Heroku Blog

The announcement earlier this month of the “Heartbleed” bug (CVE-2014-0160) in OpenSSL once again focused attention on the technology used to secure communications on the Internet. Heartbleed was a very serious vulnerability and we moved as quickly as possible to patch systems and eliminate this threat on behalf of our customers. But security is not just about fire drills, there are many steps that can be taken over time to continually improve security. Over the last months we have rolled out several security improvements to Heroku SSL Endpoints, including: Perfect Forward Secrecy TLS 1.1, 1.2 support Updated ciphers These enhancements…

We love seeing our customers’ successful and gaining recognition for the amazing businesses they are building. So, as you could imagine, we were thrilled to learn that a Heroku customer was featured on ABCs Shark Tank last Friday, with two more being featured over the next couple weeks. Plated – Aired 4/4 at 9pm ET on ABC Plated, a New York City-based food/tech company, aims to make it simple and fun for people to create healthy, homemade dinners by delivering fresh ingredients and chef-designed easy-to-follow recipes directly to your door. With delivery now available to 80% of the USA, Plated…

We are really honored to be a part of PyCon again this year. We have a big booth in the expo hall and a bunch of people who are really looking forward to attending and who are there to answer questions, hack on code, troubleshoot, or shoot the …. Enter to win: While you are in our booth, you can enter to win $500 (in cash or credits) toward the open source-related project, user group, meetup, or organization of your choice. Ask at the booth for details. Here’s who is going to be there this weekend: Craig Kerstiens (@craigkerstiens) Dave…

Yesterday the OpenSSL Project released an update to address the CVE-2014-0160 vulnerability, nicknamed “Heartbleed.” This serious vulnerability affects a substantial number of applications and services running on the internet, including Heroku. All Heroku users should update their passwords as a precautionary measure. If you are currently running the SSL Endpoint add-on, you should re-key and reissue your certificate and update it as it may have been exposed. As of Tuesday, April 8 at 15:55 UTC, all Heroku certificates, infrastructure, and Heroku Postgres have been updated and are no longer vulnerable. Continue reading for further details on each affected vector. Vulnerability…

AWS Summit SF is coming up on Wed March 26th at Moscone South. We are thrilled to be sponsoring the Developer Lounge. Heroku engineers and staff will be available throughout the day to answer your questions about Heroku; developing Ruby, Python, and Node apps on Heroku; Heroku Postgres; and the architecture of apps using both Heroku and AWS. If you plan on attending, please stop by, say hello, and bring your questions. Or you can just play ping pong. If you would like to set up an appointment for a specific time, please send us an email.

Anytime a new language comes out it’s fun to immediately download it and give it a try. Yesterday Facebook announced Hack, a programming language they developed for HHVM which interoperates seamlessly with PHP. Facebook itself is already running on Hack, and it looks to deliver some exciting improvements from its PHP influence, we thought we’d make it a bit easier for you to run your own apps on Hack by working with them to create a Heroku buildpack. To highlight a few of the awesome things about Hack: Many PHP files are already valid Hack, so you can just start…