In the past, New Relic has reached out directly to the affected users when security issues were discovered and patched in our agents.
To help empower users to decide for themselves how to move forward, and to significantly lower the mean time to resolution, the New Relic Product Security team is now publishing Security Bulletins related to upcoming agent releases.
These bulletins will be a single source of truth for any agent security issues. Like CVEs, they include the affected versions, the remediated versions, and any alternative steps that can be taken to mitigate the issue.
The first Security Bulletins include information about security updates for New Relic's .NET and Node.js agents. You can find the index of all bulletins on the new Security Bulletins documentation page. You can also subscribe to bulletins, via the RSS feed
Please note: To find out if you are using an affected agent, check the log file. Several pertinent details are listed there such as the version, the host, process ID, the port that the agent is using to report, etc.