🚀 Features

• admin: Make password field optional on create user  -  by @Bekacru and @cursoragent in https://github.com/better-auth/better-auth/issues/7441 (c11ac)
• api-keys: Pagination support for list-api-keys  -  by @ping-maxwell and @himself65 in https://github.com/better-auth/better-auth/issues/7424 (25f57)
• two-factor: Add twoFactorCookieMaxAge as a separate option  -  by @Bekacru (29946)

   🐞 Bug Fixes

• Update TanStack imports to use server subpath  -  by @himself65 in https://github.com/better-auth/better-auth/issues/7446 (e8922)
• /minimal includes unexpected deps  -  by @himself65 in https://github.com/better-auth/better-auth/issues/7467 (1668a)
• Handle serial and false cases in generateId  -  by @bytaesu in https://github.com/better-auth/better-auth/issues/7474 (52033)
• Consistent token endpoint for dropbox provider  -  by @bytaesu in https://github.com/better-auth/better-auth/issues/7444 (7a9dc)
• Include Set-Cookie when APIError thrown in hooks  -  by @himself65 in https://github.com/better-auth/better-auth/issues/7478 (a5f42)
• Ensure session id exists for secondary storage without database  -  by @bytaesu in https://github.com/better-auth/better-auth/issues/7476 (ed5c4)
• Delay database hooks execution until after transaction commits  -  by @himself65 and Alex Yang in https://github.com/better-auth/better-auth/issues/7345 (dabed)
• Set default ipv6 subnet to 64  -  by @himself65 in https://github.com/better-auth/better-auth/issues/7509 (5de97)
• client:
  • Deep merge plugin actions to preserve all methods  -  by @gustavovalverde in https://github.com/better-auth/better-auth/issues/7407 (0e04e)
• cookies:
  • Fallback to isProduction when baseURL is not set  -  by @bytaesu in https://github.com/better-auth/better-auth/issues/7159 (46c9f)
• db:
  • Only exclude returned: false fields from output schemas  -  by @Paola3stefania in https://github.com/better-auth/better-auth/issues/7504 (5cc0a)
• mcp:
  • Correct version  -  by @himself65 in https://github.com/better-auth/better-auth/issues/7496 (98b0b)
• organization:
  • Missing activeTeamId field when dynamic access control is enabled  -  by @longnguyen2004, @himself65, ping-maxwell and @ping-maxwell in https://github.com/better-auth/better-auth/issues/7385 (00bda)
• prisma-adapter:
  • Enhance null condition handling  -  by @himself65 and reslear in https://github.com/better-auth/better-auth/issues/7483 (228ed)
• rate-limit:
  • Support IPv6 address normalization and subnet  -  by @himself65 in https://github.com/better-auth/better-auth/issues/7470 (57af0)
• sso:
  • Normalize SAML emails to prevent duplicate users  -  by @ajaykarthikr in https://github.com/better-auth/better-auth/issues/7460 (46b8c)
  • Fix validateToken JWK handling for all key types  -  by @Paola3stefania in https://github.com/better-auth/better-auth/issues/7479 (78f12)
• stripe:
  • Allow re-subscribing to the same plan when subscription has expired  -  by @DIYgod, Claude Opus 4.5, Taesu and @bytaesu in https://github.com/better-auth/better-auth/issues/7459 (0142e)
• two-factor:
  • Improve OTP comparision during hashed and encrypted values  -  by @Bekacru (87949)

    View changes on GitHub