👽️ ReadTheDocs "Security update on incoming webhooks from integrations"
Opened this issue · 0 comments
I set the RTD integration up years ago, but I don't have permissions on this repo anymore to keep it up to date. Let me know who to add as a maintainer on RTD and I'll hand the project over on there.
Action required
If you manually created a webhook integration for GitHub, GitLab or Bitbucket, you may be affected by this issue.
We have updated some of the webhooks automatically for users that have an account connected to a Git provider, for integrations that we weren’t able to update automatically, we have contacted the owners of each project. To check if you have integrations without a secret, and to update them to include one, follow these steps:
Click on the “Integrations” tab.
Click on each integration, if the integration doesn’t have a secret, you’ll see a warning message.
If you see the warning message, click on the “Resync webhook” button to generate a new secret.
Follow the steps from our documentation to update your provider’s webhook with the new secret.
Deprecation of integrations without a secret
In order to keep the builds of your projects working, webhooks from integrations without a secret will continue working, but with a limited functionality, they will only be able to trigger builds.
We strongly advise all users to update their integrations to include a secret as soon as possible. Integrations without a secret are deprecated, and support for them will be removed on January 31st, 2024.
― https://blog.readthedocs.com/security-update-on-incoming-webhooks/