Add Security Policy

docs/conf.py

@@ -21,7 +21,9 @@ extensions = [
     'sphinx.ext.autodoc',
     'sphinx.ext.coverage',
     'sphinx.ext.viewcode',
-    'sphinx_copybutton'
+    'sphinx_copybutton',
+    'sphinx.ext.intersphinx',
+    'sphinx.ext.autosectionlabel',
 ]
 source_suffix = '.rst'
 master_doc = 'index'

docs/index.rst

@@ -21,3 +21,4 @@ Contents
     :titlesonly:
 
     contributing
+    security

docs/security.rst

@@ -0,0 +1,34 @@
+Security Policy
+===============
+
+This documents the security policy and actions to take to secure the security of the package, its deployment and use.
+
+Supported Versions
+------------------
+
+Security vulnerabilities are fixed only for the latest version of `icalendar`.
+
+.. list-table:: Versions to receive security updates
+   :widths: 25 25
+   :header-rows: 1
+
+   * - Version
+     - Supported
+   * - 6.*
+     - ✅
+   * - 5.*
+     - ❌
+   * - 4.*
+     - ❌
+   * - < 4.*
+     - ❌
+
+
+Reporting a Vulnerability
+-------------------------
+
+Please report any vulnerabilities you find on this project's
+`Security Page <https://github.com/collective/icalendar/security>`_.
+If you cannot do this, please contact one of the
+:ref:`maintainers`
+directly or open an issue.