There will be a security release of Drupal 7 on March 28th 2018 between 18:00 - 19:30 UTC that will fix a highly critical security vulnerability. Exploits will be created for this issue within days if not hours upon this release becoming publicly available.
Apigee will be putting this fix into the cloud hosting platforms immediately after it is released along with another status notification. Apigee advises all customers running a Drupal Developer Portal to reserve time to test and apply this patch on all environments, especially production systems as soon as it is released.
More information about this security advisory can be found here:
https://www.drupal.org/psa-2018-001
Cloud customers hosted on Pantheon should apply updates to their site using the Pantheon dashboard:
https://docs.apigee.com/api-platform/publish/drupal/working-pantheon#applyinganapigeeupdatetoyourportal
Cloud customers hosted on Acquia should apply updates to their site using the following instructions:
https://docs.apigee.com/api-platform/publish/drupal/working-acquia#applying-module-and-theme-updates-to-the-portal
Private Cloud Customers (OPDK) should upgrade to the latest Drupal version using the following instructions:
http://docs.apigee.com/developer-services/content/upgrading-drupal-opdk-installation