Upstream patch not merged

Jito's assessment for RD-F-127 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Automated rebase workflow runs continuously (292 recorded runs). April 2025 ZK ElGamal critical patch: Jito published v2.1.21-jito and v2.2.11-jito same-day as Agave patches (Apr 17–18, 2025). Jito engineers were part of the coordinated incident response. Current mainnet v3.1.14-jito (Apr 28, 2026) tracks stable Agave v3.1.x. No unmerged upstream security patches identified.

Sources #

GitHub
jito-solana Security Patch Releasesjito-solana releases: v2.1.21-jito and v2.2.11-jito security patches April 2025retrieved 2026-04-29
URL
Solana April 2025 Critical Vulnerability PatchSolana Foundation April 2025 patch coverage article confirming Jito participationretrieved 2026-04-29

Methodology #

Determine whether the upstream fork source has published a known-vulnerability patch that has not been merged into this fork's deployed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jito factor RD-F-127 score green collected_at 2026-04-29 15:50:23