Big thanks to our .NET agent team for quickly resolving and releasing a security fix for the .NET agent. Continue reading If you are using .NET agent 6.8.172 or greater with WCF applications.
New Relic’s .NET Agent version 188.8.131.52 added visibility into Error Analytics. By default the agent will capture error events, and with WCF applications this is captured as event type TransactionError. New Relic has found that the service.request.* attributes may contain sensitive information that should not be sent to New Relic. A fix has been made to disable the collection of these parameters during the error collection. Customers are encouraged to upgrade to the latest version of the .NET agent.
Only .NET agents with Error Analytics and WCF applications are affected.
All service request attributes are disabled in High Security Mode.
For more details see Security Bulletin NR17-04