RepoJournal
Supabase

@supabase

The open-source Firebase alternative powering thousands of startups

Pick a date

  1. Sat 2 may
  2. Mon 4 may
  3. Tue 5 may
  4. Wed 6 may
  5. Thu 7 may
  6. Fri 8 may
  7. Sat 9 may
  8. Mon 11 may
  9. Tue 12 may
  10. Wed 13 may
  11. Thu 14 may
  12. Fri 15 may
  13. Sat 16 may
  14. Sun 17 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

SUPABASE PATCHES SEARCH AND SECURITY GAPS ACROSS PLATFORM

By RepoJournal · Filed · About Supabase

Quote escaping fix closes critical search vulnerabilities while ETL and Realtime ship performance improvements that ripple across the stack.

The main event: a quote escaping patch [1] resolves two separate search regressions in the dashboard, paired with a fix ensuring the integrations marketplace actually searches the right database [2]. On the infrastructure side, Postgres tightened role privilege handling on PG 15 to prevent non-superusers from dropping critical system roles [3], addressing a gap that PG 16 closed natively. Realtime shipped v2.94.1 [7] with a 2.3x replication poller optimization [6] that cuts memory garbage and response latency—meaningful for any app pushing high-frequency updates. ETL improved replica identity handling [4] to ensure identity masks align with what PostgreSQL actually streams, fixing edge cases in initial copy operations. CLI v2.99.0-beta.7 now runs compiled-next e2e tests against the actual binary users run [5], catching Bun blockers before release. Web tier also consolidated its Collapsible component to shadcn and bumped vulnerable dependencies across nitropack, mermaid, and hono.

Action items

References

  1. [1] fix: escape quotes (#45848) supabase/supabase
  2. [2] fix: search on the partners/integrations page was still using misc db (#45866) supabase/supabase
  3. [3] fix: prevent non-superuser roles from dropping supabase_privileged_role (#2150) supabase/postgres
  4. [4] ref(core): Improve replica identity handling ↗ supabase/etl
  5. [5] fix(cli): support compiled next cli e2e runtime ↗ supabase/cli
  6. [6] fix: optimise replication poller ↗ supabase/realtime
  7. [7] v2.94.1 ↗ supabase/realtime

FAQ

What changed in Supabase on May 14, 2026?
Quote escaping fix closes critical search vulnerabilities while ETL and Realtime ship performance improvements that ripple across the stack.
What should Supabase teams do about it?
Deploy quote escaping fix to dashboard before next release • Upgrade Realtime to v2.94.1 to cut replication memory overhead • Review ETL replica identity handling if you use REPLICA IDENTITY FULL
Which Supabase repositories shipped on May 14, 2026?
supabase/supabase, supabase/postgres, supabase/etl, supabase/cli, supabase/realtime

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.