpoint}} network events despite being disabled.
+* Makes the delivery of {{elastic-endpoint}} command line commands more robust. In rare cases, commands could previously fail due to interprocess communication issues.
+
 ## 9.0.6 [elastic-security-9.0.6-release-notes]
 
 ### Features and enhancements [elastic-security-9.0.6-features-enhancements]