Posts tagged security

Security update on incoming webhooks from integrations

Webhooks from integrations (like GitHub) are used to:

Trigger builds when a new commit is pushed to a repository.

Read more ...


HTTPS for Custom Domains

Read the Docs hosts documentation for over 80,000 open source projects and over 2,500 of those projects are hosted on their own individual domains. Documentation hosted on *.readthedocs.io has supported HTTPS for a number of years, but one of our most requested features was to make HTTPS on other domains easy. Today we are happy to announce that Read the Docs supports HTTPS on custom domains!

Earlier this year, Cloudflare contacted us to support HTTPS for the thousands of open source documentation projects on their own domains. They generously provided us with their SSL for SaaS package to ease the integration on our side.

Read more ...


Securing Subdomains

Starting today, Read the Docs will start hosting projects from subdomains on the domain readthedocs.io, instead of on readthedocs.org. This change addresses some security concerns around site cookies while hosting user generated data on the same domain as our dashboard.

Changes to provide security against broader threats have been in place for a while, however there are still a few scenarios that can only be addressed by migrating to a separate domain.

Read more ...


Securing Build Processes

We’ve recently introduced a new build container subsystem based on Docker to readthedocs.org, which should go mostly unnoticed for users. We’re still ironing out some bugs with the system, so raise an issue on our issue tracker if you are noticing any new issues with your project builds.

This new system is part of an over-due security update to help isolate arbitrary code execution. As Read the Docs has grown, protecting against arbitrary execution was a rapidly growing concern. This build isolation layer was developed as part of readthedocs.com, where security concerns are paramount due to private repository access. We’ve been testing it for roll out on the community site since then, but hadn’t committed to switching production build servers over due to the number of possible side effects.

Read more ...