Over the past few weeks, Heroku proactively updated our entire Redis fleet with a version of Redis not vulnerable to CVE-2018-11218. This was an embargoed vulnerability, so we did this work without notifying our customers about the underlying cause. As always, our goal was to update all Heroku Redis instances well before the embargo expired.

As a Data Infrastructure Engineer at Heroku, I wanted to share how we manage large fleet operations such as this one. The most important aspect of our job is keeping customers safe from security vulnerabilities, while also minimizing disruption and downtime. Those two objectives are often at odds with each other, so we work hard to reduce the impact...

On May 10, 2018, we received notice about two critical vulnerabilities in Redis, both embargoed until this morning.

Upon this notice, our Data Infrastructure team proceeded to patch all internal and customer databases in response to these vulnerabilities. As of today, all customer databases have been patched successfully.

At Heroku, customer trust is our most important value - and we are grateful to have your trust in keeping a globally-distributed data fleet safe from harm. If you’re interested in more behind the scenes details, check out our engineering blog post on how our Data Infrastructure team undertook the effort to patch our entire Redis fleet.

The Heroku Connect team ran into problems with existing task scheduling libraries. Because of that, we wrote RedBeat, a Celery Beat scheduler that stores scheduled tasks and runtime metadata in Redis. We’ve also open sourced it so others can use it. Here is the story of why and how we created RedBeat.

Background

Heroku Connect, makes heavy use of Celery to synchronize data between Salesforce and Heroku Postgres. Over time, our usage has grown, and we came to rely more and more heavily on the Beat scheduler to trigger frequent periodic tasks. For a while, everything was running smoothly, but as we grew cracks started to appear. Beat, the default Celery scheduler, began to behave...

Redis might sound like it’s just a key/value store, but its versatility makes it a valuable Swiss Army knife for your application. Caching, queueing, geolocation, and more: Redis does it all. We’ve built (and helped our customers build) a lot of apps around Redis over the years, so we wanted to share a few tips that will ensure you get the most out of Redis, whether you’re running it on your own box or using the Heroku Redis add-on.

Use a Connection Pooler

By using a connection pooler, you'll reduce the connection overhead and therefore speed up operations while reducing the number of connections you use.

Most Redis libraries will provide you with a specific connection pooler...

We recently sat down for a chat with Bill Curtis, a co-founder and the CTO of Sweet Tooth, a points and rewards app for online stores worldwide.

What has been your greatest challenge?

We’re serving way more data today than we ever have, so scaling is mission-critical. In the past, we’ve struggled with traffic spikes. For example, there are seasonal spikes, like Black Friday or Cyber Monday. There are also spikes from merchant activity, such as load testing stores or importing a large number of orders.

I recently tweeted our requests-per-hour graph. It showed that during the huge spikes for this year’s Black Friday and Cyber Monday, our product availability was seamless on Heroku. That...