spring-framework/SECURITY.md

# Reporting a Vulnerability

You can create a [draft security advisory here](https://github.com/spring-projects/security-advisories/security/advisories/new).
Security issues must be disclosed and discussed in private. Please check out our [security policy](https://spring.io/security-policy).
Note that we can only accept vulnerabilities against [supported versions](https://spring.io/projects/spring-framework#support).

## JAR signing

Spring Framework JARs released on Maven Central are signed.
You'll find more information about the key here: https://spring.io/GPG-KEY-spring.txt
Update security policy and issue template Because Spring Framework already has a security policy, this shows up in the issue template automatically. This commit removes the extra external link and updates the original security policy. See gh-33711 2024-10-15 23:57:04 +08:00			`# Reporting a Vulnerability`

			`You can create a [draft security advisory here](https://github.com/spring-projects/security-advisories/security/advisories/new).`
			`Security issues must be disclosed and discussed in private. Please check out our [security policy](https://spring.io/security-policy).`
			`Note that we can only accept vulnerabilities against [supported versions](https://spring.io/projects/spring-framework#support).`
Create SECURITY.md 2019-05-23 23:36:52 +08:00
Mention JAR signing key in SECURITY.md This commit adds a link to the now published information on spring.io about the GPG key used to sign the Spring artifacts published on Maven Central. Closes gh-23434 2023-03-18 05:30:49 +08:00			`## JAR signing`

			`Spring Framework JARs released on Maven Central are signed.`
			`You'll find more information about the key here: https://spring.io/GPG-KEY-spring.txt`