The Drupal security team has announced a highly critical security update being released on March 28th between 18:00 - 19:30 UTC. The Drupal team expects exploits will be created for this issue within hours of this release becoming publicly available.
Due to the anticipated risk of this issue, all Apigee Drupal Developer Portal sites will need to be updated as soon as possible after the security update is released. Apigee will make the updates available to customers as soon as possible once the patches are released.
For Cloud Customers:
Given the severity of the issue, Apigee will automatically apply the patch on your behalf immediately after the security update is released. Please note that it may take a few hours to roll the updates out across all customer sites. In order to see if the update has been applied, please go to Pantheon dashboard at https://pantheon.io
or Acquia dashboard at https://account.acquia.com
For On-premises (OPDK) Customers:
You are responsible for applying the patch. Steps to apply the update are here: https://docs.apigee.com/private-cloud/v4.18.01/upgrading-drupal-version-private-cloud-installation
Delays in deploying the patch could result in significant impact to your Developer Portal and potentially impact your environments within Apigee Edge.
More details are available at status.apigee.com and under the original announcement.
The Apigee Team