Following the Drupal Security release SA-CORE-2020-012 we verified that amazee.io platform and Lagoon are not affected by this security issue. By default web servers are configured to not execute any PHP files, even if they directly end with ".php" or ".php.txt"
All Drupal sites should still be updated to the newest version of Drupal as quickly as possible!
Posted Nov 18, 2020 - 19:22 UTC
This incident affects: Finland (fi1.compact), Japan (jp1.compact), Australia (au1.lagoon), Germany (de3.lagoon), United Kingdom (uk2.compact, uk3.lagoon), USA (us1.lagoon, us2.lagoon), Switzerland (zh1.compact, ch1.lagoon), General (dev1.compact), and on-premise servers.