An Update on Redis Vulnerabilities and Patching

On May 10, 2018, we received notice about two critical vulnerabilities in Redis, both embargoed until this morning.

Upon this notice, our Data Infrastructure team proceeded to patch all internal and customer databases in response to these vulnerabilities. As of today, all customer databases have been patched successfully.

At Heroku, customer trust is our most important value - and we are grateful to have your trust in keeping a globally-distributed data fleet safe from harm. Stay tuned, as we will soon be publishing an in-depth account on how our Data Infrastructure team undertook the effort to patch our entire Redis fleet.

Browse the archives for news or all blogs Subscribe to the RSS feed for news or all blogs.