better-release[bot]
0d8b238acc
chore: release v1.6.17 ( #9984 )
v1.6.17
2026-06-11 19:50:30 -07:00
Taesu
eff3c99952
test(next-js): verify nextCookies forwards all set-cookie headers ( #10013 )
2026-06-11 18:46:21 -07:00
ZerGo0
029cbdc072
docs: update Apple client secret JWT guidance ( #9938 )
2026-06-11 17:54:44 -07:00
Jordan Kahtava
44a24ed948
docs: highlighted emailVerified requirement on manually inserted users ( #9999 )
2026-06-11 17:45:37 -07:00
Taesu
24a6b01463
chore(deps): update hono and shell-quote ( #10010 )
2026-06-11 17:23:05 -07:00
Taesu
ac69e81a29
fix(cli): skip Unsupported() fields when regenerating prisma schema ( #10011 )
2026-06-11 17:19:17 -07:00
dependabot[bot]
2edeb33228
chore(deps): bump the github-actions group across 1 directory with 12 updates ( #9827 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-11 17:13:18 -07:00
Gautam Manchandani
e0a768c973
refactor(access): flatten access plugin role authorization logic ( #9677 )
2026-06-11 17:04:07 -07:00
Gautam Manchandani
3310ebc4a0
fix(open-api): mark model ids as required ( #9704 )
2026-06-11 17:01:24 -07:00
Gautam Manchandani
108aadd251
fix(cli): update existing prisma field types ( #9729 )
...
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com >
2026-06-11 16:59:14 -07:00
Gautam Manchandani
59e0ccbedc
fix(client): updateSession should infer session additional fields ( #9777 )
...
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com >
2026-06-11 16:56:45 -07:00
Gautam Manchandani
96c78c3e98
fix(logger): downgrade validation logs level to warn
2026-06-11 16:50:14 -07:00
Arnav Sharma
d3758fb2a3
fix(expo): on /linkSocial include cookie for id token ( #9953 )
2026-06-11 16:45:19 -07:00
Alexis Rico
5c289b52bc
fix(account): resolve stateless account cookies across instances ( #9979 )
...
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com >
2026-06-11 16:44:11 -07:00
Gustavo Valverde
8960f5f3bd
fix(client): restructure session fetch architecture ( #8760 )
2026-06-11 22:49:34 +00:00
Taesu
e246ac0929
ci: scope semantic-pull-request app token to pull requests ( #10006 )
2026-06-11 22:15:57 +00:00
Gustavo Valverde
7faddd4a1d
refactor(core): prevent accidental HTTP exposure of server-only endpoints ( #9835 )
2026-06-11 20:37:51 +00:00
Gustavo Valverde
ed7b6c9ac0
fix: enforce team capacity, constant-time SCIM tokens, and org-admin SSO domain verification ( #10002 )
2026-06-11 19:21:34 +00:00
Gustavo Valverde
fdef997eb9
fix: harden provider identity validation (One Tap, Microsoft, SSO, WeChat, Reddit) ( #10003 )
2026-06-11 19:10:55 +00:00
Taesu
7343284149
fix: jwks caching, oauth id mapping, team invitations, account cookie, and scim deprovision bugs ( #9987 )
...
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com >
2026-06-11 08:25:19 -07:00
Gustavo Valverde
0c3856f098
fix: harden session authority against stale cookie cache and unverified selectors ( #9991 )
2026-06-11 13:31:13 +00:00
Damien Maspero
e468ff37ce
docs: update Node.js built-in SQLite status to Release Candidate ( #9914 )
2026-06-10 23:13:39 -07:00
Taesu
d9c526b2a5
feat(oauth-popup): add popup-based OAuth sign-in ( #9890 )
2026-06-11 05:38:22 +00:00
Taesu
3e99e6c77e
fix(admin): create credential account in setUserPassword when missing ( #9482 )
2026-06-11 05:36:55 +00:00
Gustavo Valverde
baeaa00bc2
fix: make single-use credentials, counters, and replay markers atomic ( #9993 )
2026-06-11 05:11:26 +00:00
Gustavo Valverde
1dbf5bb59d
fix: harden trusted request context ( #9990 )
2026-06-11 03:50:35 +00:00
Taesu
9484a77805
chore: bump @better-fetch/fetch ( #9989 )
2026-06-11 01:09:05 +00:00
Taesu
6987c628f1
fix(cli): resolve SvelteKit, Vite asset, and Cloudflare virtual-module imports ( #9834 )
...
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com >
2026-06-11 01:06:43 +00:00
Bereket Engida
b803c61fdc
fix(organization): reject setting unknown or empty roles on updateMemberRole ( #9962 )
...
