Changelog

New updates and product improvements

Supavisor 1.0

Dec 13, 2023

Supavisor 1.0 is released. Rollout to Supabase hosted projects planned for next week.

Notable changes include:

  • Added support for named prepared statements
  • Added support for read replicas and query load balancing
  • Added a client_idle_timeout option
  • New docs build process and website (Github hosted)
  • Docs for migrating from PgBouncer
  • auth_query with md5 support
  • native pool_mode to proxy direct connections to Postgres
  • New metric for unique connected tenants
  • Cache metadata database queries for faster tenant info lookups
  • Bug fixes

See the full changelog:

https://github.com/supabase/supavisor/releases/tag/v1.0.0

We've improved insights into usage, billing and costs.

Vastly improved usage summary

We previously had a slightly hidden usage summary in the "Upcoming Invoice" section. This section has been revamped and moved to the organization's usage page.

The improved usage summary features:

  • Per-project breakdown for usage
  • Displays costs for over-usage on usage-based plans (pro with spend cap off, team, enterprise)
  • Displays usage in percent for usage-capped plans (free/pro with spend cap on)
  • Metrics with higher usage/costs will be sorted to the top
  • Insights into compute usage in summary
  • Usage can now be retrieved for a custom period and not just the current billing cycle
  • Usage summary can be filtered by project
  • Indicators if you're exceeding/approaching limits which could lead to restrictions

The new usage summary section (usage-capped plan):

New usage summary with a usage-based plan (Pro with spend cap off, Team, Enterprise):

When hovering over the circular progress bars, you get per-project breakdowns of usage and some further information:

We now also allow you to filter the total usage by a single project or a different period than the current billing cycle. Simply change the timeframe at the top of the usage page.

Usage filtered with a custom timeframe (not relative to billing cycle):

Daily Stats for Compute Usage

The organization's usage page shows daily stats for all sorts of usage-based metrics and was still missing insights for compute hours. Compute Usage insights have been added to the usage page.

New section on the usage page:

Sample usage with a single project:

When running multiple projects or projects on different compute sizes:

Better insights for upcoming invoice

The "Upcoming invoice" section on the organization billing page has been vastly improved and now offers per-project breakdown of metrics and project add-ons. Additionally, there is a simple projection of your cost at the end of the month.

Here's an overview of the new section with all project breakdowns collapsed:

You can expand any usage-based item or project add-on to get a per-project breakdown:

The line items have also been improved to show included quotas and costs for over-usage:

Quickly see if you're exceeding your plans limit

On usage-capped plans (Free Plan or Pro Plan with Spend Cap toggled on), you will now also see a warning on the top of the subscription page, in case you're exceeding your plan's limits. A more detailed breakdown is available on the organization's usage page.

Project breakdown for subscription preview

When you are about to upgrade your organization's subscription plan from free to paid or between paid plans, we show you a confirmation screen. That confirmation screen has been improved to show a per-project breakdown for compute costs. Additionally, some useful information about usage-billing for compute and links to related docs have been added.

New confirmation modal:

Break down add-ons on a per-project basis:

Education about usage-billing for compute, mixing paid/non-paid plans and links to related docs:

Table Editor row edit side panel fix boolean fields rendering stale value

There was issue in the Table Editor when you're editing rows in the side panel, specifically for column types that are rendering the Listbox component, whereby the data rendered in that input field is stale (from the previous row that you opened). This was caused by the Listbox component not re-rendering correctly when the value passed to it has changed and is now fixed.

PR: https://github.com/supabase/supabase/pull/19264 Link: https://supabase.com/dashboard/project/_/editor

Added recommendation to enable PITR when enabling branching

We strongly recommend enabling point in time recovery for your project if you're planning to enable branching. This is to ensure that you can always recover data if you make a "bad migration". For example, if you accidentally delete a column or some of your production data.

PR: https://github.com/supabase/supabase/pull/19324 Link: https://supabase.com/dashboard/project/_/

Previously, it was possible to directly insert/update rows on the pg_cron extension's cron.job table. This bypasses security checks that would've been asserted when jobs are scheduled/modified via pg_cron functions.

You can see how to schedule/modify cron jobs using the examples in our docs.

Allow access to backups page while project is restoring to download scheduled backups

PR: https://github.com/supabase/supabase/pull/19126 Link: https://supabase.com/dashboard/project/_/database/backups/scheduled

Show if a member has MFA enabled or not in organization settings page

PR: https://github.com/supabase/supabase/pull/19012 Link: https://supabase.com/dashboard/org/_/team

Show which email support will reach out to after submitting a ticket

PR: https://github.com/supabase/supabase/pull/19095 Link: https://supabase.com/dashboard/support/new

Added wildcard hints for bucket allowed MIME types in create/edit modal

PR: https://github.com/supabase/supabase/pull/19062 Link: https://supabase.com/dashboard/project/_/storage/buckets

SQL Editor support downloading snippet as a migration, a seed file or a SQL file

PR: https://github.com/supabase/supabase/pull/17341 Link: https://supabase.com/dashboard/project/_/sql/new

Table Editor fix freezing a column causes UI to crash

Shout out to @tranhoangvuit for this one! 🙏 PR: https://github.com/supabase/supabase/pull/19127 Link: https://supabase.com/dashboard/project/_/editor

LinkedIn has modified the required scopes for their API and OAuth Applications created prior to 1st Aug 2023 do not contain the appropriate scopes. This could cause errors when attempting to sign in with OAuth via LinkedIn. If you have LinkedIn provider enabled on your project a follow up notification will be sent to your email as you could potentially have a LinkedIn OAuth application created before 1st Aug 2023 and be affected. As we don't have access to LinkedIn OAuth configuration we cannot tell with certainty when your OAuth application was created and have to reach out to all users with LinkedIn enabled.

