Heroku-18, Heroku-20 and Heroku-22 stack images updated

Change effective on 10 January 2023

We have updated the heroku-18, heroku-20 and heroku-22 stack images to pick up security fixes in upstream packages. The new stack images will be rolled out automatically to the Common Runtime over the next 48 hours, followed by Private Spaces.

If you are using Heroku’s default buildpack-powered build system/stacks you do not need to redeploy your app to pick up these changes, since your application’s slug is applied on top of the most recent stack image each time a dyno starts. Currently running dynos will be automatically restarted, so there is no need to manually restart your app.

If your app instead uses Heroku’s container stack (most apps do not), you will need to rebuild your app’s Docker image in order to pick up any updates in the base image specified in your Dockerfile.

See this Dev Center article for an overview of the packages available in each stack image.

The Heroku-18 stack is deprecated and will reach end-of-life on April 30th, 2023. Please upgrade to a newer stack as soon as possible. See the Heroku-18 End-Of-Life FAQ for more details.

Changelog of packages

The following packages have been changed; a separate section for each stack (if applicable) lists packages that are only available at build time, but not at runtime.

Stack: heroku-18

  • Updated curl from version 7.58.0-2ubuntu3.21 to 7.58.0-2ubuntu3.22
  • Updated libcurl3-gnutls from version 7.58.0-2ubuntu3.21 to 7.58.0-2ubuntu3.22
  • Updated libcurl4 from version 7.58.0-2ubuntu3.21 to 7.58.0-2ubuntu3.22
  • Updated libksba8 from version 1.3.5-2ubuntu0.18.04.1 to 1.3.5-2ubuntu0.18.04.2
  • Updated linux-libc-dev from version 4.15.0-200.211 to 4.15.0-201.212

Updates to packages available at build time only

  • Updated libcurl4-openssl-dev from version 7.58.0-2ubuntu3.21 to 7.58.0-2ubuntu3.22

Stack: heroku-20

  • Updated curl from version 7.68.0-1ubuntu2.14 to 7.68.0-1ubuntu2.15
  • Updated libcurl3-gnutls from version 7.68.0-1ubuntu2.14 to 7.68.0-1ubuntu2.15
  • Updated libcurl4 from version 7.68.0-1ubuntu2.14 to 7.68.0-1ubuntu2.15
  • Updated libksba8 from version 1.3.5-2ubuntu0.20.04.1 to 1.3.5-2ubuntu0.20.04.2
  • Updated linux-libc-dev from version 5.4.0-135.152 to 5.4.0-136.153

Updates to packages available at build time only

  • Updated libcurl4-openssl-dev from version 7.68.0-1ubuntu2.14 to 7.68.0-1ubuntu2.15

Stack: heroku-22

  • Updated curl from version 7.81.0-1ubuntu1.6 to 7.81.0-1ubuntu1.7
  • Updated libcurl3-gnutls from version 7.81.0-1ubuntu1.6 to 7.81.0-1ubuntu1.7
  • Updated libcurl4 from version 7.81.0-1ubuntu1.6 to 7.81.0-1ubuntu1.7
  • Updated libksba8 from version 1.6.0-2ubuntu0.1 to 1.6.0-2ubuntu0.2
  • Updated libsasl2-2 from version 2.1.27+dfsg2-3ubuntu1 to 2.1.27+dfsg2-3ubuntu1.1
  • Updated libsasl2-modules from version 2.1.27+dfsg2-3ubuntu1 to 2.1.27+dfsg2-3ubuntu1.1
  • Updated libsasl2-modules-db from version 2.1.27+dfsg2-3ubuntu1 to 2.1.27+dfsg2-3ubuntu1.1
  • Updated linux-libc-dev from version 5.15.0-56.62 to 5.15.0-57.63

Updates to packages available at build time only

  • Updated libcurl4-openssl-dev from version 7.81.0-1ubuntu1.6 to 7.81.0-1ubuntu1.7
  • Updated libsasl2-dev from version 2.1.27+dfsg2-3ubuntu1 to 2.1.27+dfsg2-3ubuntu1.1