RepoJournal
Supabase

@supabase

The open-source Firebase alternative powering thousands of startups

Pick a date

Topics: JavaScript Full archive →

The Wire · Showcase

POSTGRES SECURITY PATCH SHIPS ACROSS ALL VERSIONS

By RepoJournal · Filed · About Supabase

Supabase dropped CVE-2026-31431 mitigation across Postgres 15, 17, and OrioledB variants overnight, closing a critical vulnerability that could affect every deployment.

The security fix landed in v17.6.1.150-cli [2] and propagated to all supported versions [3] [4], with OrioledB getting its own hardened release [5]. This wasn't a minor patch: the CVE-2026-31431 mitigation [1] represents the kind of vulnerability that demands immediate attention across your entire fleet. In parallel, dbdev CLI picked up dependency updates to regex 1.13.0 [6] for improved compilation performance and uuid 1.23.5 [7] for hex parsing optimization, both landing cleanly without breaking changes [8] [9]. Studio shipped a critical fix [10] for API observability: DELETE request filtering was silently failing because the report builder was lowercasing method names when edge_logs stores them uppercase, making your observability blind to certain traffic patterns. Meanwhile, CLI is cycling through major dependency bumps including PostHog updates [11], standard housekeeping but worth validating in your CI pipeline.

Action items

References

  1. [1] feat: mitigation of CVE-2026-31431 (#2186) supabase/postgres
  2. [2] v17.6.1.150-cli ↗ supabase/postgres
  3. [3] 17.6.1.150 ↗ supabase/postgres
  4. [4] 15.14.1.150-x86 ↗ supabase/postgres
  5. [5] 17.9.0.003-orioledb ↗ supabase/postgres
  6. [6] chore(deps): bump regex from 1.12.4 to 1.13.0 in /cli ↗ supabase/dbdev
  7. [7] chore(deps): bump uuid from 1.23.4 to 1.23.5 in /cli ↗ supabase/dbdev
  8. [8] Merge pull request #502 from supabase/dependabot/cargo/cli/master/regex-1.13.0 supabase/dbdev
  9. [9] Merge pull request #501 from supabase/dependabot/cargo/cli/master/uuid-1.23.5 supabase/dbdev
  10. [10] fix(studio): preserve API report filter value casing so method filters match ↗ supabase/supabase
  11. [11] chore(deps): bump the npm-major group with 3 updates ↗ supabase/cli

Quick answers

What shipped in Supabase on July 19, 2026?
Supabase dropped CVE-2026-31431 mitigation across Postgres 15, 17, and OrioledB variants overnight, closing a critical vulnerability that could affect every deployment. In total, 5 commits, 6 pull requests, and 6 releases landed.
Who contributed to Supabase on July 19, 2026?
5 developers shipped this update, including samrose, github-actions[bot], dependabot, Raminder Singh, and Jordi Enric.
What were the notable Supabase updates?
feat: mitigation of CVE-2026-31431 (#2186), v17.6.1.150-cli, and 17.6.1.150.

More from @supabase

Daily updates, in your inbox

Follow Supabase

The open-source Firebase alternative powering thousands of startups We'll email you a link to confirm first.

Free. Confirm via email. Unsubscribe in one click.

— or follow the whole beat:

Elsewhere on the wire