JUnit JARs released on Maven Central are signed. You'll find more information about the key here: KEYS
| Version | Supported |
|---|---|
| 5.13.x | ✅ |
| < 5.13 | ❌ |
To report a security vulnerability, you have two options:
- Privately report a vulnerability on GitHub (see docs for details)
- Send an email to [email protected]. You can use the published OpenPGP key with fingerprint
0152DA30EABC7ABADCB09D10D9A6B1329D191D25to encrypt the message body.