To adjust to this change, we have introduced a new LinkedIn (OIDC) provider which contains the new required scopes and we have deprecated the existing LinkedIn provider.

If you are using a LinkedIn OAuth Application created before 1st August 2023 we ask that you create a new LinkedIn application and migrate your Dashboard credentials from the deprecated LinkedIn provider to the new LinkedIn (OIDC) provider as shown in the screenshot below. Please do so before 4th Jan 2024 as we will be removing the provider from the dashboard then.

CleanShot 2023-11-25 at 00 51 46@2x

Edge Functions has some predefined secrets: SUPABASE_DB_URL, SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY. Previously, if you reset your DB password or JWT secret, these secrets will become stale. Now, these changes should be propagated into Edge Functions secrets. This fixes https://github.com/supabase/supabase/issues/12415.

If you've previously had this issue, you can reset your DB password using the old value to avoid downtime for your app. If you're resetting the JWT secret, you need to update your app to use the new API keys, which incurs some downtime.

tldr:

Support for column encryption in the table editor has been removed. You can still use it, but you must use SQL. Your data is already encrypted-at-rest, so this is an advanced feature that should be used sparingly.

How it was previously

Previously, the Table Editor in the Supabase dashboard supported encrypting newly created columns using pgsodium’s Transparent Column Encryption (TCE).

Why we’re changing it

While this makes it easy to use, we found that the easiness has led to a lot of “mis-use” of Encryption. We’ve decided to remove it from the UI for now because TCE has a few sharp edges and the dashboard makes it too easy to encrypt columns without considering trade-offs.

This mis-use led to multiple users frequently running into unrecoverable issues with encryption. A non-exhaustive list of issues which we observed users running into when using TCE through the dashboard includes the following:

  • TCE is prone to inappropriate usage - we’ve seen users encrypting all kinds of stuff that does not need to be encrypted (e.g email address of sender/receivers). This incurs a performance penalty and results in a bad experience.
  • TCE makes migrating between projects (or local to hosted) a problem as you’d also have to copy the root encryption key separately, although this is nonetheless by design. Developers should be aware that “just works” and “advanced encryption” are very difficult goals to align.
  • Triggers (which are used by TCE) are executed in alphabetical order. When users add their own triggers on encrypted tables, they are frequently unaware if they are dealing with encrypted or unencrypted contents which has been a source of confusion.
  • Upserting into an encrypted column could produce doubly encrypted content.
  • Since TCE uses a view into an encrypted table, RLS rules that are applied on the underlying table do not apply to the views as views use the permissions of the creator rather than the query-er, leading to another source of confusion. There is a fix for this which is to add a security label to pg_sodium to make the view a security invoker.

If you want TCE, use SQL instead

As of now, you can use TCE in SQL by following the pg_sodium documentation so users who already are using TCE can continue doing so via the SQL editor on the dashboard, while new users will have to learn the nuts and bolts of what they are doing before trying to use the feature.

Databases larger than 100GB are being transitioned to using physical backups for their daily backups.

Physical backups are more performant, have lower impact on the db, and avoid holding locks for long periods of time. Restores continue to work as expected, but backups taken using this method can no longer be downloaded from the dashboard.

Over the next few months, we'll be introducing functionality to restore to a separate, new database, allowing for the perusal of the backed up data without disruption to the original project.

Please refer to https://supabase.com/docs/guides/platform/backups#daily-backups-process for additional details.

Postgres 12 is deprecated as of 14th October 2023 and support for it will be fully removed on 27th November 2023.

Postgres 15 comes with numerous features, bug fixes and performance improvements. Check out the announcement blog posts to find out what each version introduces.

Deprecation Timeline

  • 15th October: All users are notified via email about Postgres 12 Deprecation.
  • 27th October: Users can self serve upgrade to Postgres 15 from our dashboard. If you want to upgrade your database to Postgres 15 before 27th October, reach out to our support. A dashboard notification will be sent about this deprecation.
  • 13th November: Users are notified via email.
  • 27th November: All Postgres 12 databases are automatically upgraded to Postgres 15.

You will receive three notifications via email before 27th November notifying you about the deprecation of Postgres 12 and deprecation of IPv4 and PGBouncer.

Updates

  • The deadline for the migration has been updated to 26th January 2024.
  • You can now purchase a IPv4 address from the add-ons page here if you want to keep using your IPv4 address. More info here.

Moving to IPV6 for Database Connection Strings

With IPv4 addresses becoming increasingly scarce and cloud providers starting to charge for it, we won’t be assigning IPv4 addresses to Supabase projects from January 15th 2024. db.projectref.supabase.co will start resolving to a IPv6 address instead. If you plan on connecting to your database directly, you must ensure that your network can communicate over IPv6. Supavisor will continue to return IPv4 addresses, so you can update your applications to connect to Supavisor instead.

There will be a few minutes of downtime during this migration.

Switching to Supavisor

We recently announced Supavisor, our new connection pooler. Supavisor is a direct replacement for PgBouncer. Using our own pooler is going to let us do things like load balancing queries across read replicas, query results caching, and a lot more.

Supavisor is now enabled for all projects created on or after Wednesday September 27th 2023. All existing projects will have Supavisor enabled by October 15th 2023.

Supavisor does not currently support Network Restrictions. Network restrictions support will be enabled from 24th January 2024. If you are blocked on the migration because of this, please reach out to support and we will extend the deadline for your project.

You don’t need to change anything in your application, except for the URL. The pooler connection string is available in the database settings in your dashboard.

