🚀 Features

• Session store chunking  -  by @himself65 and Copilot in #5645 (0aa6d)
• Stateless session management  -  by @Bekacru, Copilot, Maxwell and @himself65 in #5601 (afce9)
• cli: Support Cloudflare Workers virtual module imports  -  by @chhoumann in #5559 (cf050)
• client: Refetch session when browser state changes  -  by @himself65 and Copilot in #5630 (522cf)
• paybin: Add Paybin OAuth provider  -  by @redoh and Copilot in #5626 (b5813)

   🐞 Bug Fixes

• Add undefined type for optional property types  -  by @himself65 in #5654 (b6d40)
• social-providers: Core module import  -  by @himself65 in #5643 (b963e)

    View changes on GitHub

   🐞 Bug Fixes

• Type annotation issue  -  by @himself65 in #5651 (3cc96)

    View changes on GitHub

   🚀 Features

• core: Replace ZodType with @standard-schema/spec  -  by @himself65 in #5629 (36315)
• organization: Refactor organization schema to use BetterAuth types  -  by @himself65 in #5515 (a58f1)
• session: Use JWE for cookie cache by default  -  by @himself65 in #5510 (f654b)

   🐞 Bug Fixes

• Respect onAPIError.errorURL in OAuth callback flow  -  by @GautamBytes and @ping-maxwell in #5523 (9c51f)
• Call db hooks when calling deleteUser  -  by @ping-maxwell in #5553 (216dc)
• Allow user update to handle additional fields and validation  -  by @Bekacru (9c508)
• Missing email validation  -  by @ahmedriad1 and @ping-maxwell in #5593 (bf8e9)
• Urls without protocol shouldn't be able to satisfy a wildcard origin  -  by @Bekacru in #5624 (8b355)
• Use standard validator  -  by @himself65 in #5627 (285e3)
• docs:
  • Enable code block copying in documentation page  -  by @vagxrth in #5525 (da907)
• email-otp:
  • Fix openapi schema for /email-otp/verify-email endpoint  -  by @jonathansamines in #5622 (4eac7)
• expo:
  • Origin check failing due to null origin in expo  -  by @Bekacru in #5545 (e0382)
• oidc-provider:
  • Use consistent iat claim and allow configurable issuer  -  by @ephraimduncan and @himself65 in #5508 (7c3c4)
• organization:
  • Fix the schema type  -  by @himself65 in #5512 (eee94)
  • RemoveTeamMember breaks for prisma  -  by @ping-maxwell in #5061 (2a021)
  • Correct migration order when dynamicAccessControl is enabled  -  by @AntonVishal, @ping-maxwell and antonvishal in #5476 (b4145)
• session:
  • Refresh cache before it expires  -  by @himself65 in #5528 (4edec)
• stripe:
  • Remove TS error suppression updating getCheckoutSessionParams  -  by @mohebifar in #5602 (77beb)

    View changes on GitHub

   🐞 Bug Fixes

• Urls without protocol shouldn't be able to satisfy a wildcard origin  -  by @Bekacru in #5624 (8579e)
• email-otp: Fix openapi schema for /email-otp/verify-email endpoint  -  by @jonathansamines in #5622 (5b491)
• oidc-provider: Use consistent iat claim and allow configurable issuer  -  by @ephraimduncan and @himself65 in #5508 (badcf)
• two-factor: Use twoFactorEnabled flag instead of database lookup for OTP validation "  -  by @himself65 in #3302 (bbbbd)

    View changes on GitHub

   🐞 Bug Fixes

• expo: Origin check failing due to null origin in expo  -  by @Bekacru in #5545 (35f7e)

    View changes on GitHub

   🐞 Bug Fixes

• Remove async local storage export  -  by @himself65 (c66bd)
• core: Correctly set typesVersions paths  -  by @XiNiHa in #5427 (7641c)

    View changes on GitHub

   🚀 Features

• Add storeStateStrategy  -  by @himself65 and Copilot in #5470 (b5f3b)
• Enhance PostgreSQL support for non-public schema by respecting search_path configuration  -  by @okisdev in #5449 (bef33)
• Add polar oauth provider  -  by @ephraimduncan in #5506 (4b075)
• stripe: Add StripePlugin type  -  by @himself65 in #5509 (34431)

