diff --git a/CHANGES b/CHANGES
index cbb17ecab9..46b0bafd8a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,14 @@
+8.0.0-dev.168 | 2025-05-21 13:38:46 +0200
+
+  * http/detect-sql-injection: Fix zeekygen comment (Arne Welzel, Corelight)
+
+        Discarded extraneous Zeekygen comment: $src field; and always provides a victim IP address in the $dst field.
+
+  * btest/coverage/test-all-policy-zeekygen: Load test-all-policy with zeekygen enabled (Arne Welzel, Corelight)
+
+    There should not be warnings produced. The default ZEEK_DISABLE_ZEEKYGEN=1
+    setting in the btest configuration hid some issues previously.
+
 8.0.0-dev.164 | 2025-05-20 12:02:09 -0700
 
   * Add extra input files to ftp fuzzer corpus (Tim Wojtulewicz, Corelight)
diff --git a/VERSION b/VERSION
index 705f0b5836..06b0544970 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-8.0.0-dev.164
+8.0.0-dev.168
diff --git a/scripts/policy/protocols/http/detect-sql-injection.zeek b/scripts/policy/protocols/http/detect-sql-injection.zeek
index cb3ce31074..0c2e64311f 100644
--- a/scripts/policy/protocols/http/detect-sql-injection.zeek
+++ b/scripts/policy/protocols/http/detect-sql-injection.zeek
@@ -1,8 +1,8 @@
 ##! SQL injection attack detection in HTTP.
-
-## The script annotates the notices it generates with an associated $uid
-## connection identifier; always provides an attacker IP address in the
-## $src field; and always provides a victim IP address in the $dst field.
+##!
+##! The script annotates the notices it generates with an associated $uid
+##! connection identifier; always provides an attacker IP address in the
+##! $src field; and always provides a victim IP address in the $dst field.
 
 @load base/frameworks/notice
 @load base/frameworks/sumstats
diff --git a/testing/btest/Baseline/coverage.test-all-policy-zeekygen/.stderr b/testing/btest/Baseline/coverage.test-all-policy-zeekygen/.stderr
new file mode 100644
index 0000000000..49d861c74c
--- /dev/null
+++ b/testing/btest/Baseline/coverage.test-all-policy-zeekygen/.stderr
@@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
diff --git a/testing/btest/Baseline/coverage.test-all-policy-zeekygen/.stdout b/testing/btest/Baseline/coverage.test-all-policy-zeekygen/.stdout
new file mode 100644
index 0000000000..49d861c74c
--- /dev/null
+++ b/testing/btest/Baseline/coverage.test-all-policy-zeekygen/.stdout
@@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
diff --git a/testing/btest/coverage/test-all-policy-zeekygen.test b/testing/btest/coverage/test-all-policy-zeekygen.test
new file mode 100644
index 0000000000..f7dfbc3446
--- /dev/null
+++ b/testing/btest/coverage/test-all-policy-zeekygen.test
@@ -0,0 +1,7 @@
+# @TEST-DOC: Enable zeekygen and load test-all-policy, baseline stdout and stderr output for warnings or errors.
+#
+# @TEST-EXEC: unset ZEEK_DISABLE_ZEEKYGEN; zeek %INPUT
+# @TEST-EXEC: btest-diff .stdout
+# @TEST-EXEC: btest-diff .stderr
+
+@load test-all-policy