For example, if you use PgBouncer to connect:


_10
import { drizzle } from 'drizzle-orm/postgres-js'
_10
import postgres from 'postgres'
_10
import { users } from './schema'
_10
_10
// probably an env var
_10
const connectionString = 'postgres://user:[YOUR-PASSWORD]@db.[YOUR-PROJECT-ID].supabase.co:6543/postgres'
_10
const client = postgres(connectionString)
_10
const db = drizzle(client);
_10
_10
const allUsers = await db.select().from(users);

you just need to update the connection string to:


_10
import { drizzle } from 'drizzle-orm/postgres-js'
_10
import postgres from 'postgres'
_10
import { users } from './schema'
_10
_10
// probably an env var, get the exact connection string from the database settings page
_10
const connectionString = 'postgres://[db-user]:[db-password]@aws-0-[aws-region].pooler.supabase.com:6543/[db-name]?options=reference%3D[project-ref]'
_10
const client = postgres(connectionString)
_10
const db = drizzle(client);
_10
_10
const allUsers = await db.select().from(users);

PgBouncer and IPv4 deprecation timeline

PgBouncer will be available to use along side Supavisor until January 31st 2024.

The full timeline is:

  • 27 September 2023: Supavisor is available for all new projects.
  • 15 October 2023: Supavisor will be available for all projects, including existing projects. We will notify you via email when it is enabled for your project. PgBouncer is officially deprecated after this date.
  • 15th January 2024 26th January 2024: You will need to start using Supavisor before then.
  • 29th January 2024: Your Supabase database domain (db.projectref.supabase.co) will start resolving to IPv6 addresses. PgBouncer will be removed. Projects will be migrated over starting this day. No changes are required if your network supports communicating via IPv6. If it doesn't, update your applications to use Supavisor which will continue to return IPv4 addresses.

You will receive deprecation notices throughout November, December, and January.

FAQs

Do I need to change anything if I use supabase-js?

For projects which only use the database REST API provided by PostgREST (via supabase-js) there is no action needed.

Will Supabase APIs also be switched to IPv6?

projectref.supabase.co will continue to return IPv4 addresses. Only the database domain db.projectref.supabase.co will return a IPv6 address.

How do I know if my network supports IPv6?

Check if you are able to request your IPv6 address via curl -6 https://ifconfig.co/ip

What do I do if I have issues switching?

If you have issues with Supavisor please contact support!

Can I pay for a IPv4 address to directly access the database via IPv4 instead of going through Supavisor?

You can purchase the IPv4 addon for 4$/project in the project add-on page here. PGBouncer will still be removed for users with the IPv4 add-on.

Can I use PgBouncer and Supavisor at the same time?

While we are providing the ability to use PgBouncer or Supavisor during this migration you cannot use both at the same time. With the default configuration using both will exhaust your database connections because they both will try and spin up a connection pool.

The solution is to temporarily increase your databases connection limit with a custom Postgres config to accommodate both connection pools.


_10
supabase --experimental --project-ref <project-ref> postgres-config update --config max_connections=120

How can I tell if I need to make a change?

If the URL you use to connect to your Supabase Database looks like this, you're using the API, and no changes are necessary:

https://[YOUR-PROJECT-ID].supabase.co

If the URL you use to connect looks like either of these options, you're already using Supavisor, and no further changes are necessary:

postgres://[db-user]:[db-password]@aws-0-[aws-region].pooler.supabase.com:6543/[db-name]?options=reference%3D[project-ref] or postgres://[db-user].[project-ref]:[db-password]@aws-0-[aws-region].pooler.supabase.com:6543/[db-name]

If the URL you use to connect looks like this, you are using pgBouncer, and you need to upgrade (notice port 6543):

postgresql://[db-user]:[db-password]@db.[project-ref]supabase.co:6543/[db-name]

If the URL you use to connect looks like this, you are connecting directly, and will either need to be able to connect via IPv6, OR you will need to update to the Supavisor URL:

postgresql://[db-user]:[db-password]@db.[project-ref].supabase.co:5432/[db-name]

How will I know if my project has been migrated to IPv6?

In the database settings page, the label when connection pooling is disabled, reads Will resolve to IPv6 if your project has not been migrated. If your project has been migrated to IPv6, it reads `Resolves to IPv6'.

What are the errors that I might see when connecting to the database if my network doesn't support IPv6?

The error thrown will depend on how you are connecting to the database. Here are some examples of error messages you might see

  • (dial tcp [2001:db8:3333:4444:5555:6666:7777:8888]:5432: connect: no route to host)
  • connect to db.example.supabase.co (2001:db8:3333:4444:5555:6666:7777:8888) port 5432 (tcp) failed: Network is unreachable
  • could not translate host name "db.example.supabase.co" to address: nodename nor servname provided, or not known
  • ENETUNREACH 2001:db8:3333:4444:5555:6666:7777:8888
  • Error: P1001: Can't reach database server at db.example.supabase.co:5432
  • (2001:db8:3333:4444:5555:6666:7777:8888), port 5432 failed: could not create socket: Address family not supported by protocol

Note that these errors may manifest in cases other than your client network not supporting IPv6, but if you run into these errors after your project was migrated, it is likely that it is due to IPv6 support.

How will I know if PgBouncer has been removed from my project?

The database settings page does not show PgBouncer connection settings. If you see a warning label called PgBouncer pending removal, it means that PgBouncer has not been removed from your project. If you see no such label, PgBouncer has already been removed from your project.

Does Supavisor support prepared statements?

Prepared statements are supported with session mode. You can change your pool mode to session in your dashboard.

You can also use a session mode pool with your Supavisor pooler url and port 5432 (vs 6543). If you need to run something using prepared statements while your production application uses transaction mode you can use this port to do that.

Initial support for prepared statements with transaction mode landed but some bugs were found and should be fixed shortly.

What do I do if I am using Prisma?

