How does Heroku handle security vulnerabilities that affect the platform?


I have read about a security vulnerability and I wanted to see if action was required on my part.


Heroku's Product Security team follows emerging trends, and partners closely with the research community. We invest heavily in facilitating conversations regarding vulnerabilities and keeping our customers safe via community partnerships.

In the case of emerging and recently-announced vulnerabilities (including those embargoed or leaked to the press), we have a proven methodology for ingesting, processing, and prioritizing mitigation work. Our team utilizes these methods to address these vulnerabilities as material or actionable information is made available.

If customer impact or coordination is required, we will post additional information via Heroku Status, DevCenter ChangeLog, or provide instructions and context via maintenance notification emails.

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support