On May 10, 2018, we received notice about two critical vulnerabilities in Redis, both embargoed until this morning.

Upon this notice, our Data Infrastructure team proceeded to patch all internal and customer databases in response to these vulnerabilities. As of today, all customer databases have been patched successfully.

At Heroku, customer trust is our most important value - and we are grateful to have your trust in keeping a globally-distributed data fleet safe from harm. Stay tuned, as we will soon be publishing an in-depth account on how our Data Infrastructure team undertook the effort to patch our entire Redis fleet.


The CLI Team at Heroku strives to create a CLI user experience that is intuitive and productive. We had “build CLI autocomplete” in the icebox of our roadmap for many years. But if we were going to ship it, it had to complement the existing CLI experience. This is challenging because the Heroku CLI is very dynamic: it comprises user installable plugins, and the data needed for completions is behind an API.

Recently, we spent some time brainstorming the experience we wanted from Heroku CLI Autocomplete and decided it was time. We took “build autocomplete” out of the icebox and shipped it.

This post will discuss the main challenges we faced building Heroku CLI Autocomplete and how we solved...


Today we're excited to announce that Heroku CLI Autocomplete for Bash and Zsh is generally available. Heroku CLI Autocomplete makes your workflow faster and more seamless by helping you complete command and flag names when you press the tab key. Autocomplete completes all Heroku CLI commands and will automatically support new commands as they are added. You can also complete values for some flags and args—including apps, pipelines and config vars—so you won't need to run multiple commands to find and cross-reference them.

A GIF showing the Heroku CLI autocomplete in action

We build the CLI first and foremost for human usability; Autocomplete takes usability a step further, making it easier than ever to discover, learn, and...


The Public Cloud Security (PCS) group at Salesforce partners very closely with Heroku engineering to review and advise on new product features across the platform, from infrastructure to applications. One of the most rewarding aspects about this partnership and working on this team for me is when we not only identify security concerns, but take an active role in building safe solutions.

Heroku recently announced support for Active Storage in Rails 5.2, which introduces the ability to generate previews of PDFs and videos. As a security engineer, hearing about a new feature in a product that automatically parses media files definitely grabbed my attention. This post takes a look at...


How to blend a rock-solid CMS and API with the absolute best in front-end tooling, built as a single project and hosted seamlessly on Heroku.

Rails is an incredible framework, but modern web development has moved to the front-end, meaning sometimes you don’t need all the bulk of the asset pipeline and the templating system. In Rails 5 you can now create an API-only Rails app, meaning you can build your front-end however you like—using Create React App, for example. It’s no longer 100% omakase.

An image of four logos, React, Rails, Activeadmin, and Heroku


Browse the blog archives or subscribe to the full-text feed.