If you are using Prisma, please check out our updated Prisma Guide for instructions on how to configure your connections for both querying and migrations.

How do I update my Vercel Supabase integration?

The environment variables POSTGRES_URL and POSTGRES_PRISMA_URL point to Supavisor and POSTGRES_URL_NON_POOLING points to Supavisor in session mode. Redeploy your Vercel application to pick up the latest environment variables. This is required since Vercel does not support IPv6.

How do I use direct database connections in my Vercel application instead of using the connection pooler?

Enable the IPv4 add-on. Set the direct connection url as a environment variable not managed by the Supabase integration. You can now use the environment variable in your application.

Do I need to make any changes if I am using the CLI?

If you are using a version before 1.136.3, please upgrade to a later version of the CLI and run supabase link. If you haven’t run supabase link since 1st January 2024, please run it again after upgrading. This will enable the CLI to communicate to the database from IPv4 only environments because the communication happens via Supavisor. This change is required if you are using from the CLI from an environment without IPv6 support, like Github actions or possibly from your home network.

Special Considerations for .NET users using npgSQL

You will need to add Pooling=false to your Supavisor connection string.

Why can't I upgrade my database version anymore?

We are in the midst of transitioning all projects to IPv6. As part of this process, If your project is still being assigned an IPv4 address then pg_upgrade will be temporarily disabled for your project until the transition is completed.

We’re fixing the billing system at Supabase - moving from “project-based” to “organization-based”. We should have started with this model, but I wasn’t wise enough to know that when we started. We need to make these changes to roll out Preview Environments / Branching. It also includes:

  • long-requested project transfers between organizations
  • An extra 1GB egress on the Free Tier
  • Consolidated invoices
  • Self-serve Team plan
  • Updates for branching
  • No more “upfront” charges for Database Compute Addons

See all changes in the blog post

Free plan

First, and most importantly - there is only one change that affects the free plan, and that is a good one for you: you now an extra 1GB of egress.

Usage ItemOld plan (per project)New plan (org based)
Egress4GB - (2GB Database + 2GB Storage)5GB across Database + Storage
Database Space500MB500MB
Storage Space1GB1GB
Monthly Active Users50K50K
Edge Function Invocations500K500K
Edge Function Count1010
Realtime Message Count2 million2 million
Realtime Peak Connections200200
2 free projects2 free orgs (1 free database per org)

On top of an extra 1GB of egress for free, now that egress is unified across your org it means that if you aren’t using Supabase Storage, you get even more Database Egress (5GB instead of 2GB previously)

If you are currently running 2 free projects however, this does require some work from you. Because we are now working on an Org-level, instead of Projects, you will need to:

  1. Create a new “Free org”
  2. Transfer one of your free projects into the newly-created org

This should be done before the end of October, but don’t worry - we’ll give you frequent comms and clear instructions once the change has been rolled out (4th Sept).

Other changes

We’ve made a lot of improvements to the billing system. Read the full announcement on our blog or dive into the related docs for more details.

Help, my bill increased!

This is a major change, and we've tried to design it in a way that's cheaper for everyone. If your bill has increased as a result of this change, that's not our intention. Please submit a Support ticket on the dashboard and we'll figure out a solution.

Please keep this discussion on topic

We welcome any questions/feedback about this change, but please keep this discussion focused only on this change! It's important for those who want to learn more or are confused. If you have something off-topic, please open a new discussion or join an existing discussion

Security Patch Notice

To better secure your Supabase server instances, we will be removing superuser access from the dashboard SQL Editor over the next 30 days. Existing projects with tables, functions, or other Postgres entities created via the dashboard SQL Editor require a one time migration to be run. This migration should take less than 10 seconds to run but since it modifies your existing schema, we will be rolling out this change over a buffer period to minimise breakages.

Opt-in Period: 5 Oct - 5 Nov

During the opt-in period, a notification will be delivered to all affected Supabase projects. The notification contains instructions to manually apply the migration. If you have separate staging and production Supabase projects, apply it on the staging project first to verify everything is working as expected.

If you only have one Supabase project, try to avoid hours of high application traffic when applying the migration to minimise potential downtime. If you notice elevated error rates or other unusual activities after migrating, follow the rollback instructions to revert the change. Both apply now and rollback actions are idempotent. If you encounter any problems during migration or rollback, please contact [email protected] for further assistance.

For paused projects, applying now will schedule the migration script to run the next time your project is restored. We suggest that you restore your project immediately to verify that everything works or rollback if necessary. If you project is in any other states, please contact [email protected] to bring it to an active healthy state before continuing with the migration.

After successfully applying the migration, all entities you have created from the dashboard's SQL Editor will be owned by a temporary role. These entities are currently owned by supabase_admin role by default. You can check the current owner of all your schemas using the query below.


_10
select *, nspowner::regrole::name from pg_namespace;

New entities created via the SQL Editor will also be owned by this temporary role. Since the temporary role is not a superuser, there are some restrictions with using the SQL Editor after migrating. If you are unsure whether those restrictions affect your project, please contact [email protected] for assistance.

After 5 Nov

After the opt-in period, you will receive another notification to drop the temporary role and reassign all entities owned by the temporary role to postgres role. The SQL Editor will also default to using postgres role. New projects created after 5 Nov will also default to using the postgres role. Since this change is irreversible, it is crucial that you run the migration during the opt-in period to verify that your project continues to work.

For any projects not migrated after 5 Nov deadline, we will run the migration on your behalf to reassign all entities to postgres role. No temporary role can be used for rollback. If you notice any breakages then, please do not hesitate to contact [email protected].

Restricted Features

After revoking superuser access, you will not be able to perform the following actions through the dashboard SQL Editor.

Managing Event Triggers

You will no longer be able to create, alter, or drop event triggers directly through SQL statements.

