If you believe you've found a security vulnerability, please follow these steps:

1. Do not disclose the vulnerability publicly until it has been addressed by our team.
2. Email your findings to [email protected] Include:
   • State the repository which the vulnerability comes from (In this case NextAuth)
   • A description of the vulnerability
   • Steps to reproduce the vulnerability
   • Potential impact of the vulnerability
   • Any suggestions for mitigation
   • Any other relevant information
3. We will respond to your report within 72 hours.
4. If the issue is confirmed, we will release a patch as soon as possible.

If the issue is confirmed, we will release a patch as soon as possible. Once a patch is released, we will disclose the issue publicly. If 90 days has elapsed and we still don't have a fix, we will disclose the issue publicly.

We only support the latest version. Older versions are not supported.