Change effective on 14 September 2017
These are security releases made due to vulnerabilities in RubyGems. Previously, we patched versions 2.2.7, 2.3.4, and 2.4.1 with the RubyGems updates, meaning that those versions of Ruby on Heroku are also secure from these vulnerabilities. You can see the current RubyGems versions associated with each release on the Ruby Version Support page.
To see the current version of rubygems installed for your app you can run:
$ heroku run bash
$ ruby -v ruby 2.4.2p198 (2017-09-14 revision 59899) [x86_64-linux] $ gem -v 2.6.13
You can read more about how we updated these versions with secure patches before the official patched releases were made available.