The Drupal Security Team has put out a critical security advisory for 3 modules today, none of which are part of the Apigee Dev Portal distribution by default:
RESTWS - Highly critical - Remote code execution: https://www.drupal.org/node/2765567
Coder - Highly Critical - Remote Code Execution: https://www.drupal.org/node/2765575
Webform Multiple File Upload - Critical - Remote Code Execution: https://www.drupal.org/node/2765573
If your team has not installed any of these modules, there isn't any action needed on your part. If your team has installed any of these modules, we urge you to update them as soon as possible due to the severity of these issues. The Drupal Security Team believes that exploits will be created in a matter of hours, or at most days.
More information about this security advisory can be found here:
For Apigee Cloud customers and Private Cloud customers:
Cloud customers hosted on Pantheon should update these modules immediately if they have installed them. Once again, if you have not installed these modules, there is no action on your part since they are not installed by default on Apigee Developer Portal.
To check if these modules are installed, login as an admin and click on "Modules" in the admin bar, and search for the module names. If the module is listed and enabled, you will need to update the module to the latest version. You may want to disable the module until you are able to update the module to the latest version.
This notification has been sent to anyone subscribed to "Developer Portal", if you you do not want to receive notifications about Developer Portal please click the "manage your subscription" link in the notification email footer to modify your subscription choices.
Jul 13, 10:03 PDT