Event triggers can only be created by superusers and you will not be able to manage them after the migration. One exception is Postgres extensions. When toggling extensions, they can still create or drop event triggers as needed.

If you are currently using custom event triggers, please contact [email protected] to explain your use case. We will try our best to figure out an alternative for your project. Note that regular triggers are unaffected by the migration.

Restricted use of Supabase schemas

You will no longer be able to: create, alter, or drop tables, views, functions, triggers, sequences, and other entities in Supabase managed schemas, including extensions, graphql, realtime, and supabase_functions.

Supabase managed schemas are used to support platform features for all projects. Entities in these schemas are owned by supabase_admin role to prevent users from accidentally overriding them and breaking platform features. Unless explicitly granted, non-superuser roles cannot manage entities in Supabase managed schemas after the migration.

If you think modifying these schemas is necessary for your project, please contact [email protected] to explain your use case. We will try our best to accommodate your use case using alternative suggestions.

Entities in auth and storage schemas have been explicitly granted all permissions to postgres role. Therefore, you can still manage these schemas directly through SQL statements. If you have existing triggers created on these schemas, they will continue to work as well.

All user defined schemas and the public schema will be owned by postgres role after the migration. Therefore, you should be able to manage entities in those schemas directly through SQL statements. One exception is if you have manually changed the owner of specific schemas before. In that case, you can either reassign their owner to postgres role manually or leave them untouched. Please reach out to [email protected] if you are unsure what to do.

Managing RLS Policies on Supabase schemas

You will no longer be able to create or drop RLS policies on entities in Supabase managed schemas.

RLS policies can only be created or dropped by entity owners or superusers. After the migration, you can’t manage RLS policies in Supabase managed schemas through the SQL Editor. If you need to expose certain tables in realtime schema to anon or authenticated users, one way is to create a view in the public schema using the postgres role.

RLS policies in auth, storage, public, and all user defined schemas can still be managed directly through SQL statements. Unless you have policies that check for supabase_admin role, all existing RLS policies should be unaffected by the migration.

Restricted use of Role Attributes

You will no longer be able to alter role attributes of replication, superuser, and reserved roles directly through the SQL Editor.

Only superuser roles can alter attributes of other superuser and replication roles. Reserved roles include anon, authenticated, postgres, service_role, etc. After the migration, you will not be able to change attributes of these roles directly through SQL statements. You can still alter attributes of other roles created by yourself, except to elevate those roles to superuser or replication.

Some common attributes that can’t be changed include password, login, and bypassrls. Here are some known workarounds:

  1. To change your postgres role password, you can do it via dashboard settings page.
  2. If you need to run one-off scripts that bypass RLS, you can use the provided service key.
  3. If you are pushing schema migrations from CLI, superuser privilege is no longer required as all entities are owned by postgres role after the migration.
  4. Migrating between projects no longer requires superuser privilege.

Update 26/10/22

A number of users reported the following error accessing the dashboard restoring a paused project.


_10
Error: [500] failed to get pg.tables: password authentication failed for user "postgres_temporary_object_holder"

It is due to a bug in the restore script that we have since fixed. If you are still experiencing this issue, you may pause and restore the project again to fix it manually. If that fails, please don't hesitate to contact [email protected].

Update 03/11/22

We will be adding additional privileges to the postgres role to do the following actions, which otherwise can only be done by a superuser:

  • manage the bypassrls role attribute
  • set the session_replication_role runtime config

Update 28/12/22

  • TimescaleDB extension fails to toggle (we can enable manually via support)
  • Custom security definer functions will run as non-superuser (only affects extensions schemas owned by supabase_admin)

System updates

All projects

New projects

  • PostgreSQL updated to v14.1

Manual Changes Required

Update custom auth functions

Details

The PostgREST release notes document some changes to the way GUC variables are handled here.

Supabase has created a config flag in the Dashboard to ensure that this will not be a breaking change. These changes are required before you can upgrade to PostgreSQL 14+, or use Realtime RLS.

Supabase has already updated all the default auth functions (auth.uid(), auth.role() and auth.email()), however we have no way of updating functions which we have not written ourselves.

Affected

  • Any project that have custom auth functions or generally any function that use legacy GUC naming convention to access JWT claims (eg current_setting('request.jwt.claims.XXX', true).
    • This change is required for PostgreSQL 14+.
    • This change is required for Realtime row level security

Unaffected

  • New projects
  • Existing projects who haven't written custom auth functions.

How to update

You need to update all functions that are using the legacy GUC naming convention (current_setting('request.jwt.claims.XXX', true)) to use the new convention (current_setting('request.jwt.claims', true)::json->>'XXX').

After you have made this change, you can safely

Example

For example, Supabase rewrote the auth.role() functions like this, to handle both legacy and new:


_19
-- PREVIOUSLY
_19
create or replace function auth.role()
_19
returns text
_19
language sql stable
_19
as $$
_19
select current_setting('request.jwt.claim.role', true)::text;
_19
$$;
_19
_19
-- UPDATED FUNCTION TO HANDLE NEW GUC NAMING SCHEME
_19
create or replace function auth.role()
_19
returns text
_19
language sql stable
_19
as $$
_19
select
_19
\tcoalesce(
_19
\t\tcurrent_setting('request.jwt.claim.role', true),
_19
\t\t(current_setting('request.jwt.claims', true)::jsonb ->> 'role')
_19
\t)::text
_19
$$;

Three new Auth providers, multi-schema support, and we're gearing up for another Launch Week. Let's dive into what's been happening at Supabase during the month of October.

This is also available as a blog post and a video demo.

