Heroku-20 and Heroku-22 stacks updated

Change effective on 27 March 2024

We have updated the heroku-20 and heroku-22 stacks to pick up security fixes in upstream packages. The new base images for each stack will be rolled out automatically to the Common Runtime over the next 48 hours, followed by Private Spaces.

If you are using Heroku’s default buildpack-powered build system/stacks you do not need to redeploy your app to pick up these changes, since your application’s slug is applied on top of the most recent base image for the stack each time a dyno starts. Currently running dynos will be automatically restarted, so there is no need to manually restart your app.

If your app instead uses Heroku’s container stack (most apps do not), you will need to rebuild your app’s Docker image in order to pick up any updates in the base image specified in your Dockerfile.

See this Dev Center article for an overview of the packages available in each stack’s base image.

Changelog of packages

Stack: heroku-20

  • Removed postgresql-client-15
  • Updated curl from version 7.68.0-1ubuntu2.21 to 7.68.0-1ubuntu2.22
  • Updated libcurl3-gnutls from version 7.68.0-1ubuntu2.21 to 7.68.0-1ubuntu2.22
  • Updated libcurl4 from version 7.68.0-1ubuntu2.21 to 7.68.0-1ubuntu2.22
  • Updated linux-libc-dev from version 5.4.0-173.191 to 5.4.0-174.193
  • Added postgresql-client-16 version 16.2-1.pgdg20.04+1

Updates to packages available at build time only

  • Removed postgresql-server-dev-15
  • Updated libcurl4-openssl-dev from version 7.68.0-1ubuntu2.21 to 7.68.0-1ubuntu2.22
  • Updated libpython2.7-minimal from version 2.7.18-1~20.04.3 to 2.7.18-1~20.04.4
  • Updated libpython2.7-stdlib from version 2.7.18-1~20.04.3 to 2.7.18-1~20.04.4
  • Updated python2.7 from version 2.7.18-1~20.04.3 to 2.7.18-1~20.04.4
  • Updated python2.7-minimal from version 2.7.18-1~20.04.3 to 2.7.18-1~20.04.4
  • Added postgresql-server-dev-16 version 16.2-1.pgdg20.04+1

Stack: heroku-22

  • Removed postgresql-client-15
  • Updated bash from version 5.1-6ubuntu1 to 5.1-6ubuntu1.1
  • Updated coreutils from version 8.32-4.1ubuntu1.1 to 8.32-4.1ubuntu1.2
  • Updated curl from version 7.81.0-1ubuntu1.15 to 7.81.0-1ubuntu1.16
  • Updated libcurl3-gnutls from version 7.81.0-1ubuntu1.15 to 7.81.0-1ubuntu1.16
  • Updated libcurl4 from version 7.81.0-1ubuntu1.15 to 7.81.0-1ubuntu1.16
  • Updated libexpat1 from version 2.4.7-1ubuntu0.2 to 2.4.7-1ubuntu0.3
  • Updated libldap-2.5-0 from version 2.5.16+dfsg-0ubuntu0.22.04.2 to 2.5.17+dfsg-0ubuntu0.22.04.1
  • Updated linux-libc-dev from version 5.15.0-100.110 to 5.15.0-101.111
  • Added postgresql-client-16 version 16.2-1.pgdg22.04+1

Updates to packages available at build time only

  • Updated libcurl4-openssl-dev from version 7.81.0-1ubuntu1.15 to 7.81.0-1ubuntu1.16
  • Updated libexpat1-dev from version 2.4.7-1ubuntu0.2 to 2.4.7-1ubuntu0.3
  • Updated libldap-dev from version 2.5.16+dfsg-0ubuntu0.22.04.2 to 2.5.17+dfsg-0ubuntu0.22.04.1
  • Updated libldap2-dev from version 2.5.16+dfsg-0ubuntu0.22.04.2 to 2.5.17+dfsg-0ubuntu0.22.04.1