Any information regarding potential exposures in New Relic re: OpenSSL v3.x?

Just curious if anyone’s seen New Relic post anything official on their mitigations / exposure to any of the new OpenSSL 3.x CWEs.

1 Like

Hi @jharris4

Thanks for reaching out, I hope you are well.

New Relic is actively investigating the recently announced vulnerabilities impacting the OpenSSL cryptographic library (CVE-2022-3602, CVE-2022-3786) to determine if this issue presents any risks to our products and services. We will provide updates as they are available.

Keeping customers secure is New Relic’s top priority. We have a well-established vulnerability detection and response program that monitors and analyses multiple sources of threat intelligence for all relevant risks. Potential vulnerabilities are assessed for impact and severity, and remediated as appropriate.

To receive security notifications from New Relic in the future, please subscribe to New Relic’s Security notifications community channel or RSS feed and New Relic’s blog.

For any further support needs, please visit us at support.newrelic.com.