Slack, Spotify, and MessageBird logins

Thanks to @HarryET and our friends at MessageBird we have 3 new Auth providers this month: Slack, Spotify, and MessageBird phone logins.

supabase-auth-slack

Multi-schema support

Dashboard

Browse data in any database schema using the Schema switcher in the Dashbaord.

multi-schema

API

You can access any schema with your API, after enabling access in the Dashboard. Docs.

supabase-multi-schema-support

Fresh Docs and Guides

We have a TON of new guides, with videos too.

Database Functions

Learn about PostgreSQL Functions. Docs.

https://youtu.be/MJZCCpCYEqk

Auth Overview

Learn about all the exciting feature of Auth within Supabase. Docs.

https://youtu.be/6ow_jW4epf8

API Features

Learn more about the power of PostgREST for RESTful APIs. Docs.

https://youtu.be/rPAJJFdtPw0

And more

Community

There was a lot of activity this month.

Supabase at Jamstack conf

Supabase attended the Jamstack conf. Watch us catch up with Matt, the cofounder of Netlify (minute 8).

https://youtu.be/phC14xfwvjc

Supabase at Next.js conf

And Jon made a guest appearance at this year's amazing Next.js Conf.

https://youtu.be/GpXEMB1pDRE

Community Highlights

  • Vue 3 | Workout Tracker App - John Komarnicki video
  • Adalo + Supabase - Flywheel Media video
  • Nuxt 3 Beta + Supabase - BenCodeZen video
  • Made With Supabase (now on Nuxt 3) - Zernonia site
  • Nuxt 3 + Tailwind + Supabase - Ekene Eze video
  • SQL Functions - Răzvan Stătescu article
  • supabase-py v0.0.3 released - repo
  • nuxt-supabase v2.2.1 released - repo
  • vue-supabase v2.2.3 released - repo

GitHub

We hit 20K stars!! 21,268 to be exact: github.com/supabase/supabase

stars

Source: repository.surf/supabase

Check out some of our other community stats in our latest Series A Blog Post.

Coming Next: Launch Week III

We had Launch Week numero uno in March, and the sequel "Launch Week II: the SQL" in July.

Now we're going even bigger with the third installment: Launch Week III: The Trilogy. Join us on 29th November on our Discord.

Did you know it's been 2 years since the first commit to Realtime, our real-time engine for Postgres? Before we even existed as a company!

We spent this month improving docs and content content, improving UX, and onboarding Developer Advocates!

Hackathon v2

To kick off Hacktoberfest, another Supabase Hackathon is happening right now. You've got another 7 days to be in to win a limited edition t-shirt.

Abort Requests

We added support for AbortController in our Javascript library so that you can abort long-running queries. [Docs]

Improved table management

We've made a number of changes to the Dashboard to expose some great features of PostgreSQL including:

Column types

We've improved the column Type field so that it supports your custom types.

Is Unique

We've made it simple to add a unique constraint.

Edit columns

By popular request, you can now view all columns in a table at a glance and edit them in bulk.

Cross-schema relationships

We updated our grid to support relationships across multiple schemas.

Improved Auth Docs

We've revamped the Auth docs - The docs are now broken down into Authentication and Authorization, and organized alongside our Deep Dive series.

Low Code demo

Low Code demo, Using Supabase with Clutch.io - @_dijonmusters ran a session at General Assembly showing how to use these two tools together to create apps using a low code approach. https://youtu.be/5fsKMTeBKKY

Community

There was a lot of new content this month.

Videos

Twitter

We hit 16.5k followers. Follow us there for advance frontend tips and 👁️⚡👁️

GitHub

Not far from 20K stars: github.com/supabase/supabase Source: repository.surf/supabase

Discord

Our Discord is growing fast. Come hangout with 3500+ developers building on Supabase today: discord.supabase.com

Hiring

We're Hiring SREs. We're fully remote and we love Open Source. See open roles.

Coming Next

We're warming up for another Launch Week! Last time was "Launch Week II: the SQL". We're going to need another month to come up with a good pun again, so we'll aim for November.

Get started

August Beta 2021

Sep 13, 2021

We've raised $30M and shipped a bunch of features. Let's dive into what's been happening at Supabase during the month of August.

This is also available as a blog post and a video demo.

We raised $30 million

We raised our Series A. We'll use the funds to do more of the same - ship features and hire open source developers. We'll release more details soon. Read more on TechCrunch.

Realtime Security, codename: WALRUS

If you've been waiting for Row Level Security to land in Postgres subscriptions, then you're going to love our new repo: Write Ahead Log Realtime Unified Security (WALRUS). The name might be a bit forced, but the security design is deliberate. It's not in production yet, but we're making the repo public for comments using an RFC process.

Custom SMS templates

If you're using SMS login in Auth v2, you can now customize the SMS which is sent to your users. Read more in the docs.

Dart and Flutter Docs

Thanks entirely to @dshukertjr, we now have in-depth reference Dart documentation for CRUD, Auth, Realtime and more!

We launched the South Korea region

We added another region for those wanting to host their data and APIs in Seoul. We now have 12 regions to choose from

Table creation is even easier

You can now create columns while creating your table. We've also added improvements for composite primary keys and foreign key creation.

Unbreakable CSV Imports

Our previous importer would choke on CSV files which were too large. Not any more!

Connection strings

We now provide a handy copy utility for various database connection strings because we were so tired of looking them up on Stack Overflow.

We released a primer on Row Level Security

RLS can be a bit foreign for developers getting started with Postgres. This video by @_dijonmusters demystifies it. If you find the video a useful medium for learning, consider subscribing to our channel.

https://www.youtube.com/watch?v=Ow_Uzedfohk

Community

We had a community Hackathon

We held a one-week async Hackathon. Check out all the winners - it was truly impressive what people were able to build in just 7 days.

