On April 7, 2014 the OpenSSL Project released an update to address a critical vulnerability known as Heartbleed (CVE-2014-0160). This vulnerability, which affects multiple sites across the Internet, could be remotely exploited to leak sensitive information.
New Relic has reviewed all of our sites and applications, and we have determined that the majority of our sites, including www.newrelic.com, rpm.newrelic.com, and insights.newrelic.com are not vulnerable to this issue. New Relic did discover that the Documentation site (docs.newrelic.com) was vulnerable. This has now been patched, and the SSL certificate has been replaced.
New Relic has no evidence that any customer data (including user names and passwords) was exposed. However, if you have any concerns about your account's protection, you should change your password.
This procedure is for users who sign in directly to New Relic APM and do not have partner accounts or SAML SSO enabled accounts:
- Go to rpm.newrelic.com > (account dropdown) > User preferences.
- Type your Current password.
- Type your new Password (meeting minimum requirements), and then re-type the new password in Password confirmation.
- Select Save user preferences.
- Regenerate your API key.