Developer Tools
- Engineering
- Last Updated: June 03, 2024
- Richard Schneeman
Rails applications that use ActiveRecord objects in their cache may experience an issue where the entries cannot be invalidated if all of these conditions are true:
They are using Rails 5.2+
They have configured config.active_record.cache_versioning = true
They are using a cache that is not maintained by Rails, such as dalli_store (2.7.8 or prior)
In this post, we discuss the background to a change in the way that cache keys work with Rails, why this change introduced an API incompatibility with 3rd party cache stores, and finally how you can find out if your app is at risk and how to…
Yesterday we announced a major step towards making buildpacks a multi-platform, open standard by contributing to Cloud Native Buildpacks , a Sandbox Project hosted by the Cloud Native Computing Foundation. Today, we are announcing that you can now easily share your buildpacks with the world, by registering them with the Heroku Buildpack Registry.
As of this post, the Buildpack Registry contains over 100 buildpacks created by authors like you. Because of your contributions, Heroku developers can easily use languages and frameworks like Meteor, Elixir, and React in their applications. If you’ve created a…
- News
- Last Updated: June 03, 2024
- Terence Lee
Your Heroku application’s journey to production begins with a buildpack that detects what kind of app you have, what tools you need to run, and how to tune your app for peak performance. In this way, buildpacks reduce your operational burden and let you to spend more time creating value for your customers. That’s why we’re excited to announce a new buildpack initiative with contributions from Heroku and Pivotal.
The Cloud Native Computing Foundation (CNCF) has accepted Cloud Native Buildpacks to the Cloud Native Sandbox . Cloud Native Buildpacks turn source code into Docker images. In doing so, they give you…
- Engineering
- Last Updated: August 14, 2018
- Chris Castle
This is the first in a series of blog posts examining the evolution of web app architecture over the past 10 years. This post examines the forces that have driven the architectural changes and a high-level view of a new architecture. In future posts, we’ll zoom in to details of specific parts of the system. The standard web application architecture suitable for many organizations has changed drastically in the past 10 years. Back in Heroku’s early days in 2008, a standard web application architecture consisted of a web process type to respond to HTTP requests, a database to persist…
- Engineering
- Last Updated: June 19, 2018
- Richard Schneeman
All previously released versions of Sprockets , the software that powers the Rails asset pipeline, contain a directory traversal vulnerability . This vulnerability has been assigned CVE-2018-3760 .
How do I know if I'm affected?
Rails applications are vulnerable if they have this setting enabled in their application:
# config/environments/production.rb
config.assets.compile = true # setting to true makes your app vulnerable
Note: The default value of this setting that ships with Rails in production.rb is false. By default, Rails apps running in production mode are not vulnerable to this exploit.
- Engineering
- Last Updated: May 06, 2024
- Philipe Navarro
The CLI Team at Heroku strives to create a CLI user experience that is intuitive and productive. We had “build CLI autocomplete” in the icebox of our roadmap for many years. But if we were going to ship it, it had to complement the existing CLI experience. This is challenging because the Heroku CLI is very dynamic: it comprises user installable plugins, and the data needed for completions is behind an API.
Recently, we spent some time brainstorming the experience we wanted from Heroku CLI Autocomplete and decided it was time. We took “build autocomplete” out of the…
- News
- Last Updated: April 29, 2024
- Nahid Samsami
Today we're excited to announce that Heroku CLI Autocomplete for Bash and Zsh is generally available. Heroku CLI Autocomplete makes your workflow faster and more seamless by helping you complete command and flag names when you press the tab key. Autocomplete completes all Heroku CLI commands and will automatically support new commands as they are added. You can also complete values for some flags and args—including apps, pipelines and config vars—so you won't need to run multiple commands to find and cross-reference them.
We build the CLI first and foremost for human usability; Autocomplete takes usability…
- Engineering
- Last Updated: June 03, 2024
- Richard Schneeman
Rails 5.2 was just released last month with a major new feature: Active Storage. Active Storage provides file uploads and attachments for Active Record models with a variety of backing services (like AWS S3). While libraries like Paperclip exist to do similar work, this is the first time that such a feature has been shipped with Rails. At Heroku, we consider cloud storage a best practice, so we've ensured that it works on our platform. In this post, we'll share how we prepared for the release of Rails 5.2, and how you can deploy an app today using the…
- Engineering
- Last Updated: June 03, 2024
- Etienne Stalmans
At Heroku we consistently monitor vulnerability feeds for new issues. Once a new vulnerability drops, we jump into action to triage and determine how our platform and customers may be affected. Part of this process involves evaluating possible attack scenarios not included in the original vulnerability report. We also spend time looking for “adjacent” and similar bugs in other products. The following Ruby vulnerability was identified during this process.
A vulnerability, CVE-2017-8817 , was identified in libcurl. The FTP function contained an out of bounds read when processing wildcards. As soon as the vulnerability was made…
- Ecosystem
- Last Updated: March 21, 2018
- Arif Gursel
Asynchronous provisioning allows add-ons to perform out-of-band provisioning in a first-class way. It’s intended for add-on services that need extended time to set up and help make automated app setup and orchestration easier and less error-prone.
The customer will be billed as soon as the add-on starts provisioning. This means the time and cost of provisioning your service is accounted for in how much a customer pays. As such, you should make every effort to provision expediently so customers get value from your service as quickly as possible.
Add-ons that take longer than 12 hours to provision…
Subscribe to the full-text RSS feed for Developer Tools.