Media - Critical - Remote Code Execution - SA-CONTRIB-2018-020
The Media module has been updated to Media 7.x-2.19 to address a vulnerability similar to SA-CORE-2018-004, leading to a possible remote code execution (RCE) attack.
Warning: Delays in deploying the patch could result in significant impact to your Developer Portal and potentially impact your environments within Apigee Edge.
For Cloud Customers:
Given the severity of the issue, Apigee will automatically apply the patch on your behalf after 24 hours if it is not already applied. Please note that it may take a few hours to roll the updates out across all customer sites. In order to see if the update has been applied, please go to Pantheon dashboard at https://pantheon.io or Acquia dashboard at https://accounts.acquia.com.