Your data. Anywhere you go.

New Relic for iOS or Android


Download on the App Store    Android App on Google play


New Relic Insights App for iOS


Download on the App Store


Learn more

Close icon

Security Update: NR17-04 for .NET Agent

dotnet
security
wcf
security-update

#1

Big thanks to our .NET agent team for quickly resolving and releasing a security fix for the .NET agent. Continue reading If you are using .NET agent 6.8.172 or greater with WCF applications.

Vulnerability information

New Relic’s .NET Agent version 6.8.172.0 added visibility into Error Analytics. By default the agent will capture error events, and with WCF applications this is captured as event type TransactionError. New Relic has found that the service.request.* attributes may contain sensitive information that should not be sent to New Relic. A fix has been made to disable the collection of these parameters during the error collection. Customers are encouraged to upgrade to the latest version of the .NET agent.

Mitigating factors

Only .NET agents with Error Analytics and WCF applications are affected.
All service request attributes are disabled in High Security Mode.

For more details see Security Bulletin NR17-04