Merge branch '8.16' into backport/8.16/pr-196945

.buildkite/pipelines/flaky_tests/groups.json

@@ -87,6 +87,14 @@
     {
       "key": "cypress/apm_cypress",
       "name": "APM - Cypress"
+    },
+    {
+      "key": "cypress/cloud_security_posture",
+      "name": "Cloud Security Posture - Cypress"
+    },
+    {
+      "key": "cypress/cloud_security_posture_serverless",
+      "name": "[Serverless] Cloud Security Posture - Cypress"
     }
   ]
 }

.buildkite/pipelines/pull_request/security_solution/cloud_security_posture.yml

@@ -0,0 +1,30 @@
+steps:
+  - command: .buildkite/scripts/steps/functional/cloud_security_posture.sh
+    label: 'Cloud Security Posture Cypress Tests'
+    agents:
+      machineType: n2-standard-4
+      preemptible: true
+    depends_on:
+      - build
+      - quick_checks
+    timeout_in_minutes: 60
+    parallelism: 1
+    retry:
+      automatic:
+        - exit_status: '-1'
+          limit: 1
+
+  - command: .buildkite/scripts/steps/functional/cloud_security_posture_serverless.sh
+    label: 'Cloud Security Posture Cypress Tests on Serverless'
+    agents:
+      machineType: n2-standard-4
+      preemptible: true
+    depends_on:
+      - build
+      - quick_checks
+    timeout_in_minutes: 60
+    parallelism: 1
+    retry:
+      automatic:
+        - exit_status: '-1'
+          limit: 1

.buildkite/scripts/pipelines/pull_request/pipeline.ts

@@ -298,6 +298,22 @@ const getPipeline = (filename: string, removeSteps = true) => {
       );
     }
 
+    if (
+      (await doAnyChangesMatch([
+        /^x-pack\/packages\/kbn-cloud-security-posture/,
+        /^x-pack\/plugins\/cloud_security_posture/,
+        /^x-pack\/plugins\/security_solution/,
+        /^x-pack\/test\/security_solution_cypress/,
+      ])) ||
+      GITHUB_PR_LABELS.includes('ci:all-cypress-suites')
+    ) {
+      pipeline.push(
+        getPipeline(
+          '.buildkite/pipelines/pull_request/security_solution/cloud_security_posture.yml'
+        )
+      );
+    }
+
     pipeline.push(getPipeline('.buildkite/pipelines/pull_request/post_build.yml'));
 
     // remove duplicated steps

.buildkite/scripts/steps/functional/cloud_security_posture.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+source .buildkite/scripts/steps/functional/common.sh
+
+export JOB=kibana-cloud-security-posture-cypress
+export KIBANA_INSTALL_DIR=${KIBANA_BUILD_LOCATION}
+
+echo "--- Cloud Security Posture Workflows Cypress tests"
+
+cd x-pack/test/security_solution_cypress
+
+set +e
+
+yarn cypress:cloud_security_posture:run:ess; status=$?; yarn junit:merge || :; exit $status

.buildkite/scripts/steps/functional/cloud_security_posture_serverless.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+source .buildkite/scripts/steps/functional/common.sh
+
+export JOB=kibana-cloud-security-posture-serverless-cypress
+export KIBANA_INSTALL_DIR=${KIBANA_BUILD_LOCATION}
+
+echo "--- Cloud Security Posture Workflows Cypress tests on Serverless"
+
+cd x-pack/test/security_solution_cypress
+
+set +e
+
+yarn cypress:cloud_security_posture:run:serverless; status=$?; yarn junit:merge || :; exit $status

docs/CHANGELOG.asciidoc

@@ -10,6 +10,7 @@
 
 Review important information about the {kib} 8.x releases.
 
