Please, open a draft security advisory if you need to disclose and discuss a security issue in private with the Spring Data team. Note that we only accept reports against supported versions.
For more details, check out our security policy.
Spring Data JARs released on Maven Central are signed. You’ll find more information about the key here: https://spring.io/GPG-KEY-spring.txt
Versions released prior to 2023 may be signed with a different key.