This is adapted from the security policy for Read the Docs itself.

Currently, we are not supporting private installations of the ethical ad server. For our own releases, we always release from tags. The latest tag is (most likely) what is running live on the site.

If you believe you’ve discovered a security issue on the ethical ad server, please contact us at security@readthedocs.org. We request that you please not publicly disclose the issue until it has been addressed by us.

You can expect:

• We will respond acknowledging your email typically within one business day.
• We will follow up if and when we have confirmed the issue with a timetable for the fix.
• We will notify you when the issue is fixed.