2018-02-19 23:46:24 +00:00
|
|
|
Security
|
|
|
|
========
|
|
|
|
|
|
|
|
Security is very important to us at Read the Docs. We are committed to responsible reporting and disclosure of security issues.
|
|
|
|
|
|
|
|
Reporting a security issue
|
2018-03-12 17:22:12 +00:00
|
|
|
--------------------------
|
2018-02-19 23:46:24 +00:00
|
|
|
|
2018-05-24 19:29:59 +00:00
|
|
|
If you believe you've discovered a security issue at Read the Docs,
|
|
|
|
please contact us at **security@readthedocs.org** (optionally using our :ref:`security:PGP key`).
|
|
|
|
We request that you please not publicly disclose the issue until it has been addressed by us.
|
2018-02-19 23:46:24 +00:00
|
|
|
|
|
|
|
You can expect:
|
|
|
|
|
|
|
|
* We will respond acknowledging your email typically within one business day.
|
|
|
|
* We will follow up if and when we have confirmed the issue with a timetable for the fix.
|
|
|
|
* We will notify you when the issue is fixed.
|
2018-05-24 19:29:59 +00:00
|
|
|
* We will add the issue to our :ref:`security issue archive <security:Security issue archive>`.
|
2018-02-19 23:46:24 +00:00
|
|
|
|
|
|
|
PGP key
|
2018-03-12 17:22:12 +00:00
|
|
|
-------
|
2018-02-19 23:46:24 +00:00
|
|
|
|
2018-05-24 19:29:59 +00:00
|
|
|
You may use this `PGP key`__ to securely communicate with us and to verify signed messages you receive from us.
|
2018-02-19 23:46:24 +00:00
|
|
|
|
2018-05-24 19:29:59 +00:00
|
|
|
__ https://pgp.mit.edu/pks/lookup?op=vindex&search=0xFEEF9FC2DD21D271
|
2018-02-19 23:46:24 +00:00
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
2018-02-21 21:38:07 +00:00
|
|
|
Comment: GPGTools - http://gpgtools.org
|
2018-02-19 23:46:24 +00:00
|
|
|
|
2018-02-21 21:38:07 +00:00
|
|
|
mQINBFqNz1ABEADvgtp3LT1pV5wuTyBPaKrbWBFj10eKyQ15wfgyc2RR6Ix5QnBo
|
|
|
|
6BcJ4fpgBhSwlngsrm0WU5kI/jH7ySwzbDpYCRiLvGJx+pEYLuBBOSm6r5M1N+FV
|
|
|
|
xq3ShT4mHXhwPS1mKf9Xe+KlMdYa2e5TlBEr+TxGAmFFrOLjPxw6IDHgP3MVidr2
|
|
|
|
iHA2PAATl6H9ZYvNzLkI2sP7h0V1/ADd43YpAK4yk6gdVjype5ez8lmoxDKNabMt
|
|
|
|
dSfdOup8zy/fbC5KlxqrT9hHBkYfQWDLWXWcDW111q+ZvncujCrpONaY86bcQ3nn
|
|
|
|
QgkeWCwj254vvqsrygEU93reC2onWaROUKoLlX1/1m2k2X3qze/hJRFZaljXVPKH
|
|
|
|
jV/5q88EbjSUDgY5v9mdX8jhJAukx9HkOFdkMSh3RBgu1r+UPnCNd9K4T2nN0LBL
|
|
|
|
c9NTG0HW7Di5ivEVq74SqDIeiVeOrfY/B6pRuUm/kNPcvZ+ZQPeNk6JUMqEemO9Q
|
|
|
|
h0VHSkgkhCPWPO9c9wWJz7O6y6vXgsFG7BZg7mTVOiKbdgneGo/rKRvuBlQ7hCvP
|
|
|
|
PklwyRn90SJSgv7NF6HMm4TA1R9mzp+90oXjrDXARXmGTsPtcDXFv7xqpK1+Mfcn
|
|
|
|
ajEJYdIRNWVgx0E2RzHRipdG5MIQ5Plf4/GasVHl71nMGY06oIu1T+44MQARAQAB
|
|
|
|
tFpSZWFkIHRoZSBEb2NzIFNlY3VyaXR5IFRlYW0gKGh0dHBzOi8vcmVhZHRoZWRv
|
|
|
|
Y3Mub3JnL3NlY3VyaXR5LykgPHNlY3VyaXR5QHJlYWR0aGVkb2NzLm9yZz6JAk4E
|
|
|
|
EwEIADgWIQRq+P453S2vjKvMbGn+75/C3SHScQUCWo3PUAIbAwULCQgHAgYVCgkI
|
|
|
|
CwIEFgIDAQIeAQIXgAAKCRD+75/C3SHScYMMD/4z0TN08oJ57Krg+UODXPsT9U3l
|
|
|
|
8fyKHhe6fJCTt5GQiWwBbkfa4M0YcxemIJGdgF1DpdSteWIL0tCwXbxHph+keYlg
|
|
|
|
z+EmF+W7OlnwbmtDx/Rj9VNdzf636DkMusTQzYEB/+FdN4LtMVq7Al4CZ2Ca82F8
|
|
|
|
h0TLceh2bRgNjeWPuAMj7kS8tw3D9LmYA8d8Lv2c2jN7ba9p+QNKdSa4ErdJ0kbz
