On April 7, 2014 the OpenSSL Project released an update to address a critical vulnerability known as Heartbleed (CVE-2014-0160). This vulnerability, which affects multiple sites across the Internet, could be remotely exploited to leak sensitive information.
Action by New Relic
New Relic has reviewed all of our sites and applications, and we have determined that the majority of our sites, including www.newrelic.com, rpm.newrelic.com, and insights.newrelic.com are not vulnerable to this issue. New Relic did discover that the Documentation site (docs.newrelic.com) was vulnerable. This has now been patched, and the SSL certificate has been replaced.
Change your password
New Relic has no evidence that any customer data (including user names and passwords) was exposed. However, if you have any concerns about your account's protection, you should change your password.
This procedure is for users who sign in directly to New Relic APM and do not have partner accounts or SAML SSO enabled accounts:
- Go to rpm.newrelic.com > (account dropdown) > User preferences.
- Type your Current password.
- Type your new Password (meeting minimum requirements), and then re-type the new password in Password confirmation.
- Select Save user preferences.
- Regenerate your API key.
For more help
Additional documentation resources include:
- Security and trust.newrelic.com/ (overview of New Relic's security measures)
- Changing passwords and user preferences (procedures for users to update their own information from (account) > User preferences, including email, password, default account, etc.)
- REST API key (procedures to create, copy, or regenerate a REST API key from the New Relic user interface)