From 50635d8fe4743649acd21e248043b15f1652caac Mon Sep 17 00:00:00 2001
From: Aarni Koskela <akx@iki.fi>
Date: Tue, 9 Sep 2025 20:14:43 +0300
Subject: [PATCH] Add SECURITY.md (#1229)

---
 SECURITY.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..7c9adcfc
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Security patches will mainly target the latest release version,
+as listed on [PyPI](https://pypi.org/project/babel/) or [GitHub Releases](https://github.com/python-babel/babel/releases).
+
+Patches for particularly high-impact security issues may be backported to older versions as needed,
+but Babel has generally been extremely backward compatible (within major version series),
+so for many users, simply upgrading to the latest release should be rather frictionless.
+
+If you're using a version of Babel packaged by a downstream distribution,
+such as Debian, Ubuntu, etc., they may backport patches from newer versions with a different policy.
+
+## Reporting a Vulnerability
+
+Please feel free to report vulnerabilities by any method below you feel comfortable with:
+
+* You can use GitHub's form [over here](https://github.com/python-babel/babel/security/advisories/new).
+* Contact a maintainer, presently [@akx](https://github.com/akx), over email (akx@iki.fi) or direct messages on listed socials.
+  * If you need an encrypted channel of communications, please email/DM first and we'll set something up.
-- 
2.47.3