News

There have been thousands of reported security vulnerabilities in 2013 alone, often with language that leaves it unclear if you're affected. Heroku's job is to ensure you can focus on building your functionality, as part of that we take responsibility for the security of your app as much as we're able. On Friday, November 22nd a security vulnerability was disclosed in Ruby (MRI): CVE-2013-4164 . Our team moved quickly to identify the risk to anyone using the Heroku platform and push out a fix. The vulnerability The disclosed Ruby vulnerability contains a denial-of-service vector with the possibility of arbitrary code…

Editor's Note: This is a guest post from Jonathan Cipriano, creative developer based in San Francisco currently working as a Creative Research & Development Manager at AKQA. A few weeks back, the Make-a-Wish Foundation made a 5-year old cancer survivor named Miles dream come true by helping him play out a Batman-style adventure in San Francisco. The city was morphed into Gotham for a day with the help of 12,000 volunteers. A rescue mission turned the pint-sized crusader into a social media sensation. Miles became Batkid for a day. Inspired by his story, some creative devs at AKQA thought it…

Editor's note: This is a guest post from Ken Fromm and Paddy Foran at Iron.io. Iron.io's services are designed for building distributed cloud applications quickly and operating at scale. Platform as a Service has transformed the use of cloud infrastructure and drastically increased cloud adoption for common types of applications, but apps are becoming more complex. There are more interfaces, greater expectations on response times, increasing connections to other systems, and lots more processing around each event. The next shift in cloud development will be less about building monolithic apps and more about creating highly scalable and adaptive systems. Don’t…

Editor's Note: We are cross-posting this article from the Salesforce Blog. It shows how we are bringing Heroku to a new market and audience – Salesforce customers – using a new product and message. If you are a user of both Heroku and Salesforce and are interested in connecting them. Apps are an essential part of the Internet of Customers. They are the dashboards to people’s lives. They allow your customers to be part of your business’ workflows, and for you to engage with them on an unprecedented level. Customer connected apps are the next phase of how companies are…

At our core, Heroku’s goal is to make it easier for developers to build great apps. We do this by creating tools which allow developers to focus on writing code, rather than wasting time on managing infrastructure. To coincide with this week’s Dreamforce event, we are launching several tools targeted at developers who write apps on Heroku that integrate with Salesforce.com. If you aren’t part of the Salesforce world, don’t worry. We remain 100% committed to our core audience of web and mobile developers and will continue to release great new features and functionality like websockets and high-availability databases. Force.com,…

It’s hard to believe the scale or imagine the energy that is Dreamforce. As part of the Salesforce Platform, a platform with a growing developer community and an amazing range of technologies, Heroku will join the party November 18-21 in San Francisco. This is a big deal for us. DevZone A few weeks ago we announced the Salesforce $1 Million Hackathon. By the way, that’s $1 million cash, the single largest hackathon prize in history. The response from our developer community has been fantastic – the winning app will be undoubtedly amazing. Heroku will also be a big part of…

Today, we're announcing the release of a key part of our authentication infrastructure – id.heroku.com – under the MIT license. This is the service that accepts passwords on login and manages all things OAuth for our API. The repo is now world-readable at https://github.com/heroku/identity . Pull requests welcome. While OAuth was originally designed to allow service providers to delegate some access on behalf of a customer to a third party, and we do use it that way too, Heroku also uses OAuth for SSO. We'd like to take this opportunity to provide a technical overview. A quick bit of terminology…