|
|
|
|
CSFcABPfc+LlYWFbm5j1ggzTONgR9R27mpAGMAtgSeAtxXLU0sQfLtCNaVkRyJ3C
|
|
|
|
s0awUvJCuq11YUPjz4HAcTWM4baAxK5LliEDOdaOlTK0q8T0sPP+SWt5JRL6/Xc3
|
|
|
|
SwaXnVfzzZyeaSmRGEHmGQYBTB3WMUcH1RNH6uhNPCF4x3t0jOHWP7Eka4B9IdfE
|
|
|
|
cd+GDwqTKCHyddh8yUzTrmlSbdO7iuel6WVN0Xo1xzVrLUKpgDvB0UuPQXlxDLUc
|
|
|
|
WVrKv9rcyDVGVpDjQSQ4l191NDzlfzmDFkZ69Qe3E5Ir8oWBCMtHX3C99ocIcbR3
|
|
|
|
3mqOio2/QQCJzrMOWxgauF/q4JMKQRj5Qq8US2U32xlPzB8O09z1e3kUOEy4gbwE
|
|
|
|
6LVMj6vxJqjV8/4AOcocGgJKLLC9nqhf2sq5zA4TjI7lI25pgDDYozaLF2ss5nk3
|
|
|
|
t9hQmI5Q0MXGSsflAbkCDQRajc9QARAA30mNh2QaDVLcHEfJ9QKfqRfY3ddG6s6F
|
|
|
|
AHLR7mQ2tmO7ygzxgEcM7+7W+lmc9L+mZ5WutK5PIae/MpAgOo220079aW3em2sz
|
|
|
|
+dIHdSE7CaajUahQaPqLY6W0bbZloGGDetPtOMKBTI1HtSNyKIsULsbyUA1SsEFn
|
|
|
|
aWtOof1MqqVQvYDwwwRj6T+DHtV17yO33v98k01Nx1SSThVY9wQ4MOZDBOAqWhie
|
|
|
|
iboDssrvtVZZihbQ9LM8TH/l81auodBDpp96tgWguzjM4eyutaYZ6ZOLhfVUuEX+
|
|
|
|
gEqqJ7alXfDhh3NZUMHZ0SHVII7u7nqciTo7NS9rxBXfdGlKmC/9Z3ehIXSpCnPY
|
|
|
|
JO42qMjPVM5/QDoeK9BWWX3rXmwnNzqK0D4L7zK/cVnt2q9EqPCUJgOITJWEGc9G
|
|
|
|
crO0ni/8M+BuhO/4MeJJtrPtmq1b1BoeuYBzf1M7ARtnvtC5hLLrtxiy4UANlwSm
|
|
|
|
HFcIEt5UViwEqRuQWr5ZO3mwaJP2R/foDHww7JYEqJ/GFI5RpT+3LWT5FXPC1QvU
|
|
|
|
sbewD+ZmLSfifhC0WUzF002eadgXNyXSZKAirM8+yELM4xZAs0pJVlKVFRnis0OL
|
|
|
|
Wxdzthp2gTg+agtMoz27belxVUEmRK9GDaXi9XtJSooSglt0xlTimgB40nDPniVB
|
|
|
|
4h5S/gHsg8cAEQEAAYkCNgQYAQgAIBYhBGr4/jndLa+Mq8xsaf7vn8LdIdJxBQJa
|
|
|
|
jc9QAhsMAAoJEP7vn8LdIdJxwswP/0oGlxUJZhDG8yCbTTTvxvKXd02AXw/GQKrq
|
|
|
|
ptrLEXbhko6TOuZolEWsRrc1ObMiky97CicqQthg22Kf1K7g2UNlPS4LFtTrPXKL
|
|
|
|
9iJMAgms0a0ul3cHqQh2XiuGc1bfDuGyNe/nE5/uvgpjxg0hvvBH/5xuiaMkf+gZ
|
|
|
|
nJjF2ZcXm6a17MCuAcw/siox1/PeXn0At/wzOWD9qONg+BI/QUynzcSMg/coBe7V
|
|
|
|
hUX1LU02n6laBwuQ6Q0KoD6CP43seYv3JaPyVP7+IkhtH/RDm8q3vs0qLpEBrJIb
|
|
|
|
vBYBXLtyoGHxTkWueou0Ur1j2lLUMqnQkq5NAsckSfHtZEdPDy6T3NHMfVRmnXnW
|
|
|
|
m/GM3BDE7DFe5BBYb+vJS4/JHNDoSpk+jNezaf3hdx9+fh2DIoL84fs1FRRAl3Od
|
|
|
|
6LWPAt3twOQLS0KsQh0GSIZ+zdJf3xvlZ4ixAaPB4iAF8bXYzvsODN3LRQIGhet2
|
|
|
|
NzjD41f5IrAlG/qFiC6s/YLj1DWanLw2nTzSi4x3v0Gc4DEXPebB3KvaNEmqoKGP
|
|
|
|
5aXa9IPbvzEVCX82qjeqCPYAsYVOBQnFEAcnkrQ76363oJTeTHxK7kgewS2YCVyy
|
|
|
|
7wVinR8eyrs+3AWrZ5Op817HgxGvAVDGOEK+1OX9g1wt+IdxX00s85/T+Zk9RF6H
|
|
|
|
wtRaD9li
|
|
|
|
=LjIC
|
2018-02-19 23:46:24 +00:00
|
|
|
-----END PGP PUBLIC KEY BLOCK-----
|
|
|
|
|
|
|
|
Security issue archive
|
2018-03-12 17:22:12 +00:00
|
|
|
----------------------
|
2018-02-19 23:46:24 +00:00
|
|
|
|
2018-03-12 17:22:12 +00:00
|
|
|
Release 2.3.0
|
|
|
|
~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
:ref:`version-2.3.0` resolves a security issue with translations on our community
|
|
|
|
hosting site that allowed users to modify the hosted path of a target project by
|
|
|
|
adding it as a translation project of their own project. A check was added to
|
|
|
|
ensure project ownership before adding the project as a translation.
|
|
|
|
|
|
|
|
In order to add a project as a translation now, users must now first be granted
|
|
|
|
ownership in the translation project.
|