spring-framework/SECURITY.md

# Reporting a Vulnerability

Please, [open a draft security advisory](https://github.com/spring-projects/security-advisories/security/advisories/new) if you need to disclose and discuss a security issue in private with the Spring Framework team. Note that we only accept reports against [supported versions](https://spring.io/projects/spring-framework#support).

For more details, check out our [security policy](https://spring.io/security-policy).

## JAR signing

Spring Framework JARs released on Maven Central are signed.
You'll find more information about the key here: https://spring.io/GPG-KEY-spring.txt
Update security policy and issue template Because Spring Framework already has a security policy, this shows up in the issue template automatically. This commit removes the extra external link and updates the original security policy. See gh-33711 2024-10-15 23:57:04 +08:00			`# Reporting a Vulnerability`

Update SECURITY.md 2024-10-16 00:13:29 +08:00			`Please, [open a draft security advisory](https://github.com/spring-projects/security-advisories/security/advisories/new) if you need to disclose and discuss a security issue in private with the Spring Framework team. Note that we only accept reports against [supported versions](https://spring.io/projects/spring-framework#support).`

			`For more details, check out our [security policy](https://spring.io/security-policy).`
Create SECURITY.md 2019-05-23 23:36:52 +08:00
Mention JAR signing key in SECURITY.md This commit adds a link to the now published information on spring.io about the GPG key used to sign the Spring artifacts published on Maven Central. Closes gh-23434 2023-03-18 05:30:49 +08:00			`## JAR signing`

			`Spring Framework JARs released on Maven Central are signed.`
			`You'll find more information about the key here: https://spring.io/GPG-KEY-spring.txt`