You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Security updates are only released for the current version.
8
+
9
+
Old releases are not maintained and do not receive updates.
10
+
11
+
## Reporting a Vulnerability
12
+
13
+
We request that you contact us directly to report serious issues that might impact the security of sites using NextAuth.js.
14
+
15
+
If you contact us regarding a serious issue:
16
+
17
+
* We will endeavor to get back to you within 72 hours.
18
+
* We will aim to publish a fix within 30 days.
19
+
* We will disclose the issue (and credit you, with your consent) once a fix to resolve the issue has been released.
20
+
* If 90 days has elapsed and we still don't have a fix, we will disclose the issue publically.
21
+
22
+
Currently, the best way to report an issue is by emailing [email protected]
23
+
24
+
For less serious issues (e.g. RFC compliance for unsupported flows or potential issues that may cause a problem future or default behaviour / options) it is appropriate to submit these these publically as bug reports or feature requests or to raise a question to open a discussion around them.
0 commit comments