Timeline of the Patch Release
The process to address the vulnerability began on Wednesday, August 7, 2024, when the Solana Foundation reached out to known network operators through private channels.
The patch was developed by an Anza engineer and made available on GitHub, enabling network operators to independently verify and apply the necessary updates. Detailed instructions for implementing the patch were distributed by 17:00 GMT on Thursday, August 8, securing approximately 66.6% of the network.
Public Disclosure and Critical Announcement
The vulnerability was publicly disclosed after 70% of the network had successfully applied the patch. Solana Labs subsequently issued a critical announcement on Discord, urging all remaining operators to update their systems without delay.
The announcement read:
“Core contributors have identified a network security issue that requires immediate attention. The v1.18.21 patch will be available in 30 minutes. Please be prepared to upgrade as soon as the announcement is sent.”