Vulnerability Identifier: NR25-01
Priority: High
Summary
By default New Relic does not include or enable the specific plugins that are affected by security vulnerabilities identified in certain versions of Fluent Bit. The specific plugins are:
- OpenTelemetry input plugin - Affected by CVE-2024-50608
- Prometheus Remote Write input plugin - Affected by CVE-2024-50609
However, to support customers that have enabled these optional plugins, we recommend customers to upgrade to the latest available versions of these package:
- Infrastructure Agent - Windows
- Infrastructure Agent - Linux
- Kubernetes Plugin
- New Relic Fluent Bit Output Plugin Docker Image
Action required
New Relic strongly advises our customers who are using the aforementioned log forwarding instrumentation to take immediate action as follows. If you are unable to upgrade to Fluent Bit v3.2.7, we recommend disabling the affected plugins specified above.
Solution | Action Required |
Infrastructure agent - Windows | Upgrade the Infrastracture agent to version 1.62.0 or later |
Infrastructure agent - Linux | Upgrade the Infrastracture agent to version 1.62.0 or later AND update Fluent Bit to version 3.2.7 or later |
Kubernetes Plugin | Upgrade using either newrelic-logging-1.26.1 or nri-bundle-5.0.115 |
New Relic Fluent Bit Output Plugin Docker Image | Update to version 2.3.0 |
New Relic has provided the following resources to assist with these updates:
- Update the Infrastructure Agent
- Update Fluent Bit with the Linux Infrastructure Agent
- Install the newest helm charts for the Kubernetes Plugin
- Install the Kubernetes integration
- Fluent Bit plugin for log forwarding
Frequently Asked Questions
How can I find out if I’m using the vulnerable plugins?
New Relic default Fluent Bit configuration does not include the vulnerable plugins by default. If you have amended your Fluent bit configuration post-installation and included the OpenTelemetry input plugin and/or Prometheus Remote Write input, any version of Fluent Bit installed in your environment is vulnerable. Follow the instructions to upgrade all your log forwarding instrumentation immediately.
I am using the Infrastructure Agent but have disabled log forwarding. Am I impacted?
If you previously used New Relic log forwarding instrumentation (listed above), and used the affected plugins, you might still be impacted. New Relic recommends that you upgrade your agents, or at minimum disable the affected plugins.
Additionally, New Relic recommends that all customers identify any other uses of Fluent Bit in their environments and update them to at least version 3.2.7.
Once I update to the latest versions of the listed log forwarding services, do I have to do anything else?
Yes, but only if you are running Infrastracture agents on Linux hosts. If you are running the Linux Infrastructure agent, you will also need to update Fluent Bit within your environment to a version 3.2.7 or later.
How can I find out which Fluent Bit version I’m using?
If you previously used New Relic log forwarding instrumentation (listed above), and used the affected plugins, you might still be impacted. New Relic recommends that you upgrade your agents, or at minimum disable the affected plugins.
Additionally, New Relic recommends that all customers identify any other uses of Fluent Bit in their environments and update them to at least version 3.2.7.
Agent | Steps |
Infra agent and standalone Fluent bit |
|
Kubernetes |
|
Supporting Release Notes
Fluent Bit Output Plugin Release Notes
Technical vulnerability information
Fluent Bit 3.2.7 Release Notes
Publication History
March 1, 2025 - NR25-01 Published