Ethereum’s Most Popular Software Client Issues Hotfix to High Severity Bug

Ethereum’s Most Popular Software Client Issues Hotfix to High Severity Bug

Ethereum’s most popular software client, Geth, has issued a hotfix to a high severity security issue in their code.

The release was posted to GitHub at 07:08 UTC Tuesday. Details of the fixes weren’t disclosed “to give node operators and dependent downstream projects time to update their nodes and software,” according to a posting on the release page.

Ethernodes.org reports that nearly 75% of nodes on Ethereum run Geth. All these users are encouraged to upgrade immediately to the latest version of Geth, v.1.10.8.

Guido Vranken, a software developer who specializes in finding code vulnerabilities in open source software, announced that he discovered the bug on Wednesday, Aug. 18.

The last time a fix for a bug in Geth code was released, it caused a temporary chain split on Ethereum. Due to a deliberate lack of communication from Geth developers about the bug, several computers, also called “nodes,” did not upgrade their Geth client to the fixed implementation which resulted in a blockchain consensus failure in November 2020.

The Geth developer team said in a post-mortem blog post at the time that not speaking publicly about the security vulnerability was aimed at delaying any potential attacks on node operators who needed more time to upgrade to the latest version.

This time around Geth developers emphasized in advance the urgent need for all users of their software to upgrade to the latest version, but the initial announcement on Aug. 18 did not explicitly describe the nature of the vulnerability.

“Last time we did a hotfix, people were angry that we didn’t announce it. This time we decided to try it differently. Let’s see which works better,” tweeted Geth developer Péter Szilágyi about Tuesday’s code release.

Major Ethereum-based wallets and services such as Infura have publicly announced on Twitter their support for this new Geth release.

Source