9.2.0-alpha.2

9.2.0-alpha.2 (2026-01-24)

Bug Fixes

• MongoDB timeout errors unhandled and potentially revealing internal data (#10020) (1d3336d)

9.2.0-alpha.1

9.2.0-alpha.1 (2026-01-24)

Features

• Add option databaseOptions.clientMetadata to send custom metadata to database server for logging and debugging (#10017) (756c204)

9.1.1

9.1.1 (2025-12-16)

Bug Fixes

• Server-Side Request Forgery (SSRF) in Instagram auth adapter GHSA-3f5f-xgrj-97pf (#9988) (fbcc938)

9.1.1-alpha.1

9.1.1-alpha.1 (2025-12-16)

Bug Fixes

• Server-Side Request Forgery (SSRF) in Instagram auth adapter GHSA-3f5f-xgrj-97pf (#9988) (fbcc938)

8.6.2

8.6.2 (2025-12-16)

Bug Fixes

• Server-Side Request Forgery (SSRF) in Instagram auth adapter GHSA-3f5f-xgrj-97pf (#9989) (155c6ad)

9.1.0

9.1.0 (2025-12-14)

Bug Fixes

• Cross-Site Scripting (XSS) via HTML pages for password reset and email verification GHSA-jhgf-2h8h-ggxv (#9985) (3074eb7)

Features

• Add option logLevels.signupUsernameTaken to change log level of username already exists sign-up rejection (#9962) (f18f307)
• Add support for custom HTTP status code and headers to Cloud Function response with Express-style syntax (#9980) (8eeab8d)
• Log more debug info when failing to set duplicate value for field with unique values (#9919) (a23b192)

9.1.0-alpha.4

9.1.0-alpha.4 (2025-12-14)

Features

• Log more debug info when failing to set duplicate value for field with unique values (#9919) (a23b192)

9.1.0-alpha.3

9.1.0-alpha.3 (2025-12-14)

Bug Fixes

• Cross-Site Scripting (XSS) via HTML pages for password reset and email verification GHSA-jhgf-2h8h-ggxv (#9985) (3074eb7)

9.1.0-alpha.2

9.1.0-alpha.2 (2025-12-14)

Features

• Add support for custom HTTP status code and headers to Cloud Function response with Express-style syntax (#9980) (8eeab8d)

9.1.0-alpha.1

9.1.0-alpha.1 (2025-12-14)

Features

• Add option logLevels.signupUsernameTaken to change log level of username already exists sign-up rejection (#9962) (f18f307)