SpringSource Security Team

Overview

The SpringSource Security Team provides a single point of contact for the reporting of security vulnerabilities in SpringSource products and coordinates the process of investigating any reported vulnerabilities.

If you were looking for the Spring Security project, please visit the Spring Security web site.

Reporting a vulnerability

We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in SpringSource products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address. All mail sent to this address that does not relate to an undisclosed security problem in a SpringSource product will be ignored.

The e-mail address to use to contact the SpringSource security team is security@springsource.com. If you wish to encrypt your e-mail to the SpringSource Security Team, please use our OpenPGP key.

Its fingerprint is E6BA 5CC8 3FC4 995F 7C6C 92E9 3181 785A 527C 8124 and it can be obtained from a public key server such as pgp.mit.edu.

Known vulnerabilities and issues

The known vulnerabilities and issues for each of our products can be found by following the links on the left hand side of the page. If a product is not listed, then there are no known vulnerabilities for that product.