From: Aarni Koskela <akx@iki.fi>
Date: Tue, 9 Sep 2025 17:14:43 +0000 (+0300)
Subject: Add SECURITY.md (#1229)
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=HEAD;p=thirdparty%2Fbabel.git

Add SECURITY.md (#1229)
---

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..7c9adcfc
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Security patches will mainly target the latest release version,
+as listed on [PyPI](https://pypi.org/project/babel/) or [GitHub Releases](https://github.com/python-babel/babel/releases).
+
+Patches for particularly high-impact security issues may be backported to older versions as needed,
+but Babel has generally been extremely backward compatible (within major version series),
+so for many users, simply upgrading to the latest release should be rather frictionless.
+
+If you're using a version of Babel packaged by a downstream distribution,
+such as Debian, Ubuntu, etc., they may backport patches from newer versions with a different policy.
+
+## Reporting a Vulnerability
+
+Please feel free to report vulnerabilities by any method below you feel comfortable with:
+
+* You can use GitHub's form [over here](https://github.com/python-babel/babel/security/advisories/new).
+* Contact a maintainer, presently [@akx](https://github.com/akx), over email (akx@iki.fi) or direct messages on listed socials.
+  * If you need an encrypted channel of communications, please email/DM first and we'll set something up.