## Security Policy

### Reporting a Vulnerability

If you believe you've found a security vulnerability, please follow these steps:

1. Do not disclose the vulnerability publicly until it has been addressed by our team.
2. Email your findings to `security@better-auth.com` Include:
    - A description of the vulnerability
    - Steps to reproduce the vulnerability
    - Potential impact of the vulnerability
    - Any suggestions for mitigation
    - Any other relevant information
3. We will respond to your report within 72 hours.
4. If the issue is confirmed, we will release a patch as soon as possible.

### Disclosure Policy

If the issue is confirmed, we will release a patch as soon as possible. Once a patch is released, we will disclose the issue publicly. If 90 days has elapsed and we still don't have a fix, we will disclose the issue publicly.

## Supported Versions

We only support the latest version of Better Auth. Older versions are not supported.