[Security] 9.2.6 release notes

[natasha-moore-elastic]

Summary

Resolves #5100: adds the 9.2.6 Security release notes. No Endpoint release notes were picked up by the release notes tool.

Generative AI disclosure

1. Did you use a generative AI (GenAI) tool to assist in creating this contribution?

• Yes
• No

Tool(s) and model(s) used:
Cursor, claude-4.5-opus-high

[github-actions]

✅ Vale Linting Results

No issues found on modified lines!

---

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

[github-actions]

🔍 Preview links for changed docs

• release-notes/elastic-security/index.md

[jonwalstedt]

LGTM (#251962, #251656)

[paul-tavares]

👍

[gabriellandau]

Did you use a generative AI (GenAI) tool to assist in creating this contribution?
Yes

Can we give the LLM read-only access to the endpoint-staging-bc-builds pipeline and tell it to pull Defend's release notes from the latest BC?

This python script shows how to do it with the buildkite CLI tool:

C:\git>py get_defend_release_notes.py 9.2.6
# Build Candidate for Elastic Defend 9.2.6

## Release Notes

### Features and enhancements [elastic-security-9.2.6-features-enhancements]

### Fixes [elastic-security-9.2.6-fixes]
* Fixes a DNS parsing bug in Linux versions of {{elastic-defend}} that could result in crashes.

Script:

#!/usr/bin/env python3
"""Fetch release notes for a given Elastic Defend BC version."""
import json, os, shutil, subprocess, sys

PIPE = "endpoint-staging-bc-builds"

def _bk_json(*args):
    return json.loads(subprocess.check_output(["bk", *args, "-o", "json"]))

def get_defend_release_notes(version):
    branch = ".".join(version.split(".")[:2])

    builds = _bk_json("build", "list", "-p", PIPE, "--branch", branch,
                       "--state", "passed", "--since", "168h")
    build = next((b for b in builds if version in b.get("message", "")), None)
    if not build:
        raise LookupError(f"No passed build found for {version}")

    detail = _bk_json("build", "view", str(build["number"]), "-p", PIPE)
    job = next((j for j in detail.get("jobs", [])
                if "Generate Release Notes" in j.get("name", "")), None)
    if not job:
        raise LookupError(f"No 'Generate Release Notes' job in build {build['number']}")

    artifacts = _bk_json("artifacts", "list", str(build["number"]),
                          "-p", PIPE, "--job", job["id"])
    note = next((a for a in artifacts if "release_notes" in a.get("filename", "")), None)
    if not note:
        raise LookupError(f"No release_notes artifact in job {job['id']}")

    result = subprocess.run(["bk", "artifacts", "download", note["id"]],
                            check=True, capture_output=True, text=True)
    for line in (result.stdout + result.stderr).splitlines():
        if "Downloaded artifact to:" in line:
            download_path = line.split("Downloaded artifact to:", 1)[1].strip()
            break
    else:
        raise RuntimeError("Could not determine downloaded artifact path")

    try:
        file_path = download_path
        if os.path.isdir(download_path):
            file_path = os.path.join(download_path, note.get("filename", "release_notes.md"))
        with open(file_path) as f:
            return f.read()
    finally:
        if os.path.isdir(download_path):
            shutil.rmtree(download_path)
        elif os.path.exists(download_path):
            os.remove(download_path)

if __name__ == "__main__":
    print(get_defend_release_notes(sys.argv[1]))

[natasha-moore-elastic]

Hey @gabriellandau, there's a docs-wide initiative to revamp our release notes generation process led by @lcawl – would you mind sharing your input around Endpoint release notes in #tmp-release-notes-automation 🙏

[nikitaindik]

Thanks! 👍 Rule Management team owned updates LGTM.

[gabriellandau]

Hey @gabriellandau, there's a docs-wide initiative to revamp our release notes generation process led by @lcawl – would you mind sharing your input around Endpoint release notes in #tmp-release-notes-automation 🙏

Done