Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
36 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
Contact: mailto:info@balazsorban.com | ||
Contact: mailto:hi@thvu.dev | ||
Contact: mailto:authjs-security@ndo.dev | ||
Acknowledgments: https://authjs.dev/security | ||
Preferred-Languages: en | ||
Canonical: https://authjs.dev/.well-known/security.txt | ||
|
||
# Security Policy | ||
|
||
NextAuth.js practices responsible disclosure. | ||
|
||
## Reporting a Vulnerability | ||
|
||
We request that you contact us directly to report serious issues that might impact the security of sites using NextAuth.js. | ||
|
||
If you contact us regarding a serious issue: | ||
|
||
- We will endeavor to get back to you within 72 hours. | ||
- We will aim to publish a fix within 30 days. | ||
- We will disclose the issue (and credit you, with your consent) once a fix to resolve the issue has been released. | ||
- If 90 days has elapsed and we still don't have a fix, we will disclose the issue publicly. | ||
|
||
The best way to report an issue is by contacting us via email at hi@thvu.dev, info@balazsorban.com and yo@ndo.dev, or raise a public issue requesting someone get in touch with you via whatever means you prefer for more details. (Please do not disclose sensitive details publicly at this stage.) | ||
|
||
> For less serious issues (e.g. RFC compliance for unsupported flows or potential issues that may cause a problem in the future) it is appropriate to submit these publicly as bug reports or feature requests or to raise a question to open a discussion around them. | ||
|
||
## Supported Versions | ||
|
||
Security updates are only released for the current version. | ||
|
||
Old releases are not maintained and do not receive updates. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters