Security advisories for the Datab Node platform live here. Each advisory carries an identifier, severity, affected versions, mitigations, and a fix-or-workaround timeline.

Status

No advisories at this time. RC1 has not yet been deployed to general production, and no third-party disclosure has triggered an advisory. The list below describes the format we use when an advisory is published.

Disclosure policy

• Vulnerabilities are reported to hello@databsystems.com with subject line SECURITY.
• Datab acknowledges receipt within 72 hours.
• We coordinate a mitigation timeline with the reporter. Default disclosure window is 90 days from acknowledgment.
• Critical-severity issues with active exploitation may be disclosed earlier with the reporter's consent.
• Affected institutions are notified directly before public disclosure.

Advisory template

DTAB-YYYY-NN  | YYYY-MM-DD

Title: ...
Severity: critical | high | medium | low
Affected: datab-app <version range>, atlas-core <version range>
Discovered: <reporter or "internal">
Status: mitigated | patched | acknowledged

Description: ...
Impact: ...
Mitigation: ...
Fix: <version + commit hash>
Workaround: ...

Linked runbooks

Incident response runbooks for operators are in the repository at docs/security/runbooks/. Five P0/P1/P2 runbooks cover unauthorized admin access, database export attempts, node compromise, lost recovery credentials, and snap channel downgrades.