Heroku Blog
- News
- Last Updated: May 06, 2024
- Oren Teich
On Friday January 18, security researcher Benjamin Manns notified Heroku of a security vulnerability related to our add-ons program. At a high level, the vulnerability could have resulted in disclosing our Cross-Site Request Forgery tokens (these tokens are used to prevent browser hijacking) to third parties.
We quickly addressed the vulnerability and on Sunday, we deployed a patch to remediate the issue. We also reviewed our code for related vulnerabilities and conducted a review of …
- News
- Last Updated: January 17, 2013
- Craig Kerstiens
An organization's data is its most valuable asset. Unfortunately, that data is usually trapped inside a database with few ways to access it by a privileged handful of people. Too often reports are manually generated and their results pasted into emails; dashboards get built but rapidly become outdated and never answer the right questions.
We have so many great tools for collaborating around our source code, why is data still in the dark ages? At …
- News
- Last Updated: January 11, 2013
- Sara Dornsife
The Concourse – San Francisco February 28, 2013
Heroku’s Waza (技), the Japanese word for art and technique, is an immersive one-day developer experience focused on craft. Throughout the event you will find technical sessions with added experiences in music, art and technology. The event features technical sessions, hands-on workshops, great food, and traditional music.
Registration is now open! Tickets are $300.
Last year’s event sold out in a matter of hours. Don’t risk missing …
- News
- Last Updated: January 11, 2013
- Mark McGranaghan
A serious security vulnerability has been found in the Ruby on Rails framework. This exploit affects nearly all applications running Rails and a patch has been made available.
Rails developers can get a full list of all your affected Heroku applications by following instructions here. Please address this security vulnerability by immediately upgrading your affected apps to any of the safe versions of Rails listed below. The following Rails versions have been patched and …
- News
- Last Updated: January 10, 2013
- Oren Teich
Heroku recently learned of and resolved a security vulnerability. We want to report this to you, describe how we responded to the incident, and reiterate our commitment to constantly improving the security and integrity of your data and source code.
On December 19, 2012, security researcher Stephen Sclafani notified us of an issue in our account creation system. Using a maliciously-crafted HTTP request, an attacker could change the password of a pre-existing Heroku user account, …
- News
- Last Updated: December 13, 2012
- Richard Schneeman
Over a year ago Heroku launched the Cedar stack and the ability to run Java on our platform. Java is known as a powerful language – capable of performing at large scale. Much of this potential comes from the JVM that Java runs on. The JVM is the stable, optimized, cross-platform virtual machine that also powers other languages including Scala and Clojure. Starting today you can leverage the power of the JVM in your …
Subscribe to the full-text feed.