Skip to content
July 11, 2025

Old Rails versions on Heroku? Here's how to keep your apps secure

Ruby on Rails

It's official since March 17, 2025: Heroku has updated its guidelines for supporting Rails versions. These changes will affect many developers and teams who are still working with older Rails versions that have already reached end of life (EOL).

Heroku has updated its guidelines for supporting Rails versions. Applications running on the Heroku Cedar or Fir stack that rely on Rails versions that are no longer officially supported are particularly affected. In this article, we explain why this change poses a risk and how you can still stay on the safe side with Rails LTS.

Heroku update

What has changed?

Heroku has aligned its Rails support policy with that of the Rails Core Team:

  • Only Rails versions that are officially supported by the Rails Core Team are supported on Heroku.
  • Heroku no longer guarantees compatibility between older Rails versions and newer Ruby versions as provided on the current Heroku stacks.
  • For Fir apps, the recommended minimum version is Rails 7.1, which will reach its official end of life (EOL) on October 1, 2024.

In short: If you deploy to Heroku with an older version of Rails that has already reached EOL, you run the risk that the application will no longer start, crash, or behave incorrectly.

What risks arise for teams working with old versions of Rails?

Without official support from the Rails Core Team or Heroku, the following risks arise:

  • No more security patches for your app.
  • Compatibility issues with new Ruby versions, Heroku stacks, or buildpacks.
  • Increased maintenance effort and dependency on outdated libraries.

Security vulnerabilities (e.g., SQL injection, cross-site scripting, session hijacking) can become serious threats if left unpatched, especially for publicly accessible applications.

One solution: Rails LTS

Our Rails LTS service offers a solution for precisely this scenario, which is also recommended on the official Heroku website.

Rails LTS (Long-Term Support) is a commercial service that provides older Rails versions (e.g., 2.3, 3.2, 4.2, 5.2, and 6.1) with regular security patches – even long after the official EOL by the Rails Core Team.

Your advantages with Rails LTS

  • Security updates for productive apps, even on older versions
  • Drop-in compatible releases that can be integrated with minimal effort
  • GDPR compliant and proven in companies with high security standards
  • Compatible with modern Ruby versions, as supported by Heroku

This allows you to continue running your application on Heroku without having to upgrade to a new version of Rails immediately.

Conclusion

Heroku's new support policy makes one thing clear: running older Rails applications without additional measures is no longer secure. However, upgrading is not always possible in the short term, whether for budget, resource, or compatibility reasons.

With Rails LTS, you can close this gap and ensure the security of your applications while determining the timing of a full upgrade yourself.

Stay Secure on Legacy Rails
Rails LTS keeps your application safe and running by patching security issues and delivering critical bug fixes – even after official support has ended. No urgent upgrade required.
Get to know Rails LTS