+* <<release-notes-8.15.3>>
 * <<release-notes-8.15.2>>
 * <<release-notes-8.15.1>>
 * <<release-notes-8.15.0>>
@@ -76,6 +77,44 @@ Review important information about the {kib} 8.x releases.
 
 include::upgrade-notes.asciidoc[]
 
+[[release-notes-8.15.3]]
+== {kib} 8.15.3
+
+The 8.15.3 release includes the following bug fixes.
+
+[float]
+[[fixes-v8.15.3]]
+=== Bug fixes
+Alerting::
+* Fixes a storage configuration error that could prevent the Stack Management > Alerts page from loading correctly ({kibana-pull}194785[#194785]).
+* Fixes a bug preventing certain alerts with Role visibility set to "Stack Rules" from being shown on the Stack Management page ({kibana-pull}194615[#194615]).
+* Fixes an issue where rules created from Discover before version 8.11.0 could no longer be accessed after upgrading ({kibana-pull}192321[#192321]).
+Dashboards::
+* Fixes an issue where the `embed=true` parameter was missing when sharing a dashboard with the Embed code option ({kibana-pull}194366[#194366]).
+Discover::
+* Fixes an issue with the document viewer panel not opening in focus mode ({kibana-pull}191039[#191039]).
+Elastic Observability solution::
+* Fixes the OpenTelemetry guided onboarding for MacOS with x86_64 architectures ({kibana-pull}194915[#194915]).
+* Fixes a bug where the SLO creation form was allowing multiple values for timestamp fields ({kibana-pull}194311[#194311]).
+Elastic Search solution::
+* Fixes a bug with the https://www.elastic.co/guide/en/enterprise-search/8.15/connectors-network-drive.html[Network Drive connector] where advanced configuration fields were not displayed for CSV file role mappings with `Drive Type: Linux` selected ({kibana-pull}195567[#195567]).
+Elastic Security solution::
+For the Elastic Security 8.15.3 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_].
+Kibana security::
+* Automatic Import no longer asks the LLM to map fields to reserved ECS fields ({kibana-pull}195168[#195168]).
+* Automatic Import no longer returns an "Invalid ECS field" message when the ECS mapping slightly differs from the expected format. For example `date_format` instead of `date_formats` ({kibana-pull}195167[#195167]).
+* Fixes an issue that was causing the Grok processor to return non-ECS compatible fields when processing structured or unstructured syslog samples in Automatic Import ({kibana-pull}194727[#194727]).
+* Fixes the integrationName when uploading a new version of an existing integration using a ZIP upload ({kibana-pull}194298[#194298]).
+* Fixes a bug that caused the Deploy step of Automatic Import to fail after a pipeline was edited and saved ({kibana-pull}194203[#194203]).
+* Fixes an issue in the Kibana Management > Roles page where users could not sort the table by clicking the column headers ({kibana-pull}194196[#194196]).
+Lens & Visualizations::
+* Fixes an issue where the legend label truncation setting wasn't working properly for heat maps in Lens ({kibana-pull}195928[#195928]).
+Machine Learning::
+* Fixes an issue preventing Anomaly swim lane panels from updating on query changes ({kibana-pull}195090[#195090]).
+* Fixes an issue that could cause the "rows per page" option to disappear from the Anomaly timeline view in the Anomaly Explorer ({kibana-pull}194531[#194531]).
+* Fixes an issue causing screen flickering on the Results Explorer and Analytics Map pages when no jobs are available ({kibana-pull}193890[#193890]).
+
+
 [[release-notes-8.15.2]]
 == {kib} 8.15.2
 

docs/spaces/index.asciidoc

@@ -2,87 +2,77 @@
 [[xpack-spaces]]
 == Spaces
 
-Spaces enable you to organize your dashboards and other saved
-objects into meaningful categories. Once inside a space, you see only
-the dashboards and saved objects that belong to that space.
+You can define multiple spaces in a single {kib} instance from the **Spaces** menu. Each space has its own navigation and saved objects, and users can only access the spaces that they have been granted access to. This access is based on user roles, and a given role can have different permissions per space.
 
