Security

Karia Networks takes the security of Pablo seriously. We appreciate responsible disclosure and will work with you to resolve issues quickly.

Reporting a vulnerability

Email [email protected] with:

What to expect

Scope

Out of scope: denial-of-service volume testing, social engineering, and third-party services we don’t operate.

Supported versions

During the pilot, only the latest released version receives security fixes — the built-in self-update keeps installations current. A formal support window will be published at general availability.

Release integrity

All Pablo releases are GPG-signed with our RSA-4096 release key, fingerprint:

12B4 9ADA 9D8B 5E84 50A3 7619 F513 E144 C605 E5E2

Download the public key at /pablo-release-public.asc, then:

gpg --verify checksums-<version>.txt.asc checksums-<version>.txt
sha256sum -c checksums-<version>.txt
rpm --checksig pablo-<version>-<arch>.rpm

Our machine-readable disclosure contact is published at /.well-known/security.txt.