On Wednesday, April 25, a new version of Developer Services Portal is ready for you to apply. See How do I apply Apigee updates to my developer portal in the public cloud?
The following bug is fixed in this release.
|Issue ID||Component Name||Description|
|78578403||Developer Portal - Drupal||
Media - Critical - Remote Code Execution - SA-CONTRIB-2018-020
Warning: Delays in deploying the patch could result in significant impact to your Developer Portal and potentially impact your environments within Apigee Edge.
For Cloud Customers:
Given the severity of the issue, Apigee will automatically apply the patch on your behalf after 24 hours if it is not already applied. Please note that it may take a few hours to roll the updates out across all customer sites. In order to see if the update has been applied, please go to Pantheon dashboard at https://pantheon.io or Acquia dashboard at https://accounts.acquia.com.
For On-premises (OPDK) Customers:
You are responsible for applying the patch. See https://www.drupal.org/project/media/releases/7.x-2.19.
For more information see https://www.drupal.org/sa-contrib-2018-020