We had a team Hackathon

The Supabase team didn't want to miss out on the fun so we held our own hackathon. It was a good way to dog-food. Some notable projects include

We hit 18,000 stars on GitHub, and got to the top of GitHub trending for Typescript.

repository.surf/supabase

If you want to keep up to date, make sure you subscribe to our YouTube channel or follow us on Twitter.

Dependency contributions

GoTrue (Auth)

PostgREST (APIs)

pg_net (Function Hooks)

Coming Next

Last December we moved from Alpha to Beta, with a focus on Security, Performance, and Reliability. After a couple of Launch Weeks pushing out new and sexy features, we have decided it's time to focus on these again.

By the time we're done, Supabase will be production-ready for all use cases.

Get started

July Beta 2021

Aug 12, 2021

Supabase is gearing up for another Launch Week on July the 26th. Until then, here's a few new things to try.

This is also available as a blog post and a video demo.

Launch Week II: The SQL

Following the success of our first Launch Week in March, we finished the July with "Launch Week II: The SQL". The community has been sieving through a slew of bad puns and retro memes to discover the new feature announcements.

Auth v2 with Phone Auth

Your users can now log in with SMS based mobile auth! We have a Twilio integration (Guide Here) and will be adding more providers soon.

Other Auth updating include, Twitch logins, and the ability to generate invite, recovery, confirmation, and magic links via the API, for people who want more control over the email templating flow. Read the blog post here.

Storage is now in Beta

Storage updates include Media Streaming, Public Buckets, Directory Uploads, and a Performance Improvements.

Streaming Media in particular opens up a whole new host of potential use cases, learn more about the updates here.

Dashboard v2

We made some major new additions to the dashboard including usage statistics, a new project home, and tons of database insights. Check the post here on what you get and how we built it.

We launched a Discord server

You'll find us hanging out regularly in the #hangout channel. We even "live-fixed" some production errors in there on Monday night (which occurred literally 1 hour before our first announcement of the week! Typical!). We're fast approaching 1,500 members so come and join the action! discord.supabase.com

PostgreSQL 13

All new Supabase projects will be launched with PostgreSQL 13.3, and we're working on a migration path for old projects. This gives you looooaads of new stuff out the box.

PostgREST v8.0

We worked with our friends at PostgREST to make some huge improvements. For those of you who don't know, every Supabase instance comes with a dedicated PostgREST server by default, which provides the auto-generated CRUD API that we wrap with supabase-js.

Flutter/Dart support

Our community driven libs for the fasted growing mobile and web framework are now in beta. Learn more by following the Quickstart guide.

Hackathon

We're running a week long hackathon starting NOW. There are some legit prizes, and you can win in a bunch of different categories. Check the full instructions here on how to participate. Submissions close next Friday at midnight PST.

Hooks & Functions

We made an announcement on the progress of functions, and even shipped a few preliminary components, try them out and give us feedback as we continue to move towards this next major milestone. Read the latest updates here.

Swag Store

Get your hands on some Supabase Swag, hand packed and mailed by our team based in Singapore.

Community

Supabase Github Star Growth 

If you want to keep up to date, make sure you subscribe to our YouTube channel or follow us on Twitter.

Coming Next

Security, stability, performance ... and Functions.

Get started

June Beta 2021

Jul 4, 2021

Supabase is gearing up for another Launch Week on July the 26th. Until then, here's a few new things to try.

This is also available as a blog post and a video demo.

Vercel integration

Vercel just released their new integrations, which means you can now deploy a Postgres database on Supabase directly from your Vercel account. Check it out! vercel.com/integrations/supabase

Discord logins are now available

Building a community? There's almost no better tool than Discord (we're even trialling it ourselves). If you're building a community product, Discord logins are the perfect option.

New Guides

We spent the month building up a new Guides section in our Docs. Here are a few highlights:

Ever wanted to build a Search Engine? We just released a guide which shows you how to implement Full Text Search using Postgres.

OAuth Guides

We released step-by-step guides to help you set up OAuth with Apple, Bitbucket, Facebook, GitHub, GitLab, Google, and Twitter.

Javascript + Postgres

Did you know that you can use Javascript inside your Postgres database? Here's how, with the plv8 extension.

Public Storage Buckets

Want to share all your favourite memes? Now it's even easier with Public Storage Buckets. Simply mark a bucket as "Public" and the content will be accessible without a login.

Storage upserts

Supabase Storage now supports upsert. Shoutout to @ankitjena for this Pull Request.

Server restarts

When things go wrong, sometime the best thing you can do is reboot. We released a restart button in the Dashboard, the first of many debugging tools we'll be releasing over the next few months.

Policy editor

We added a new Table Policy Editor which makes Row Level Security even easier. We even included a few templates to get you started.

Build in Public

We run a weekly 1-hour live stream where we build in public.

Community

If you want to keep up to date, make sure you subscribe to our YouTube channel or follow us on Twitter.

External contributions

PostgREST

  • Primarily for Prisma users, we patched PostgREST openapi-mode to ignore anon privileges for the OpenAPI output. Credit to @steve-chavez.

April Beta 2021

May 5, 2021

This month was a "gardening" month for Supabase. The team focused on stability, security, and community support. Check out what we were working on below, as well as some incredible Community contributions.

This is also available as a blog post and a video demo.

Light Mode

We're a developer tool, which means that Dark Mode is extremely popular.

While Dark mode is great, for some people it's not an option. Dark Mode is difficult to use for developers with astigmatisms, or even just working in brightly-lit environments.

So today we're shipping Light Mode. Access it in the settings of your Dashboard.

Translations

With the help of the community, we started internationalizing our main repository:

OpenAPI spec for Storage

We released Storage Api docs built using OpenAPI (swagger).

