If you believe you've found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly until it has been addressed by our team.
- Email your findings to [email protected]Include:- State the repository which the vulnerability comes from (In this case NextAuth)
- A description of the vulnerability
- Steps to reproduce the vulnerability
- Potential impact of the vulnerability
- Any suggestions for mitigation
- Any other relevant information
 
- We will respond to your report within 72 hours.
- If the issue is confirmed, we will release a patch as soon as possible.
If the issue is confirmed, we will release a patch as soon as possible. Once a patch is released, we will disclose the issue publicly. If 90 days has elapsed and we still don't have a fix, we will disclose the issue publicly.
We only support the latest version. Older versions are not supported.