News
- News
- Last Updated: February 16, 2013
- Jesper Joergensen
Over the past couple of years Heroku customers have occasionally reported unexplained latency on Heroku. There are many causes of latency—some of them have nothing to do with Heroku—but until this week, we failed to see a common thread among these reports. We now know that our routing and load balancing mechanism on the Bamboo and Cedar stacks created latency issues for our Rails customers, which manifested themselves in several ways, including:
Unexplainable, high latencies for some requests
Mismatch between reported queuing and service time metrics and the observed reality
Discrepancies between documented and observed behaviors
For applications running on the…
- News
- Last Updated: June 03, 2024
- Oren Teich
Yesterday, one of our customers let us know about significant performance issues they have experienced on Heroku. They raised an important issue and I want to let our community know about it. In short, Ruby on Rails apps running on Bamboo have experienced a degradation in performance over the past 3 years as we have scaled.
We failed to explain how our product works. We failed to help our customers scale. We failed our community at large. I want to personally apologize, and commit to resolving this issue.
Our goal is to make Heroku the best platform…
- News
- Last Updated: March 28, 2024
- Sara Dornsife
Waza (技) 2013 is less than a month away and we are excited to have a full lineup of speakers who will be talking about their perspectives on art and technique. In between the talks, take part in an unique blend of conversation and craft through the hands-on workshops led by artisans teaching their trades from origami creations, to take-home woodblock prints, and even a hand-crafted and dyed quilt. Take part in this celebration of skill and making at Waza 2013.
Michael has been blogging…
- News
- Last Updated: May 06, 2024
- Oren Teich
On Friday January 18, security researcher Benjamin Manns notified Heroku of a security vulnerability related to our add-ons program. At a high level, the vulnerability could have resulted in disclosing our Cross-Site Request Forgery tokens (these tokens are used to prevent browser hijacking) to third parties.
We quickly addressed the vulnerability and on Sunday, we deployed a patch to remediate the issue. We also reviewed our code for related vulnerabilities and conducted a review of our audit logs to determine the impact of the vulnerability. We found no instances of this issue being exploited.
We wish…
- News
- Last Updated: January 17, 2013
- Craig Kerstiens
An organization's data is its most valuable asset. Unfortunately, that data is usually trapped inside a database with few ways to access it by a privileged handful of people. Too often reports are manually generated and their results pasted into emails; dashboards get built but rapidly become outdated and never answer the right questions.
We have so many great tools for collaborating around our source code, why is data still in the dark ages?
At Heroku Postgres, we believe that your data should flow like water. Only the most up-to-date data should be available any time you have a…
- News
- Last Updated: January 11, 2013
- Sara Dornsife
The Concourse – San Francisco
February 28, 2013
Heroku’s Waza (技), the Japanese word for art and technique, is an immersive one-day developer experience focused on craft. Throughout the event you will find technical sessions with added experiences in music, art and technology. The event features technical sessions, hands-on workshops, great food, and traditional music.
Registration is now open! Tickets are $300.
Last year’s event sold out in a matter of hours. Don’t risk missing out this year — join us for Waza on February 28th, 2013 at the Concourse in San Francisco.
We are excited…
- News
- Last Updated: January 11, 2013
- Mark McGranaghan
A serious security vulnerability has been found in the Ruby on Rails framework. This exploit affects nearly all applications running Rails and a patch has been made available.
Rails developers can get a full list of all your affected Heroku applications by following instructions here . Please address this security vulnerability by immediately upgrading your affected apps to any of the safe versions of Rails listed below. The following Rails versions have been patched and deemed safe from this exploit:
3.2.11
3.1.10
3.0.19
2.3.15
If you do not upgrade, an attacker can trivially gain access to your application, its data,…
- News
- Last Updated: January 10, 2013
- Oren Teich
Heroku recently learned of and resolved a security vulnerability. We want to report this to you, describe how we responded to the incident, and reiterate our commitment to constantly improving the security and integrity of your data and source code.
On December 19, 2012, security researcher Stephen Sclafani notified us of an issue in our account creation system. Using a maliciously-crafted HTTP request, an attacker could change the password of a pre-existing Heroku user account, and thus gain control of it. This attack would not disclose the pre-existing password to the attacker (those are stored internally as non-recoverable…
- News
- Last Updated: December 13, 2012
- Richard Schneeman
Over a year ago Heroku launched the Cedar stack and the ability to run Java on our platform . Java is known as a powerful language – capable of performing at large scale. Much of this potential comes from the JVM that Java runs on. The JVM is the stable, optimized, cross-platform virtual machine that also powers other languages including Scala and Clojure. Starting today you can leverage the power of the JVM in your Ruby applications without learning a new language, by using JRuby on Heroku.
After a beta process with several large production applications,…
- News
- Last Updated: December 07, 2012
- Craig Kerstiens
Hosting your data on one of the largest fleets of databases in the world comes with certain advantages. One of those benefits is that we can aggregate the collective pain points that face our users and work within the Postgres community to help find solutions to them.
In the previous year we worked very closely with the broader Postgres community to build features, fix bugs, and resolve pain points. You've already seen some of the results of that work in the form of extension support on Heroku and query cancellation . With the 9.2 release we're delighted to…
Subscribe to the full-text RSS feed for Jesper Joergensen.