Security
Karia Networks takes the security of Pablo seriously. We appreciate responsible disclosure and will work with you to resolve issues quickly.
Reporting a vulnerability
Email [email protected] with:
- A description of the issue and its impact
- Steps to reproduce (a proof of concept helps)
- The Pablo version (System → License & Updates shows it) and platform
What to expect
- Acknowledgement within 2 business days
- An assessment and remediation plan within 7 business days
- Fixes ship through the standard release channel; running instances receive them via the built-in self-update. We credit reporters in the release notes unless you prefer otherwise.
Scope
- The Pablo application (all platforms and packages)
- The license and download service at
support.karianetworks.com - The karianetworks.com website
Out of scope: denial-of-service volume testing, social engineering, and third-party services we don’t operate.
Supported versions
During the pilot, only the latest released version receives security fixes — the built-in self-update keeps installations current. A formal support window will be published at general availability.
Release integrity
All Pablo releases are GPG-signed with our RSA-4096 release key, fingerprint:
12B4 9ADA 9D8B 5E84 50A3 7619 F513 E144 C605 E5E2
Download the public key at /pablo-release-public.asc, then:
gpg --verify checksums-<version>.txt.asc checksums-<version>.txt
sha256sum -c checksums-<version>.txt
rpm --checksig pablo-<version>-<arch>.rpm
Our machine-readable disclosure contact is published at /.well-known/security.txt.