 {kib} creates a default space for you.
-After you create your own
-spaces, you're asked to choose a space when you log in to {kib}. You can change your
-current space at any time by using the menu.
+When you create more spaces, users are asked to choose a space when they log in to {kib}, and can change their
+current space at any time from the top menu.
 
 [role="screenshot"]
 image::images/change-space.png["Change current space menu"]
 
+To go to **Spaces**, find **Stack Management** in the navigation menu or use the <<kibana-navigation-search,global search bar>>.
+
 [float]
-==== Required privileges
+=== Required privileges
 
 The `kibana_admin` role or equivalent is required to manage **Spaces**.
 
 [float]
 [[spaces-managing]]
-=== View, create, and delete spaces
-
-Open the main menu, then click *Stack Management > Spaces* for an overview of your spaces.  This view provides actions
-for you to create, edit, and delete spaces.
-
-[role="screenshot"]
-image::images/space-management.png["Space management"]
+=== Create a space
 
-[float]
-==== Create or edit a space
-
-You can create as many spaces as you like. Click *Create a space* and provide a name,
-URL identifier, optional description.
+[[spaces-control-feature-visibility]]
+You can have up to 100 spaces. 
 
+. Select *Create space* and provide a name, description, and URL identifier.
++
 The URL identifier is a short text string that becomes part of the
 {kib} URL when you are inside that space. {kib} suggests a URL identifier based
 on the name of your space, but you can customize the identifier to your liking.
 You cannot change the space identifier once you create the space.
 
-{kib} also has an <<spaces-api, API>>
-if you prefer to create spaces programmatically.
+. Select a **Solution view**. This setting controls the navigation that all users of the space will get:
 
-[role="screenshot"]
-image::images/edit-space.png["Space management"]
+** **Search**: A light navigation menu focused on analytics and Search use cases. Features specific to Observability and Security are hidden.
+** **Observability**: A light navigation menu focused on analytics and Observability use cases. Features specific to Search and Security are hidden.
+** **Security**: A light navigation menu focused on analytics and Security use cases. Features specific to Observability and Search are hidden.
+** **Classic**: All features from all solutions are visible by default using the classic, multilayered navigation menus. You can customize which features are visible individually. 
 
-[float]
-==== Delete a space
-
-Deleting a space permanently removes the space and all of its contents.
-Find the space on the *Spaces* overview page and click the trash icon in the Actions column.
-You can't delete the default space, but you can customize it to your liking.
+. If you selected the **Classic** solution view, you can customize the **Feature visibility** as you need it to be for that space.
++
+NOTE: Even when disabled in this menu, some Management features can remain visible to some users depending on their privileges. Additionally, controlling feature visibility is not a security feature. To secure access
+to specific features on a per-user basis, you must configure <<xpack-security-authorization, {kib} Security>>.
 
-[float]
-[[spaces-control-feature-visibility]]
-=== Control feature access based on user needs
+. Customize the avatar of the space to your liking.
 
-You have control over which features are visible in each space.
-For example, you might hide *Dev Tools*
-in your "Executive" space or show *Stack Monitoring* only in your "Admin" space.
-You can define which features to show or hide when you add or edit a space.
+. Save your new space by selecting **Create space**.
 
-Controlling feature
-visibility is not a security feature. To secure access
-to specific features on a per-user basis, you must configure
-<<xpack-security-authorization, {kib} Security>>.
+You can edit all of the space settings you just defined at any time, except for the URL identifier.
 
-[role="screenshot"]
-image::images/edit-space-feature-visibility.png["Controlling features visibility"]
+{kib} also has an <<spaces-api, API>>
+if you prefer to create spaces programmatically.
 
 [float]
 [[spaces-control-user-access]]
-=== Control feature access based on user privileges
+=== Define access to a space
 
-When using {kib} with security, you can configure applications and features
-based on your users’ privileges. This means different roles can have access
-to different features in the same space.
-Power users might have privileges to create and edit visualizations and dashboards,
-while analysts or executives might have read-only privileges for *Dashboard* and *Canvas*.
-Refer to <<adding_kibana_privileges>> for details.
+Users can access spaces based on the roles that they have. 
 
