Time: March 6, 2024, 6:30 p.m.

Status: Resolved

Update: A faulty EAS Build deployment broke the "Configure expo-updates" build phase for most developers. The deployment was reverted, and therefore the issue was fixed. We've waived all failed builds between 15:43 GMT and 17:09 GMT.

Time: Feb. 29, 2024, 4:44 a.m.

Status: Postmortem

Update: Expo Go code signing works by using the following mechanism: [https://github.com/expo/code-signing-certificates/pull/1](https://github.com/expo/code-signing-certificates/pull/1) - Expo Go root certificate embedded in the Expo Go application. Valid for 40 years. Private key kept offline. - Expo Go intermediate certificate downloaded by `@expo/cli`. Valid for 2 years. Private key kept on signing server. This is a child certificate of the Expo Go root certificate. - Expo Go development certificate generated and downloaded by `@expo/cli`. When a project is started \(`npx expo start`\) we sign the project manifest to ensure scoped module impersonation isn’t possible within Expo Go \(accessing scoped modules for other projects run in Expo Go\). To do this signing, a private key and certificate signing request is generated. This CSR is sent to the expo signing server, and a development certificate valid for 30 days is returned. This development certificate is a child of the Expo Go intermediate certificate. Then, when Expo Go loads an app, it checks that this certificate chain is valid \(all certificates are valid and lineage is correct\). The incident here was that, while we had planned to refresh the Expo Go intermediate certificate every year to preempt the 2 year validity expiration, it was overlooked. So the Expo Go intermediate certificate expired and therefore the certificate chain was invalid. Note that this only affected projects in local development. The fix was to re-generate a new Expo Go intermediate certificate from our root certificate \([https://github.com/expo/code-signing-certificates/pull/14](https://github.com/expo/code-signing-certificates/pull/14)\) and then update the certificates on the signing server. After the signing server updates were deployed to production, all future requests for a development signing certificate now use the new intermediate certificate. Users still seeing issues should ensure they are not using the `--offline` flag \(at least once\) when running `npx expo start` to get a new development certificate with the updated intermediate certificate.

Time: Feb. 29, 2024, 4:36 a.m.

Status: Resolved

Update: This incident has been resolved.

Time: Feb. 29, 2024, 4:22 a.m.

Status: Monitoring

Update: Certificate rotation complete. Re-running `npx expo start` (no `--offline` flag) should refresh the certificate for local development of projects.

Time: Feb. 29, 2024, 4:04 a.m.

Status: Identified

Update: Certificate has been rotated/updated and is being deployed.

Time: Feb. 29, 2024, 2:52 a.m.

Status: Investigating

Update: Users are unable to load their projects in Expo Go at the moment. We are investigating it now. As a workaround, you can create a development build to resume developing your application: https://docs.expo.dev/develop/development-builds/introduction/ We appreciate your patience as we try to get a fix out ASAP!

Time: Feb. 29, 2024, 4:44 a.m.

Status: Postmortem

Update: Expo Go code signing works by using the following mechanism: [https://github.com/expo/code-signing-certificates/pull/1](https://github.com/expo/code-signing-certificates/pull/1) - Expo Go root certificate embedded in the Expo Go application. Valid for 40 years. Private key kept offline. - Expo Go intermediate certificate downloaded by `@expo/cli`. Valid for 2 years. Private key kept on signing server. This is a child certificate of the Expo Go root certificate. - Expo Go development certificate generated and downloaded by `@expo/cli`. When a project is started \(`npx expo start`\) we sign the project manifest to ensure scoped module impersonation isn’t possible within Expo Go \(accessing scoped modules for other projects run in Expo Go\). To do this signing, a private key and certificate signing request is generated. This CSR is sent to the expo signing server, and a development certificate valid for 30 days is returned. This development certificate is a child of the Expo Go intermediate certificate. Then, when Expo Go loads an app, it checks that this certificate chain is valid \(all certificates are valid and lineage is correct\). The incident here was that, while we had planned to refresh the Expo Go intermediate certificate every year to preempt the 2 year validity expiration, it was overlooked. So the Expo Go intermediate certificate expired and therefore the certificate chain was invalid. Note that this only affected projects in local development. The fix was to re-generate a new Expo Go intermediate certificate from our root certificate \([https://github.com/expo/code-signing-certificates/pull/14](https://github.com/expo/code-signing-certificates/pull/14)\) and then update the certificates on the signing server. After the signing server updates were deployed to production, all future requests for a development signing certificate now use the new intermediate certificate. Users still seeing issues should ensure they are not using the `--offline` flag \(at least once\) when running `npx expo start` to get a new development certificate with the updated intermediate certificate.

Time: Feb. 29, 2024, 4:36 a.m.

Status: Resolved

Update: This incident has been resolved.

Time: Feb. 29, 2024, 4:22 a.m.

Status: Monitoring

Update: Certificate rotation complete. Re-running `npx expo start` (no `--offline` flag) should refresh the certificate for local development of projects.

Time: Feb. 29, 2024, 4:04 a.m.

Status: Identified

Update: Certificate has been rotated/updated and is being deployed.

Time: Feb. 29, 2024, 2:52 a.m.

Status: Investigating

Update: Users are unable to load their projects in Expo Go at the moment. We are investigating it now. As a workaround, you can create a development build to resume developing your application: https://docs.expo.dev/develop/development-builds/introduction/ We appreciate your patience as we try to get a fix out ASAP!

Time: Jan. 25, 2024, 2:18 a.m.

Status: Resolved

Update: The service was back online with security improvements as of 5:11PM PST

Time: Jan. 25, 2024, 2:18 a.m.

Status: Resolved

Update: The service was back online with security improvements as of 5:11PM PST

Time: Jan. 25, 2024, 12:54 a.m.

Status: Investigating

Update: EAS Submit for iOS is temporarily unavailable while performing security-related maintenance

Time: Jan. 25, 2024, 12:54 a.m.

Status: Investigating

Update: EAS Submit for iOS is temporarily unavailable while performing security-related maintenance

Time: Dec. 14, 2023, 9:32 p.m.

Status: Postmortem

Update: Snack uses a few services to make it work, and a couple of them became completely unavailable for about half an hour. The cause was that we upgraded our main cluster to use faster servers but some of the services were labeled as being compatible only with the older servers and didn’t have any hardware to run on. In practice, all of our services are compatible with the newer servers and fixing the compatibility labels brought the unavailable services back.

Time: Dec. 14, 2023, 9:32 p.m.

Status: Resolved

Update: This incident has been resolved.

Time: Dec. 14, 2023, 9:31 p.m.

Status: Monitoring

Update: Snack is up and running again. We're monitoring our charts to make sure everything stays healthy.

Time: Dec. 14, 2023, 9:28 p.m.

Status: Identified

Update: One of the infrastructure components of Snack is currently down. We are actively investigating the cause and have identified the problem and are working to resume its availability.