Security patches will mainly target the latest release version, as listed on PyPI or GitHub Releases.

Patches for particularly high-impact security issues may be backported to older versions as needed, but Babel has generally been extremely backward compatible (within major version series), so for many users, simply upgrading to the latest release should be rather frictionless.

If you're using a version of Babel packaged by a downstream distribution, such as Debian, Ubuntu, etc., they may backport patches from newer versions with a different policy.

Please feel free to report vulnerabilities by any method below you feel comfortable with:

• You can use GitHub's form over here.
• Contact a maintainer, presently @akx, over email ([email protected]) or direct messages on listed socials.
  • If you need an encrypted channel of communications, please email/DM first and we'll set something up.