18.04.25.01 - Apigee Developer Services Portal Release Notes

On Wednesday, April 25, a new version of Developer Services Portal is ready for you to apply. See How do I apply Apigee updates to my developer portal in the public cloud?

Bugs fixed

The following bug is fixed in this release.

Issue ID Component Name Description
78578403 Developer Portal - Drupal

Media - Critical - Remote Code Execution - SA-CONTRIB-2018-020
The Media module has been updated to Media 7.x-2.19 to address a vulnerability similar to SA-CORE-2018-004, leading to a possible remote code execution (RCE) attack.

Warning: Delays in deploying the patch could result in significant impact to your Developer Portal and potentially impact your environments within Apigee Edge.

For Cloud Customers:

Given the severity of the issue, Apigee will automatically apply the patch on your behalf after 24 hours if it is not already applied. Please note that it may take a few hours to roll the updates out across all customer sites. In order to see if the update has been applied, please go to Pantheon dashboard at https://pantheon.io or Acquia dashboard at https://accounts.acquia.com.

For On-premises (OPDK) Customers:

You are responsible for applying the patch. See https://www.drupal.org/project/media/releases/7.x-2.19.

For more information see https://www.drupal.org/sa-contrib-2018-020