There are two security advisories for Drupal contrib modules in our distribution:
Context - Moderately critical - Cross site scripting - SA-CONTRIB-2019-028: https://www.drupal.org/sa-contrib-2019-028
Services - Critical - SQL Injection - SA-CONTRIB-2019-026: https://www.drupal.org/sa-contrib-2019-026
This issue has been fixed in Developer Portal 19.02.27.00 and all customers are urged to update their portal immediately.
For Apigee Cloud customers -
Developer Portal 19.02.27.00 has been released.
Cloud customers hosted on Pantheon should apply updates to their site using the Pantheon dashboard: http://apigee.com/docs/developer-services/content/working-pantheon#maintainyoursite-applyanapigeeupdatetothedeveloperservicesportal
Make sure all environments have been patched using the standard workflow: http://helpdesk.getpantheon.com/customer/portal/articles/383609-using-the-pantheon-workflow
Cloud customers hosted on Acquia will see these updated pushed to their master branch, and will need to apply this release to the production environment.
This notification has been sent to anyone subscribed to "Drupal-based (alternative)", if you you do not want to receive notifications about Developer Portal please click the "manage your subscription" link in the notification email footer to modify your subscription choices.