Files
archived-next-auth/SECURITY.md
Balázs Orbán d29e3e9c9d Merge branch 'main'
Conflicts:
	config/babel.config.json
	package-lock.json
	package.json
	src/server/index.js
	src/server/routes/callback.js
	src/server/routes/signin.js
2021-06-09 02:16:11 +02:00

1.1 KiB

Security Policy

NextAuth.js practices responsible disclosure.

Supported Versions

Security updates are only released for the current version.

Old releases are not maintained and do not receive updates.

Reporting a Vulnerability

We request that you contact us directly to report serious issues that might impact the security of sites using NextAuth.js.

If you contact us regarding a serious issue:

  • We will endeavor to get back to you within 72 hours.
  • We will aim to publish a fix within 30 days.
  • We will disclose the issue (and credit you, with your consent) once a fix to resolve the issue has been released.
  • If 90 days has elapsed and we still don't have a fix, we will disclose the issue publicly.

Currently, the best way to report an issue is by emailing me@iaincollins.com

For less serious issues (e.g. RFC compliance for unsupported flows or potential issues that may cause a problem future or default behaviour / options) it is appropriate to submit these these publically as bug reports or feature requests or to raise a question to open a discussion around them.