Do you run Rails or pure Ruby applications on Heroku? If so, it's important to be aware of upcoming end-of-life (EOL) dates for both your stack and your Ruby version. The Heroku-20 stack, built on Ubuntu 20.04 LTS, will reach EOL for standard support in April 2025. Ruby 2.7 has already passed its EOL, meaning it's no longer receiving critical security updates. Continuing to run your app with either an outdated Ruby version or an unsupported Heroku stack exposes your application to increasing security and stability risks.
In this article, we’ll cover:
What the Heroku-20 EOL means for your application. Risks of continuing with Ruby 2.7, especially in combination with Heroku-20. Recommendations and strategies for securely migrating your stack and Ruby version.
But first, here are the commands you can run to determine your current Heroku stack and Ruby version:
$ heroku stack --app <APP NAME>
=== ⬢ your-app-name Available Stacks
cnb
container
* heroku-20
heroku-22
heroku-24
The above command will list the available stacks and denote the current stack your application is using. If it shows heroku-20, then it’s time to consider an upgrade.
To check your Ruby version, run:
$ heroku run ruby -v --app <APP NAME>
With this information, you'll be ready to understand your risks clearly and take the recommended migration steps outlined below.
Understanding the Heroku-20 and Ruby 2.7 EOL
Before you plan your migration, it's crucial to clearly understand what EOL means for both your Heroku stack and your Ruby version.
Heroku-20 Stack
Heroku-20, based on Ubuntu 20.04 LTS, will reach EOL for standard support in April 2025. After this date, Ubuntu 20.04 will stop receiving regular security updates, patches, and technical support. This means any new vulnerabilities discovered after this point will not be officially addressed, significantly increasing security risks and potential compatibility issues with newer software and libraries.
Starting May 1st, 2025, builds will no longer be allowed for Heroku-20 apps.
Ruby 2.7
Ruby 2.7 reached EOL in March 2023. This means Ruby 2.7 no longer receives security patches, bug fixes, or compatibility updates. Applications using Ruby 2.7 are vulnerable to newly discovered security risks and are likely to encounter compatibility problems with other system components, such as newer versions of OpenSSL.
Additionally, Ruby 3.0 reached EOL in April 2024, and Ruby 3.1 is EOL as well. As of this writing, the latest stable Ruby version is Ruby 3.4.2.
Understanding your options and risks
Before jumping straight into a migration, you might have some questions about the implications and potential risks associated with your current stack and Ruby version. Let’s cover the common questions.
Can I continue using Ruby 2.7 on Heroku?
While it’s technically possible to run Ruby 2.7 on Heroku‑20, doing so carries significant risks. Ruby 2.7 no longer receives bug fixes or security updates, making applications vulnerable to emerging threats.
What are the risks of staying on the Heroku‑20 stack?
If you remain on Heroku-20 past its EOL in April 2025, your application environment will become increasingly insecure. You'll no longer receive critical patches for security vulnerabilities, potentially leading to exploitation. Additionally, dependencies and libraries may become incompatible or fail to build correctly.
Can I just move off of Heroku while keeping my current Ruby version?
Even if you migrate away from Heroku, using Ruby 2.7 on an unsupported or self-managed environment still carries significant risks. Older Ruby versions that no longer receive updates may face mounting compatibility challenges with newer system components. For example, newer Ubuntu releases run OpenSSL 3.x. This will conflict with Ruby 2.7’s expectations of OpenSSL 1.1.x.
While migrating off Heroku might seem like a quick fix, the underlying issue—EOL for Ruby 2.7—remains. Even if you self-manage your infrastructure or move to another platform, you'll still face security vulnerabilities and compatibility issues. In the long term, maintenance challenges will increase. Modern Ubuntu versions (22.04+) use OpenSSL 3.x, incompatible with Ruby 2.7, making your application more difficult and costly to maintain.
Migration Recommendations
A structured migration plan ensures a smooth transition with minimal disruption. Here are some key pointers for how to approach upgrading your Ruby and Heroku stack.
#1: Embrace Rails LTS
If you’re using Rails with Ruby 2.7, consider migrating to a Rails LTS release. This move requires upgrading both Rails and Ruby and transitioning to a supported Heroku stack (such as Heroku‑22 or Heroku‑24) that continues to receive security updates.
#2: Upgrade incrementally
Rather than overhauling your entire system at once, upgrade Rails one major version at a time—deploy and resolve issues after each change—and handle Ruby upgrades as a separate process. This approach isolates problems and helps you gradually transition toward running at least Ruby 3.2.6.
#3: Adopt the latest versions
Ultimately, your goal should be to run your application on the latest Ruby version and Heroku‑24. Newer releases offer improved performance, enhanced security, and native support for modern libraries like OpenSSL 3, reducing the risk of future compatibility issues.
#4: Consider professional upgrade services
Professional upgrade services are specialized consultants who analyze your codebase and infrastructure to create a tailored migration plan that minimizes downtime and disruption. Their expertise is especially valuable for legacy projects running on significantly outdated versions. Options include:
Keep in mind that older Rails and Ruby versions can be more challenging and costly to upgrade.
#5: Understand the ecosystem constraints
Upgrading your application stack isn’t just about Heroku—it's about ensuring that your entire environment remains secure and maintainable. Even if you migrate off Heroku, you remain subject to the same challenges regarding security patches, build pipelines, and compatibility. It's essential to plan so that your overall stack (Ruby, Rails, OS) stays within a supported lifecycle.
Conclusion
Given the upcoming EOL for the Heroku-20 stack and the already-passed EOL of Ruby 2.7, proactive migration is essential to maintain your application's security, stability, and compatibility. Start your migration plan early and consider incremental upgrades to avoid disruption. Taking these steps now can prevent a last-minute scramble and ensure your application continues to benefit from the latest security and performance enhancements.
Resources
- Ubuntu lifecycle and release cadence
- Ruby 2.7.8 (Last) Release Announcement
- Heroku-20 Stack Documentation
- Heroku Guidance on “Upgrading to the Latest Stack”
- Heroku-20 End-of-Life FAQ