View categories
Stack image updated for ImageMagick security issue
Change effective on 03 May 2016
The Heroku Cedar-14 stack image has been updated with the most recent versions of installed packages. The update includes the following changes:
-
ImageMagick policy changes to mitigate CVE-2016–3714. This policy change disables the
EPHEMERAL
,URL
,HTTPS
,MVG
, andMSL
coders.
This update also includes today’s OpenSSL fixes for CVE-2016-2107 and CVE-2016-2108 security issues.
The new stack image will be rolled out automatically in the next 24 hours. You do not need to redeploy your app or restart your dynos.
See this Dev Center article for an overview of the libraries available on the Cedar-14 stack image.