There are two security advisories for Drupal core and contrib modules in our distribution, see release notes for details: https://docs.apigee.com/release/notes/19032000-apigee-developer-services-portal-release-notes
These issues have been fixed in Developer Portal 19.03.20.00 and all customers are urged to update their portal immediately.
Cloud customers hosted on Pantheon should apply updates to their site using the Pantheon dashboard: http://apigee.com/docs/developer-services/content/working-pantheon#maintainyoursite-applyanapigeeupdatetothedeveloperservicesportal
Make sure all environments have been patched using the standard workflow: http://helpdesk.getpantheon.com/customer/portal/articles/383609-using-the-pantheon-workflow
Cloud customers hosted on Acquia will see these updated pushed to their master branch, and will need to apply this release to the production environment.
This notification has been sent to anyone subscribed to "Drupal-based (alternative)", if you you do not want to receive notifications about Developer Portal please click the "manage your subscription" link in the notification email footer to modify your subscription choices.