<style>p { margin: 0 0 10px; }h1, h2, h3 { margin: 20px 0 10px; }h4, h5, h6 { margin: 10px 0 10px; }</style><h3 id="general-information">General Information</h3> <p>This article contains frequently asked questions relating to the XML signature wrapping vulnerability affecting Halo versions up to 2.143.8.<br /> SAML XML signature wrapping is an attack method where an attacker modifies the signed SAML message without invalidating the signature.<br /> This can lead to the attacker impersonating another user.</p> <h3 id="are-hosted-halo-instances-affected">Are hosted Halo instances affected?</h3> <p>Hosted customers have been automatically updated to a patch to resolve this issue, and therefore no action is required by hosted customers. The patch was released on 2024-03-11 and hosted customers were upgraded shortly afterwards.</p> <h3 id="are-on-prem-halo-instances-affected">Are On-Prem Halo instances affected?</h3> <p>Halo On-Prem installations should apply the latest stable or beta patch to their Halo instance to resolve this issue.</p> <ul> <li>Any version &gt;= 2.143.8</li> </ul> <h3 id="next-steps">Next Steps</h3> <p>No action is required on the part of our customers.</p> <p>We will continue to monitor our business infrastructure to ensure the same level of service and security that you expect.</p> <h3 id="links">Links</h3>