Log4j-zero-day in New Relic cloud and services

Based on the this article Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package | LunaSec

We are checking all the third parties that we are using and would like to make sure a few things with you also :

  1. If you are exposed to the “log4j-zero-day” issue on the newrelic cloud platform ?
  2. Do you use log4j at all ?
  3. If you do what kind of version of log4j are you using ?
  4. If you are using log4J version 2.0-beta9 - 2.14.1 , we would like to hear if you have any plans to upgrade to version 2.16.0 ?
  5. we are using newrelic log agent do we need to upgrade it ?
  6. we are using newrelic APM on our servers do we need to change something ?

Hi, @playermaker: You may find this post helpful:

1 Like