This week there has been a lot of news about the Heartbleed (CVE-2014-0160) vulnerability in OpenSSL, which could potentially leak memory contents — including personal information and even a site’s cryptographic keys.
As sites and services across the Internet scramble to update their security and implement patches, we wanted to update New Relic users on how the situation affects them.
You can read our full documentation on the issue here (Security for Heartbleed Vulnerability), but to summarize: after reviewing all of our sites and applications, we determined that the majority of our sites — including www.newrelic.com, rpm.newrelic.com, and insights.newrelic.com — are not vulnerable to this issue. We did discover that our documentation site (docs.newrelic.com) was vulnerable and we promptly patched it and issued a new SSL certificate.
We have no evidence that any customer data (including user names and passwords) was exposed. But if you have any concerns, you can use these instructions to change your password and regenerate your API key. Considering the scope of Heartbleed, we encourage you to reset your password for all your most important accounts, as many other services you use may have been affected.
If you have additional questions or concerns, you can get in touch with us at support.newrelic.com.