We have deployed a proactive security update to the , protecting against a recently disclosed vulnerability in the package, dubbed SAMLStorm ( and ). This vulnerability, which affects various SAML implementations, could allow attackers to bypass authentication mechanisms.Vercel Firewallxml-cryptoCVE-2025-29774CVE-2025-29775 See the for more details on the vulnerability, and reach out to if you have questions.SAMLStorm reportVercel Support Read more What This Means for Vercel Customers : Vercel Firewall automatically mitigates this risk for you, but updating xml-crypto is still recommendedAutomatic protection with the Vercel Firewall : If you're using xml-crypto package 6.0.0 and earlier, or a package that depends on xml-crypto, update to 6.0.1, 3.2.1, or 2.1.6 for the patched versionsUpdate xml-crypto We'll continue to monitor for new developments and provide updates as necessary