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-06-10 16:57:24 -07:00
Taesu
a11a706ff2
fix(stripe): correct subscription handling and customer linking ( #9971 )
2026-06-10 18:58:40 +00:00
Prakash Kumar
128bc34572
docs: add horizontal scrolling to landing page code block ( #9975 )
2026-06-09 23:22:24 -07:00
better-release[bot]
1a3c8c478a
chore: release v1.6.16 ( #9958 )
@better-auth/api-key@1.6.16
@better-auth/core@1.6.16
@better-auth/drizzle-adapter@1.6.16
@better-auth/electron@1.6.16
@better-auth/expo@1.6.16
@better-auth/i18n@1.6.16
@better-auth/kysely-adapter@1.6.16
@better-auth/memory-adapter@1.6.16
@better-auth/oauth-provider@1.6.16
@better-auth/prisma-adapter@1.6.16
@better-auth/redis-storage@1.6.16
@better-auth/scim@1.6.16
@better-auth/sso@1.6.16
@better-auth/stripe@1.6.16
@better-auth/telemetry@1.6.16
@better-auth/test-utils@1.6.16
auth@1.6.16
better-auth@1.6.16
v1.6.16
@better-auth/passkey@1.6.16
@better-auth/mongo-adapter@1.6.16
2026-06-09 22:32:25 -07:00
Bereket Engida
cb1cbfa4cc
fix: address bug findings across packages ( #9974 )
2026-06-09 19:46:12 -07:00
Gustavo Valverde
a6b0295df3
fix(sso): consume SAML AuthnRequest atomically ( #9972 )
2026-06-10 01:58:45 +00:00
Gustavo Valverde
87e7aa5e0f
fix(api): validate Origin/Referer on cookieless email sign-in and sign-up ( #9973 )
2026-06-10 01:43:41 +00:00
Gustavo Valverde
893cf6cb3f
fix(session): honor server-side session deletion in update-session and token routes ( #9967 )
2026-06-10 00:42:45 +00:00
Gustavo Valverde
5e49c56a9e
fix(auth): mark plugin-owned session fields as non-input ( #9965 )
2026-06-09 23:59:09 +00:00
Taesu
2ac00fe421
chore: bump better-call and @better-fetch/fetch ( #9955 )
2026-06-09 21:34:16 +00:00
Taesu
2545b7bb13
chore: drop two-factor-newsession-null.md changeset ( #9960 )
2026-06-09 14:24:28 -07:00
Paola Estefanía de Campos
afcb4dd7f3
docs(two-factor): document newSession is null during 2FA challenge ( #9957 )
2026-06-09 13:15:00 -07:00
Taesu
6a8dfa4f3e
docs(changelog): show contributor avatars with proper size and styling ( #9956 )
2026-06-09 19:44:32 +00:00
better-release[bot]
03e0e36a98
chore: release v1.6.15 ( #9886 )
@better-auth/api-key@1.6.15
@better-auth/core@1.6.15
@better-auth/drizzle-adapter@1.6.15
@better-auth/electron@1.6.15
@better-auth/expo@1.6.15
@better-auth/i18n@1.6.15
@better-auth/kysely-adapter@1.6.15
@better-auth/memory-adapter@1.6.15
@better-auth/mongo-adapter@1.6.15
@better-auth/oauth-provider@1.6.15
@better-auth/passkey@1.6.15
@better-auth/prisma-adapter@1.6.15
@better-auth/redis-storage@1.6.15
@better-auth/scim@1.6.15
@better-auth/sso@1.6.15
@better-auth/stripe@1.6.15
@better-auth/telemetry@1.6.15
@better-auth/test-utils@1.6.15
auth@1.6.15
better-auth@1.6.15
v1.6.15
2026-06-08 06:57:06 -07:00
Gustavo Valverde
ef4e131b85
fix(kysely-adapter): inline migration-table constants to fix Turbopack build ( #9933 )
...
Co-authored-by: bytaesu <166604494+bytaesu@users.noreply.github.com >
2026-06-08 12:20:53 +00:00
Gustavo Valverde
fe9600bc07
feat(oauth-provider): accept POST on the userinfo endpoint ( #9937 )
2026-06-07 21:09:27 -07:00
Gustavo Valverde
d23735b1de
feat(passkey): resolve authenticator name from AAGUID at read time ( #9927 )
...
Co-authored-by: Maxwell Weru <1645026+mburumaxwell@users.noreply.github.com >
2026-06-07 23:22:39 +00:00
Gustavo Valverde
b0ddfd3433
fix(oauth-provider): run configured hooks when authorize resumes ( #9919 )
...
Co-authored-by: Gautam Manchandani <manchandanigautam@gmail.com >
2026-06-07 14:43:47 -07:00
Bereket Engida
ea64709ae6
docs: security update for June 2026 ( #9884 )
...
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com >
2026-06-07 14:41:58 -07:00
Gustavo Valverde
7213d1ac3a
test(cli): give the integration-style suite a generous timeout ( #9926 )
2026-06-07 14:36:12 -07:00
Kilian BC
bff65fd620
fix(sso): pass clockSkew to samlify clockDrifts to fix ERR_SUBJECT_UNCONFIRMED ( #9748 )
...
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com >
Co-authored-by: ping-maxwell <maxwell.multinite@gmail.com >
2026-06-06 04:20:14 +00:00
Kimaswa Emmanuel Yusufu
74c32fe56e
docs: clarify organization-owned api keys also require a user ( #9780 )
...
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com >
2026-06-05 21:09:03 -07:00