--- number: 19695 slug: 19695-platform-updates-30-nov-2021 published: 2021-11-30 discussion: https://github.com/orgs/supabase/discussions/19695 labels: - postgrest - auth - storage - realtime - postgres page: https://supabase.com/changelog/19695-platform-updates-30-nov-2021 --- # Platform updates: 30 Nov 2021 # System updates #### *All projects* - PostgREST updated to [v9.0.0](https://postgrest.org/en/v9.0/releases/v9.0.0.html) - Realtime updated to [v0.19.0](https://github.com/supabase/realtime/releases/tag/v0.19.0) - Storage updated to [0.10.0](https://github.com/supabase/storage-api/releases/tag/v0.10.0) - GoTrue to [v2.2.10](https://github.com/supabase/gotrue/releases/tag/v2.2.10) #### *New projects* - PostgreSQL updated to [v14.1](https://www.postgresql.org/docs/14/release-14.html) # Manual Changes Required ## Update custom auth functions #### *Details* The PostgREST release notes document some changes to the way GUC variables are handled [here](https://postgrest.org/en/v9.0/releases/v9.0.0.html#postgresql-14-compatibility). Supabase has created a config flag in the Dashboard to ensure that this will not be a breaking change. These changes are required before you can upgrade to PostgreSQL 14+, or use Realtime RLS. Supabase has already updated all the default auth functions (`auth.uid()`, `auth.role()` and `auth.email()`), however we have no way of updating functions which we have not written ourselves. #### *Affected* - Any project that have custom `auth` functions or generally any function that use legacy GUC naming convention to access JWT claims (eg `current_setting('request.jwt.claims.XXX', true)`. - This change is required for PostgreSQL 14+. - This change is required for Realtime row level security #### *Unaffected* - New projects - Existing projects who haven't written custom `auth` functions. #### *How to update* You need to update all functions that are using the legacy GUC naming convention (`current_setting('request.jwt.claims.XXX', true)`) to use the new convention (`current_setting('request.jwt.claims', true)::json->>'XXX'`). After you have made this change, you can safely #### *Example* For example, Supabase rewrote the `auth.role()` functions like this, to handle both legacy and new: ```sql -- PREVIOUSLY create or replace function auth.role() returns text language sql stable as $$ select current_setting('request.jwt.claim.role', true)::text; $$; -- UPDATED FUNCTION TO HANDLE NEW GUC NAMING SCHEME create or replace function auth.role() returns text language sql stable as $$ select \tcoalesce( \t\tcurrent_setting('request.jwt.claim.role', true), \t\t(current_setting('request.jwt.claims', true)::jsonb ->> 'role') \t)::text $$; ```