Drupal critical security update

Apigee Release Schedule

Apigee Edge: Tue-Thu 12am to 4am in Singapore, Central European, and US Eastern time zones (learn more)

Read the release notes to learn what is new.

Incident Report for Apigee

Resolved

The Drupal security team has announced a highly critical security update being released on March 28th between 18:00 - 19:30 UTC. The Drupal team expects exploits will be created for this issue within hours of this release becoming publicly available.
Due to the anticipated risk of this issue, all Apigee Drupal Developer Portal sites will need to be updated as soon as possible after the security update is released. Apigee will make the updates available to customers as soon as possible once the patches are released.

For Cloud Customers:
Given the severity of the issue, Apigee will automatically apply the patch on your behalf immediately after the security update is released. Please note that it may take a few hours to roll the updates out across all customer sites. In order to see if the update has been applied, please go to Pantheon dashboard at https://pantheon.io or Acquia dashboard at https://account.acquia.com.

For On-premises (OPDK) Customers:
You are responsible for applying the patch. Steps to apply the update are here: https://docs.apigee.com/private-cloud/v4.18.01/upgrading-drupal-version-private-cloud-installation.
Delays in deploying the patch could result in significant impact to your Developer Portal and potentially impact your environments within Apigee Edge.

More details are available at status.apigee.com and under the original announcement.

Regards,
The Apigee Team

Posted Mar 27, 2018 - 15:08 PDT

This incident affected: Edge Private Cloud (Edge Private Cloud - Developer Portal) and Developer Portal (Drupal-based (alternative)).