On May 10, 2018, we received notice about two critical vulnerabilities in Redis, both embargoed until this morning.
Upon this notice, our Data Infrastructure team proceeded to patch all internal and customer databases in response to these vulnerabilities. As of today, all customer databases have been patched successfully.
At Heroku, customer trust is our most important value - and we are grateful to have your trust in keeping a globally-distributed data fleet safe from harm. If you’re interested in more behind the scenes details, check out our engineering blog post on how our Data Infrastructure team undertook the effort to patch our entire Redis fleet.