Heroku Blog
- Engineering
- Last Updated: July 01, 2026
- Katy Bowman
Beginning in version 11.8.0, we will be improving the security of the Heroku CLI by storing authentication credentials in your system keychain by default. The Heroku credential manager makes use of OS-native secure storage tools with interfaces designed for sensitive data while maintaining compatibility with existing developer workflows.
- Engineering
- Last Updated: June 24, 2026
- Nick Prey, Andy Smith
- News
- Last Updated: March 19, 2026
- Keshav Pokkuluri
We’ve transitioned to a Sustaining Engineering model to better serve the customers who rely on us every day. Our mission is simple: to provide the most stable, secure, and reliable environment for your apps and data. We will continue releasing features and functionality that align with our Sustaining Engineering goals and provide a more robust and efficient platform to our customers.
Today we are excited to share three recent enhancements:
- News
- Last Updated: March 19, 2026
- Eric Black
Heroku CLI v11 is now available. This release represents the most significant architectural overhaul in years, completing our migration to ECMAScript Modules (ESM) and oclif v4. This modernization brings faster performance, a new semantic color system, and aligns the CLI with modern JavaScript standards.
While v11 introduces breaking changes to legacy namespaces, the benefits are substantial: better performance, improved maintainability, and enhanced usability that simplifies how you manage Heroku resources from the command line.
- News
- Last Updated: March 19, 2026
- Jesse Brown, Ed Morley
Modern applications, especially those leveraging AI and data-heavy libraries, need more room to breathe. To support these evolving stacks and reduce developer friction, we’ve increased the default maximum compressed slug size from 500MB to 1GB.
- Ecosystem, Engineering
- Last Updated: March 17, 2026
- Juan Bustamante, Josh Sullivan
Most developers never see the 11 pack releases we shipped in the last 14 months as pack CLI maintainers. That’s actually a good sign—it means the infrastructure just works. When a critical vulnerability emerges requiring an immediate upgrade, the fix is shipped within days.
Here’s what most developers don’t see: that same security patch now protects every buildpack user across Heroku, Google Cloud, Openshift, VMware Tanzu, and thousands of internal platforms.
Subscribe to the full-text feed.