Change effective on 24 September 2019
We have updated the Cedar-14, Heroku-16, and Heroku-18 stack images to address security notices in multiple packages. The new stack images will be rolled out automatically in the next 24 hours. You do not need to redeploy your app or restart your dynos.
For Heroku-18 only, the changes include an upgrade of OpenSSL from 1.1.0 to 1.1.1, which adds support for TLS 1.3. This new version is backwards compatible, however in rare cases can expose bugs in legacy client and server TLS implementations.
See this Dev Center article for an overview of the libraries available on the Cedar-14, Heroku-16, and Heroku-18 stack images.