[Security] 9.0.3 release notes (#1786)

natasha-moore-elastic · nastasha-solomon · web-flow · commit 9b057456bc1b · 2025-06-24T10:16:45.000Z
Resolves #1649: adds the 9.0.3 Security and Elastic Defend release notes. --------- Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md
@@ -27,6 +27,21 @@ To check for security updates, go to [Security announcements for the Elastic sta
 
 % *
 
+## 9.0.3 [elastic-security-9.0.3-release-notes]
+
+### Features and enhancements [elastic-security-9.0.3-features-enhancements]
+* Adds `dns` event collection for macOS for {{elastic-defend}} [#223566]({{kib-pull}}223566).
+* Adds pricing information about Elastic Managed LLM in AI Assistant and Attack Discovery tours and callouts [#221566]({{kib-pull}}221566).
+* Adds support for DNS events on macOS. Events can be controlled from the policy using the **DNS events** checkbox.
+
+### Fixes [elastic-security-9.0.3-fixes]
+* Fixes a bug where OSS models didn’t work when streaming was ON [#224129]({{kib-pull}}224129).
+* Fixes a bug where cell actions didn’t work when opening a Timeline from specific rules [#223306]({{kib-pull}}223306).
+* Fixes an issue where the entity risk score feature stopped persisting risk score documents [#221937]({{kib-pull}}221937).
+* Fixes a bug where the **Rules**, **Alerts**, and **Fleet** pages would stall in air-gapped environments by ensuring API requests are sent even when offline [#220510]({{kib-pull}}220510).
+* Ensures the Amazon Bedrock connector respects the action proxy configuration [#224130]({{kib-pull}}224130).
+* Ensures the OpenAI connector respects the action proxy configuration for all sub-actions [#219617]({{kib-pull}}219617).
+
 ## 9.0.2 [elastic-security-9.0.2-release-notes]
 
 ### Features and enhancements [elastic-security-9.0.2-features-enhancements]
diff --git a/release-notes/elastic-security/known-issues.md b/release-notes/elastic-security/known-issues.md
@@ -53,6 +53,10 @@ PUT /_ingest/pipeline/entity_analytics_create_eventIngest_from_timestamp-pipelin
 
 After you complete this step, risk scores should automatically begin to successfully persist during the entity risk engine's next run. Details for the next run time are described on the **Entity risk score** page, where you can also manually run the risk score by clicking **Run Engine**. 
 
+**Resolved**<br> 
+
+Resolved in {{stack}} 9.0.3
+
 :::
 
 :::{dropdown} Installing an {{elastic-defend}} integration or a new agent policy upgrades installed prebuilt rules, reverting user customizations and overwriting user-added actions and exceptions
