From 6d8490d44a0c9b33a687beda66c1db1c3be3be1c Mon Sep 17 00:00:00 2001 From: Aarni Koskela Date: Tue, 9 Sep 2025 20:05:10 +0300 Subject: [PATCH 1/2] Add SECURITY.md --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..74aa5141f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Security patches will mainly target the latest release version, +as listed on [PyPI](https://pypi.org/project/babel/) or [GitHub Releases](https://github.com/python-babel/babel/releases). + +Patches for particularly high-impact security issues be backported to older versions as need be, +but Babel has generally been extremely backward compatible (within major version series), +so for many users, simply upgrading to the latest release should be rather frictionless. + +If you're using a version of Babel packaged by a downstream distribution, +such as Debian, Ubuntu, etc., they may backport patches from newer versions with a different policy. + +## Reporting a Vulnerability + +Please feel free to report vulnerabilities by any method below you feel comfortable with: + +* You can use GitHub's form [over here](https://github.com/python-babel/babel/security/advisories/new). +* Contact a maintainer, presently [@akx](https://github.com/akx), over email (akx@iki.fi) or direct messages on listed socials. + * If you need an encrypted channel of communications, please email/DM first and we'll set something up. From b32461b37dbc42eab3a887636b97554234fe4378 Mon Sep 17 00:00:00 2001 From: Aarni Koskela Date: Tue, 9 Sep 2025 20:08:13 +0300 Subject: [PATCH 2/2] Update SECURITY.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 74aa5141f..7c9adcfcb 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -5,7 +5,7 @@ Security patches will mainly target the latest release version, as listed on [PyPI](https://pypi.org/project/babel/) or [GitHub Releases](https://github.com/python-babel/babel/releases). -Patches for particularly high-impact security issues be backported to older versions as need be, +Patches for particularly high-impact security issues may be backported to older versions as needed, but Babel has generally been extremely backward compatible (within major version series), so for many users, simply upgrading to the latest release should be rather frictionless.