I have read about a security vulnerability and I wanted to see if action was required on my part.
Heroku's Product Security team follows emerging trends, and partners closely with the research community. We invest heavily in facilitating conversations regarding vulnerabilities and keeping our customers safe via community partnerships.
In the case of emerging and recently-announced vulnerabilities (including those embargoed or leaked to the press), we have a proven methodology for ingesting, processing, and prioritizing mitigation work. Our team utilizes these methods to address these vulnerabilities as material or actionable information is made available.
If customer impact or coordination is required, we will post additional information via Heroku Status, DevCenter ChangeLog, or provide instructions and context via maintenance notification emails.