Security guidance for New Relic customers related to Apache Log4j vulnerabilities

New Relic has addressed critical and low-risk vulnerabilities in the Apache Log4j framework by releasing updates for its Java Agent and Containerized Private Minion, following the public disclosure of these vulnerabilities in December 2021. The critical vulnerability, CVE-2021-44228, allows remote control or data exfiltration by malicious actors, and it is recommended to upgrade Apache Log4j to version 2.16.0 or higher to mitigate the risk. New Relic has also provided an open-source script, nr-find-log4j, to help identify potentially vulnerable services monitored by New Relic APM and offers guidance on checking for exploits through New Relic Log Management. The company has initiated a comprehensive security response, collaborating with partners and vendors to ensure thorough remediation across its infrastructure, emphasizing its commitment to data security through established programs like Security RX.