Change effective on 17 April 2013
A security bug in OpenJDK allows remote code execution via RMI. JVM-based apps (e.g. Java, Scala, Clojure) will receive an update to address the security bug the next time you push to Heroku. The
-Djava.rmi.server.useCodebaseOnly=true system property will automatically be set on the app. If you wish to override this setting, you can do so in
JAVA_OPTS or in your application’s Procfile.