If you’re getting warnings like these, you might want to make sure you’re ready to patch on March 28th.
There will be a security release of Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th 2018 between 18:00 – 19:30 UTC, one week from the publication of this document, that will fix a highly critical security vulnerability.
The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days.
[…]
While Drupal 8.3.x and 8.4.x are no longer supported and we don’t normally provide security releases for unsupported minor releases, given the potential severity of this issue, we are providing 8.3.x and 8.4.x releases that include the fix for sites which have not yet had a chance to update to 8.5.0.
Source: Drupal 7 and 8 core highly critical release on March 28th, 2018 PSA-2018-001 | Drupal.org