Heroku Blog
- News
- Last Updated: June 21, 2018
- Robert Zare
Today we are pleased to announce general availability of Heroku Shield Connect, the latest addition to our lineup of Heroku Shield services.
Heroku Shield, announced last year, enabled new capabilities for Dynos, Postgres databases and Private Spaces that make Heroku suitable for high compliance environments such as those that fall under the Health Insurance Portability and Accountability Act (HIPAA) regulations. Heroku Shield Connect extends this offering by enabling high performance, fully automated, and bi-directional data synchronization between Salesforce and Heroku Postgres for companies that need to build HIPAA-compliant applications – all in a matter of a few clicks.
With this major enhancement to Heroku Shield, it's now easier than ever to build high compliance applications and services while seamlessly integrating with Salesforce as the system of record for customer data.
- News
- Last Updated: May 02, 2024
- Michael Friis
Today we’re announcing two exciting TLS improvements for apps running in Private Spaces—Heroku’s runtime optimized for security-sensitive workloads that require network and tenant isolation:
- Automated Certificate Management to automatically create, configure, and renew free TLS certificates for custom domains on Private Space apps
- Expanded and updated cipher suite selections for TLS/SSL termination for Private Space apps
Together, ACM and greater TLS cipher suite flexibility makes building secure apps in Heroku Private Spaces simpler and …
- Engineering
- Last Updated: June 19, 2018
- Richard Schneeman
All previously released versions of Sprockets, the software that powers the Rails asset pipeline, contain a directory traversal vulnerability. This vulnerability has been assigned CVE-2018-3760.
How do I know if I'm affected?
Rails applications are vulnerable if they have this setting enabled in their application:
# config/environments/production.rb config.assets.compile = true # setting to true makes your app vulnerableNote: The default value of this setting that ships with Rails in production.rb is …
- News
- Last Updated: June 13, 2018
- Scott Truitt
On May 10, 2018, we received notice about two critical vulnerabilities in Redis, both embargoed until this morning.
Upon this notice, our Data Infrastructure team proceeded to patch all internal and customer databases in response to these vulnerabilities. As of today, all customer databases have been patched successfully.
At Heroku, customer trust is our most important value – and we are grateful to have your trust in keeping a globally-distributed data fleet safe from …
- Engineering
- Last Updated: May 06, 2024
- Philipe Navarro
The CLI Team at Heroku strives to create a CLI user experience that is intuitive and productive. We had “build CLI autocomplete” in the icebox of our roadmap for many years. But if we were going to ship it, it had to complement the existing CLI experience. This is challenging because the Heroku CLI is very dynamic: it comprises user installable plugins, and the data needed for completions is behind an API.
Recently, we spent …
- News
- Last Updated: April 29, 2024
- Nahid Samsami
Today we're excited to announce that Heroku CLI Autocomplete for Bash and Zsh is generally available. Heroku CLI Autocomplete makes your workflow faster and more seamless by helping you complete command and flag names when you press the tab key. Autocomplete completes all Heroku CLI commands and will automatically support new commands as they are added. You can also complete values for some flags and args—including apps, pipelines and config vars—so you won't need to …
Subscribe to the full-text feed.