Read the Docs Blog
Posts tagged security
HTTPS for Custom Domains
- 13 August 2018
- San Diego, CA
Read the Docs hosts documentation for over 80,000 open source projects
and over 2,500 of those projects are hosted on their own individual domains.
Documentation hosted on *.readthedocs.io has supported HTTPS for a number of years,
but one of our most requested features was to make HTTPS on other domains easy.
Today we are happy to announce that Read the Docs supports HTTPS on custom domains!
Earlier this year, Cloudflare contacted us to support HTTPS for the thousands of open source documentation projects on their own domains. They generously provided us with their SSL for SaaS package to ease the integration on our side.
Securing Subdomains
- 27 April 2016
- Portland, Oregon
Starting today, Read the Docs will start hosting projects from subdomains on
the domain readthedocs.io, instead of on readthedocs.org. This change
addresses some security concerns around site cookies while hosting user
generated data on the same domain as our dashboard.
Changes to provide security against broader threats have been in place for a while, however there are still a few scenarios that can only be addressed by migrating to a separate domain.
Securing Build Processes
- 30 September 2015
- Portland, Oregon
We’ve recently introduced a new build container subsystem based on Docker to readthedocs.org, which should go mostly unnoticed for users. We’re still ironing out some bugs with the system, so raise an issue on our issue tracker if you are noticing any new issues with your project builds.
This new system is part of an over-due security update to help isolate arbitrary code execution. As Read the Docs has grown, protecting against arbitrary execution was a rapidly growing concern. This build isolation layer was developed as part of readthedocs.com, where security concerns are paramount due to private repository access. We’ve been testing it for roll out on the community site since then, but hadn’t committed to switching production build servers over due to the number of possible side effects.