Stripe Sync Engine (Experimental)

We open-sourced a server which keeps any Postgres database in sync with Stripe. This is experimental only. We're evaluating other tools such as Singer, which provide a more general solution (but are less "realtime"), and we're opening it up here to gather feedback.

Community spotlight: Threaded comments

One of the most powerful Postgres features is "recursive CTEs" which can be used for nested items (comments, pages, friend-graphs). @lawrencecchen has built a full Threaded Comments demo which you can Deploy with a single click. Want to add comments to your blog with Full Text Search? Just use Postgres.

Community spotlight: SupaScript

It looks like @burggraf2 got tired of waiting for us to ship Functions, and decided to build a whole JS ecosystem within his Supabase database. If you want to write PG functions in JS, import remote libraries from the web, and console log to your browser, check out this SupaScript repo.


_18
// After installing:
_18
// https://github.com/burggraf/SupaScript#installation
_18
_18
/**
_18
* Get all users who logged in this week.
_18
* Use in the database: select * from users_this_week();
_18
* Use in the browser: supabase.rpc('users_this_week');
_18
*/
_18
create or replace function users_this_week()
_18
returns json as $$
_18
const moment = require('https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.1/moment.js', false);
_18
_18
const lastWeek = moment().subtract(7, 'days');
_18
const query = 'select * from auth.users where created_at > $1'
_18
const users = sql(query, lastWeek);
_18
_18
return users;
_18
$$ language plv8;

Community

Supabase Github Star Growth

Source: repository.surf/supabase

If you want to keep up to date, make sure you subscribe to our YouTube channel or follow us on Twitter.

Coming Next

You might have noticed our Dashboard slowly changing (improving), as we migrate the components out to our open source UI Library. This progression is an important step towards offering a UI for Local Development and Self Hosting.

We're also working on our Workflows engine. This is quite a large task, but we're making progress and aiming to ship sometime in July.

One more thing

We started hiring.

Get started

This is also available as a blog post.

Third-party logins

We've released OAuth logins! You can now enable third-party logins on your app for Bitbucket, GitHub, GitLab, or Google.

Clone tables

You can duplicate your tables, just like you would inside a spreadsheet.

Enable and disable extensions

Extensions are easier to use. You can enable Postgres extensions with the click of a button.

Save your favorite queries

The SQL editor now stores your query history in your browser. You can also save your favorite queries to run later!

GitHub Discussions

Supabase was given access to GitHub Discussions! This is the place for you to ask questions or show off what you've built with Supabase.

Kaizen

This is also available as a blog post.

We're 6 months into building our hosted database platform and we've made some major improvements to our auth system and table view.

Easily create tables

Set up tables and columns directly from the table view.

Invite your team

You can now invite team members to your organisation.

Auth: Email Confirmations

You can now enable Email Confirmations for new users. This can be toggled on or off and the template for this email can be edited via the dashboard.

Typescript support

The biggest communty contribution to date, @thorwebdev added Typescript support to Supabase. He even live streamed the process.

Kaizen

We have a number of small improvements:

Alpha July 2020

Aug 5, 2020

Supabase July Alpha Updates

This is also available as a full blog post with videos.

After 5 months of building, we're releasing one of our most anticipated features: Supabase Auth.

Auth

This month, we're ecstatic to announce a feature we think you'll love: Supabase Auth. It's too big to fit into a monthly update so look out for a full update in the next few days.

We want to make it easy to get started adding Auth to your app, so we've released a simple example and a video tutorial which shows you how to implement a basic auth system using PostgreSQL's Row Level Security.

Table Editor

We've made some massive improvements to our Table Editor that we're excited to share.

Relationship drill down

Last month we made it easy to drill into your table relationships. This month, we make it possible to drill multiple levels deep.

Add, delete, and download rows

We're making it easier to manipulate your data. Next month, you'll be able to add and remove columns directly from the Table view.

New Postgres Extensions

If you launch a new Supabase project, you'll have access to several new Postgres extensions:

  • pgsql-http: HTTP client for PostgreSQL, retrieve a web page from inside the database.
  • pgjwt: PostgreSQL implementation of JSON Web Tokens
  • plpgsql_check: a linter tool for language PL/pgSQL
  • pljava: write Java in your stored procedures, triggers, and functions

Kaizen

We have a number of small improvements:

  • Added Auth documentation to the auto-generated docs in each project
  • Added a new or filter to the client library
  • Table View now remembers which tabs you had open.
  • We have released a lot of new functionality to pg-api, a server for for managing Postgres internals via a REST interface.
  • Performance: the "flash of black" which was appearing on page transition is now gone

Alpha June 2020

Jul 2, 2020

Supabase June Alpha Updates

This is also available as a full blog post with videos.

We're now 4 months into building Supabase, which means another major update. Here's a few things we think you'll love in this release.

View relational data

We're sometimes asked how we will make Postgres as simple as Firebase, since Postgres is a relational database. This month we're making our first steps to prove that relational databases can be even easier to use than document stores. We're releasing an excel-like editing interface which can drill down into your relational data.

image

Manage JSON data

Postgres is an amazing database, giving the flexibility of a document store with the power of a RDBMS. If you use JSON data in Postgres, then we want to make that easy too. Supabase detects when your column is JSON or JSONB, and provides an easy way to edit and view your data. More improvements coming soon for this feature!

image

Choose your region

If you noticed a bit of latency on Supabase, it's because your projects were previously set up in Singapore. It was always our intention that you'd be able to choose your database region, and this month we've delivered it. In the next releases we'll even allow you to go multi-region, instantly replicating your database close to your customers.

image

Backups

A guiding principle at Supabase is zero lock-in. So this month we are exposing your daily database backups on the dashboard, giving you a simple way to migrate off Supabase. We have a lot more to build in this space (WAL-G!), so watch this space.

image

Build in a weekend, scale to millions