-[role="screenshot"]
-image::images/spaces-roles.png["Controlling features visibility"]
+* Certain reserved roles can view and access all spaces by default. You can't prevent those roles from accessing a space. Instead, you can grant different roles to your users.
+* When <<kibana-role-management,creating or editing a role>>, you can define which existing spaces that role can access, and with which permissions.
+* When editing a space, you can assign roles to the space and define the permissions within the space for these roles. To do that, go to the **Permissions** tab of the space you're editing.
++
+When a role is assigned to _All Spaces_, you can't remove its access from the space settings. You must instead edit the role to give it more granular access to individual spaces.
+
+[float]
+=== Delete a space
+
+Deleting a space permanently removes the space and all of its contents.
+Find the space on the *Spaces* overview page and click the trash icon in the Actions column.
+You can't delete the default space, but you can customize it to your liking.
+
+//[[spaces-control-feature-visibility]]
 
 [float]
 [[spaces-moving-objects]]
@@ -107,6 +97,6 @@ image::images/spaces-configure-landing-page.png["Configure space-level landing p
 
 [float]
 [[spaces-delete-started]]
-=== Disabling spaces
+=== Disable spaces
 
-Starting in {kib} 8.0, the Spaces feature cannot be disabled.
+Since {kib} 8.0, the Spaces feature cannot be disabled.

packages/core/http/core-http-router-server-internal/src/router.test.ts

@@ -54,6 +54,10 @@ describe('Router', () => {
             discontinued: 'post test discontinued',
             summary: 'post test summary',
             description: 'post test description',
+            availability: {
+              since: '1.0.0',
+              stability: 'experimental',
+            },
           },
         },
         (context, req, res) => res.ok()
@@ -72,6 +76,10 @@ describe('Router', () => {
           discontinued: 'post test discontinued',
           summary: 'post test summary',
           description: 'post test description',
+          availability: {
+            since: '1.0.0',
+            stability: 'experimental',
+          },
         },
       });
     });

packages/core/http/core-http-router-server-internal/src/versioned_router/core_versioned_route.test.ts

@@ -52,6 +52,46 @@ describe('Versioned route', () => {
     jest.clearAllMocks();
   });
 
+  describe('#getRoutes', () => {
+    it('returns the expected metadata', () => {
+      const versionedRouter = CoreVersionedRouter.from({ router });
+      versionedRouter
+        .get({
+          path: '/test/{id}',
+          access: 'public',
+          options: {
+            httpResource: true,
+            availability: {
+              since: '1.0.0',
+              stability: 'experimental',
+            },
+            excludeFromOAS: true,
+            tags: ['1', '2', '3'],
+          },
+          description: 'test',
+          summary: 'test',
+          enableQueryVersion: false,
+        })
+        .addVersion({ version: '2023-10-31', validate: false }, handlerFn);
+
+      expect(versionedRouter.getRoutes()[0].options).toMatchObject({
+        access: 'public',
+        enableQueryVersion: false,
+        description: 'test',
+        summary: 'test',
+        options: {
+          httpResource: true,
+          availability: {
+            since: '1.0.0',
+            stability: 'experimental',
+          },
+          excludeFromOAS: true,
+          tags: ['1', '2', '3'],
+        },
+      });
+    });
+  });
+
   it('can register multiple handlers', () => {
     const versionedRouter = CoreVersionedRouter.from({ router });
     versionedRouter
@@ -133,14 +173,15 @@ describe('Versioned route', () => {
     const opts: Parameters<typeof versionedRouter.post>[0] = {
       path: '/test/{id}',
       access: 'internal',
+      summary: 'test',
+      description: 'test',
       options: {
         authRequired: true,
         tags: ['access:test'],
         timeout: { payload: 60_000, idleSocket: 10_000 },
         xsrfRequired: false,
         excludeFromOAS: true,
         httpResource: true,
-        summary: `test`,
       },
     };