Summary

Subdomain reuse, also known as subdomain takeover, is a security vulnerability that occurs when an attacker claims and takes control of a target domain. Typically, this happens when an application is deprecated and an attacker directs residual traffic to a host that they control.

As of 14 June 2023, we changed the format of the built-in herokuapp.com domain for Heroku apps. This change improves the security of the platform by preventing subdomain reuse. The new format is <app-name>-<random-identifier>.herokuapp.com. Previously, the format was <app-name>.herokuapp.com. The new format for built-in herokuapp.com domains is on by default for all users.

Why...

PostgreSQL extensions are powerful tools that allow developers to extend the functionality of PostgreSQL beyond its basic types and functions. These extensions can connect your database to an external PostgreSQL instance (postgres_fdw), add native GIS functionality (postgis), standardize address information (address_standardizer), and more. Extensions are arguably one of PostgreSQL’s greatest features and are partially responsible for the massive adoption PostgreSQL has received over the years.

We’re pleased to announce a change to the Heroku Postgres extension experience. You can once again install Heroku Postgres extensions in the public schema or any other!

Previously, in response to...

Sometimes your data grows and requires a bigger disk without a need for more compute or memory. Previously, our offerings were a bit too inflexible. We also didn’t want to limit our largest database at 4TB.

We released new Heroku Postgres plans that give you more flexibility when scaling up your database storage needs on Heroku. We heard from our customers that they want to be able to upgrade disk space without adding other resources like vCPU or memory. In response, we created new L and XL plans with increased disk limits for premium , private , and shield tiers at the -6 and -9 levels.

These new plans continue to have the same compute, memory, and IOPS characteristics as other plans...

Heroku is excited to announce the addition of a third availability zone (AZ) for our Private Spaces product offering. Three availability zones make Private Space apps more resilient to outages. We’ve prioritized this improvement as part of our focus on mission-critical features to make the Heroku Platform even more reliable. The changeover to three availability zones is fully managed by Heroku. Heroku handles all maintenance, upgrades, and management of Private Spaces, so our customers can focus on delivering value to their users without worrying about the underlying infrastructure.

What are availability zones and how does Heroku use them?

All AWS regions have multiple availability...

This month, we’re expanding the Heroku platform with a limited release of our Private Spaces product in two new regions, India (Mumbai) and Canada (Montreal), enabling customers to maintain even greater control over where data is stored and processed. These two new regions will fully support Heroku Private Spaces, Heroku Shield Private Spaces, Heroku Postgres, Apache Kafka on Heroku, Heroku Data for Redis, Heroku Connect, and most Heroku Add-ons.

Private Spaces provide a dedicated and virtual network environment for running Heroku applications. They are now supported in the following regions, with new regions highlighted in bold below: