Heroku: Compromised OAuth Tokens for GitHub

15 points

4 years ago

Just got an email and link to this update from status.heroku.com. Sounds pretty dodgy. In effect, it means I'm unable to link up a new GitHub repo to Heroku and might not be able to do any updates either. Not to mention the possible security vulnerability (luckily I only use Heroku for side projects).

Edit: Here is the page specifically for this security incident - https://status.heroku.com/incidents/2413

------------

To mitigate impact from potentially compromised OAuth tokens, we will revoke over the next several hours all existing tokens from the Heroku GitHub integration. We are also preventing new OAuth tokens from being created until further notice. Your GitHub repositories will not be affected in any way by this action.

Currently running Heroku applications will not be affected, but this will prevent you from deploying your apps from GitHub through the dashboard or via automation. Some other actions in the dashboard will no longer work due to this mitigation, and you will be unable to reconnect to GitHub even though you may see warning banners about reconnecting. As a temporary workaround, you can use one of the other code deployment methods available in the following documentation: