Currently only the latest version is supported.
If you discover a security vulnerability, please send an email to security@lattice.db.
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if known)
- Initial Response: Within 48 hours
- Detailed Response: Within 7 days
- Fix Release: As appropriate
Vulnerabilities are disclosed after a fix is released.
- Enable Encryption: Always use database encryption
- Secure Keys: Store keys securely (keychain, TPM)
- Verify Sync: Use known sync servers or self-host
- Backup: Regular encrypted backups
- TLS Required: Always use HTTPS/WSS
- Rate Limiting: Prevent abuse
- Monitoring: Log and monitor for suspicious activity
- Updates: Keep server updated
- Algorithm: AES-256-GCM
- Key Size: 256 bits
- KDF: Argon2id with appropriate parameters
- Signature: Ed25519
- Generate new key pair
- Re-encrypt data with new key
- Update all devices
- Archive old key securely
- Delete old key after verification
This document will be updated as the security landscape evolves.
Last updated: 2025-01-03