Ripple pushes urgent XRPL patch — but nodes must trust its new key

, ,
by Protos Staff

Ripple has released its fix for public-facing nodes this week in the form of version 3.1.2 of “rippled,” the network’s primary server implementation.

The XRP Ledger Foundation urged node operators to update “as soon as possible.” 

The fix? Trust a new key by Ripple.

“Ripple has rotated the GPG key used to sign rippled packages,” the official XRP Ledger Foundation post read. “If you have an existing installation, you should download and trust the new key to prevent issues.”

If nodes don’t place their trust in Ripple’s new key, rippled mishandles certain states of the XRP Ledger. When the server encountered certain edge cases, it called an internal function named LogicError.

That function calls an abort command

In plain English, the node aborted itself, instead of handling the unusual circumstance. RippleX engineer Mayukha Vadari authored the fix.

Opaquely, Ripple labeled the change a “refactor” to “improve exception handling.” The pull request’s own description admits the goal, “to return in case of an edge case.”

A LogicError crash terminates the entire server process instantly.

The Foundation’s announcement called the bug “an edge case that can cause outages on public facing nodes.”

Three members of XRPL Commons discovered and, to their credit, responsibly disclosed the issue without exploiting it for personal gain. That Paris-based non-profit focuses on XRP Ledger education and development. 

The bug fix credits work by former hedge fund manager-turned-developer Luc Bocahut, engineering student Romain Thépaut, and XRPL Commons technical partner Thomas Hussenet.

Garlinghouse says Ripple doesn’t control XRP — history suggests otherwise

Read more: Ripple’s privacy problem: Why banks still won’t touch XRP

Trust Ripple’s key or else

Node operators who use Ripple’s package, as almost all node operators do, must download and trust its new GPG signing key. Ripple rotated that key recently. Without it, automatic upgrades silently fail.

The new-and-improved key belongs to “TechOps Team at Ripple” and expires in 2033.

Rippled is the only production-grade XRPL server implementation. As a result, nearly every operator must continue to trust Ripple’s new cryptographic identity to receive a patch for a bug in Ripple’s own code.

CEO Brad Garlinghouse has insisted that “Ripple does not control XRP.” Technical node software releases tell other stories.

A growing list of XRP Ledger bugs

The XRP Ledger’s node stability record speaks for itself. In September 2024, full history nodes crashed due to an SQLite bug. A couple of months later, a malicious transaction exploited a caching bug that could have crashed nodes.

In February 2025, the network stopped producing blocks for about an hour.

A few weeks before this latest fix, an AI security tool discovered another critical flaw.

Release notes for its bug fix thanks XRPL Commons for the responsible disclosure. The 35 validators on the foundation’s default Unique Node List continue to move the ledger forward.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.