A security update for New Relic’s Java agent fixes a vulnerability where the agent could unintentionally capture full SQL queries when SQL obfuscation is enabled.
New Relic’s Java agent can be configured to obfuscate SQL query information. This setting is forced when high security mode is enabled. New Relic has found that, when an exception is thrown during the query, full SQL query information may still be captured as part of the error trace when SQL obfuscation is enabled. A fix has been made to disable the collection of this information during error collection. Customers are encouraged to upgrade to the latest version of the Java agent.