Security guidance for New Relic customers related to Apache Log4j vulnerabilities

New Relic has released Java Agent and Containerized Private Minion updates to address a critical vulnerability in the open-source Apache Log4j framework that was publicly disclosed on December 9, 2021, as well as an additional, low-risk vulnerability disclosed on December 14, 2021. The critical vulnerability (CVE-2021-44228) can be exploited to allow malicious actors to control systems remotely or exfiltrate data. As a valued New Relic customer, we want to provide you with more information about the vulnerability, what New Relic is doing to protect our systems against this vulnerability, and steps you can take to protect your organization from this issue.

Please see our blog post for more details, including our recommendation remediation path.