   🐞 Bug Fixes

• User-agent requirement when fetching from clients  -  by @dvanmali in #5420 (5deb8)
• Unused peer dependency  -  by @himself65 in #5465 (3a343)
• Rename sha to branch and made it canary by default  -  by @max-programming in #5491 (5bc26)
• Remove deprecated forgetPassword endpoints  -  by @bytaesu in #5455 (7b62d)
• admin: Validate admin role updates against the configured roles to prevent setting a non-existent role  -  by @hieudien14310 in #4842 (dda1e)
• core: Correctly set typesVersions paths  -  by @XiNiHa in #5427 (38aa4)
• expo: Store normalized cookie name in storage  -  by @ping-maxwell in #5432 (2cf7d)
• mcp: Consent requirement should be respected  -  by @okisdev in #5401 (b515c)

    View changes on GitHub

   🚀 Features

• Enhance PostgreSQL support for non-public schema by respecting search_path configuration  -  by @okisdev in #5449 (cb15e)
• stripe: Upgrade stripe support to v19.1.0  -  by @okisdev in #5346 (d113f)

   🐞 Bug Fixes

• Unused peer dependency  -  by @himself65 in #5465 (fc45d)
• admin: Validate admin role updates against the configured roles to prevent setting a non-existent role  -  by @hieudien14310 in #4842 (268ce)

    View changes on GitHub

   🚀 Features

• stripe: Upgrade stripe support to v19.1.0  -  by @okisdev in #5346 (3a8f4)

   🐞 Bug Fixes

• Correct type HookEndpointContext and InternalContext  -  by @himself65 in #5359 (89475)
• Add optional chaining for process.platform  -  by @bytaesu in #5390 (f547d)
• anonymous:
  • Provide ctx on accountLink  -  by @ping-maxwell in #5389 (0b0de)
• api-key:
  • Don't update the lastRequest when calling updateApiKey  -  by @ping-maxwell in #5318 (6c93c)
  • Remove incorrect usage tracking in updateApiKey  -  by @ahmed-abdat and @Bekacru in #5325 (07d99)
• drizzle:
  • Replace pgEnum with text enum type in Drizzle schema generation  -  by @eni4sure in #5408 (03fbf)
• expo:
  • Set-header retrigger $sessionSignal  -  by @himself65 in #5393 (2737f)
• organization:
  • Typecheck node exceeds the maximum length  -  by @himself65 in #5372 (4b5f6)
• stripe:
  • Check for reference IDs inside during Stripe reference validation  -  by @Bekacru and cubic Bot in #5354 (a0107)
  • Stripe error codes should be returned from the plugin  -  by @Bekacru in #5371 (bae3c)

    View changes on GitHub

   🐞 Bug Fixes

• Argument where of type TwoFactorWhereUniqueInput needs at least one of id arguments  -  by @AlexStrNik in #5180 (6682b)
• Ensure falsy values are valid default values  -  by @ocherry341 in #5182 (ed893)
• Add optional chaining for process.platform  -  by @bytaesu in #5390 (afaae)
• client:
  • Missing isRefetching type in react useSession  -  by @ThibautCuchet in #5166 (94316)
• docs:
  • Anchor link scrolling with conflict prevention  -  by @Kinfe123 in #5186 (17c5e)
• expo:
  • Set-header retrigger $sessionSignal  -  by @himself65 in #5393 (cbd38)
• gitlab:
  • Fix the token endpoint  -  by @Tobix99 in #5147 (8185a)
• passkey:
  • Atom listeners not working  -  by @ping-maxwell in #5096 (1e233)
  • Passkey breaks with throw: true  -  by @ping-maxwell and @Bekacru in #5079 (bbd3d)
• two-factor:
  • Return parsed array in viewBackupCodes  -  by @ahmed-abdat in #5174 (1c789)
  • Backup codes shouldn't be encrypted twice  -  by @Bekacru in #5202 (10b2f)

    View changes on GitHub