In response to our nohttp announcement, Maven Central’s announcement, and JFrog’s announcement, beginning January 15 2020, Spring’s Maven Repository will no longer support HTTP. More concretely, http://repo.spring.io will not respond to requests. Users will need to ensure that they are using https://repo.spring.io
We are not going to redirect from http to https because it perpetuates the vulnerability. When the first request is made over http, a man in the middle (MITM) can prevent the redirect and replace the response with a malicious payload. Users that continue to use http will continue to be vulnerable to MITM attacks.