Heroku-20 and Heroku-22 stacks updated

Change effective on 24 April 2024

We have updated the heroku-20 and heroku-22 stacks to pick up security fixes in upstream packages. The new base images for each stack will be rolled out automatically to the Common Runtime over the next 48 hours, followed by Private Spaces.

The updates to package libc6 contain security fixes for a recently disclosed vulnerability in glibc (CVE-2024-2961).

If you are using Heroku’s default buildpack-powered build system/stacks you do not need to redeploy your app to pick up these changes, since your application’s slug is applied on top of the most recent base image for the stack each time a dyno starts. Currently running dynos will be automatically restarted, so there is no need to manually restart your app.

If your app instead uses Heroku’s container stack (most apps do not), you will need to rebuild your app’s Docker image in order to pick up any updates in the base image specified in your Dockerfile.

See this Dev Center article for an overview of the packages available in each stack’s base image.

Changelog of packages

Stack: heroku-20

  • Updated libc-bin from version 2.31-0ubuntu9.14 to 2.31-0ubuntu9.15
  • Updated libc-dev-bin from version 2.31-0ubuntu9.14 to 2.31-0ubuntu9.15
  • Updated libc6 from version 2.31-0ubuntu9.14 to 2.31-0ubuntu9.15
  • Updated libc6-dev from version 2.31-0ubuntu9.14 to 2.31-0ubuntu9.15
  • Updated libgnutls-openssl27 from version 3.6.13-2ubuntu1.10 to 3.6.13-2ubuntu1.11
  • Updated libgnutls30 from version 3.6.13-2ubuntu1.10 to 3.6.13-2ubuntu1.11
  • Updated libgnutlsxx28 from version 3.6.13-2ubuntu1.10 to 3.6.13-2ubuntu1.11
  • Updated libnss3 from version 2:3.98-0ubuntu0.20.04.1 to 2:3.98-0ubuntu0.20.04.2
  • Updated linux-libc-dev from version 5.4.0-176.196 to 5.4.0-177.197
  • Updated locales from version 2.31-0ubuntu9.14 to 2.31-0ubuntu9.15
  • Updated postgresql-client-common from version 257.pgdg20.04+1 to 259.pgdg20.04+1

Updates to packages available at build time only

  • Updated libc6-i386 from version 2.31-0ubuntu9.14 to 2.31-0ubuntu9.15
  • Updated libgnutls-dane0 from version 3.6.13-2ubuntu1.10 to 3.6.13-2ubuntu1.11
  • Updated libgnutls28-dev from version 3.6.13-2ubuntu1.10 to 3.6.13-2ubuntu1.11
  • Updated postgresql-common from version 257.pgdg20.04+1 to 259.pgdg20.04+1

Stack: heroku-22

  • Updated libc-bin from version 2.35-0ubuntu3.6 to 2.35-0ubuntu3.7
  • Updated libc-dev-bin from version 2.35-0ubuntu3.6 to 2.35-0ubuntu3.7
  • Updated libc6 from version 2.35-0ubuntu3.6 to 2.35-0ubuntu3.7
  • Updated libc6-dev from version 2.35-0ubuntu3.6 to 2.35-0ubuntu3.7
  • Updated libgnutls-openssl27 from version 3.7.3-4ubuntu1.4 to 3.7.3-4ubuntu1.5
  • Updated libgnutls30 from version 3.7.3-4ubuntu1.4 to 3.7.3-4ubuntu1.5
  • Updated libgnutlsxx28 from version 3.7.3-4ubuntu1.4 to 3.7.3-4ubuntu1.5
  • Updated libnss3 from version 2:3.98-0ubuntu0.22.04.1 to 2:3.98-0ubuntu0.22.04.2
  • Updated linux-libc-dev from version 5.15.0-102.112 to 5.15.0-105.115
  • Updated locales from version 2.35-0ubuntu3.6 to 2.35-0ubuntu3.7
  • Updated openssh-client from version 1:8.9p1-3ubuntu0.6 to 1:8.9p1-3ubuntu0.7
  • Updated openssh-server from version 1:8.9p1-3ubuntu0.6 to 1:8.9p1-3ubuntu0.7
  • Updated openssh-sftp-server from version 1:8.9p1-3ubuntu0.6 to 1:8.9p1-3ubuntu0.7
  • Updated postgresql-client-common from version 257.pgdg22.04+1 to 259.pgdg22.04+1

Updates to packages available at build time only

  • Updated libgnutls-dane0 from version 3.7.3-4ubuntu1.4 to 3.7.3-4ubuntu1.5
  • Updated libgnutls28-dev from version 3.7.3-4ubuntu1.4 to 3.7.3-4ubuntu1.5