Changelog

Letting users know about security-sensitive actions on their account is an increasingly common authentication feature.

We’re excited to announce an expansion of our email templates to handle these these types of events, beginning with:

• Password changed
• Email changed
• Phone number changed
• Identity linked or unlinked
• Multi-factor authentication enrolled or unenrolled

You can find documentation—including for our API—here. The list of templates will continue to grow as our feature-set changes, and as we gather feedback from our community.

[!NOTE] To enable the feature preview, click your profile avatar, click Feature previews and enable Security notification templates.

What we’d like to know from you#

• Any bugs or issues you run into when using email templates
• Any friction you run into when managing email templates through the Supabase dashboard
• Any additional use cases for email templates, and how we might be able to better support your workflow

Rollout plan#

• Changes are behind a feature preview in the dashboard
• Starting from 13th Nov 2025, we will roll out to the hosted platform first as incremental % rollout where users will be opted into the feature preview by default
• If you might want opt out of the changes, you may disable the changes via the feature previews which you can access through the user dropdown in the header here:

Related links#

• Dashboard: https://supabase.com/dashboard/project/_/auth/templates
• Documentation:
  • Email templates: https://supabase.com/docs/guides/auth/auth-email-templates
  • Send email hook: https://supabase.com/docs/guides/auth/auth-hooks/send-email-hook
  • Local Dev / CLI: https://supabase.com/docs/guides/local-development/customizing-email-templates

Manage Analytics Buckets from the dashboard#

We previously announced Supabase Analytics Bucket in Launch Week 15 and we've made much progress since then! You can use these buckets to store large datasets for analytics and reporting 📊

Analytics Buckets is currently in Public Alpha, hence expect rapid changes and possible breaking updates as we expand access to make this increasingly available to everyone. 🙂🙏

Vector Buckets are also now in Public Alpha if you might be interested as well 😄

What we'd like to know from you#

• Any bugs / issues that you might run into when using Analytics Buckets
• Any UX friction that you might run into when managing Analytics Buckets through the dashboard
• Any use cases for Analytics Buckets, and how we might be able to improve the DX to support your development / workflow

Related Links#

Dashboard: https://supabase.com/dashboard/project/_/storage/analytics

Waitlist: https://forms.supabase.com/analytics-buckets Youtube: https://www.youtube.com/watch?v=8poJ0f3Ucik Blog: https://supabase.com/blog/analytics-buckets Documentation: https://supabase.com/docs/guides/storage/analytics/introduction

Here's another brief summary of changes that went into the dashboard over the past 2 weeks 😄🙏

Upcoming: Storage UI update#

We'll be pushing out an update to our Storage UI within this week as part of revisiting the information architecture of the dashboard, given that Supabase Storage isn't only about file storage but also analytics and vectors! 😉🗂️. This sets up the necessary changes required to support the other storage types that will come soon to the dashboard some time this week (or next)! 🙏 There's no other changes besides this (the file explorer of your file buckets remains the same 🙂🙏)

PR: https://github.com/supabase/supabase/pull/40076

Link: https://supabase.com/dashboard/project/_/storage/buckets

Auth Reports improvements#

We've shipped a number of updates to the Auth Reports, splitting reports into sections and making it easier to find the information that you need! 🙂🕵️ (Usage, Monitoring, Performance) These changes will allow you to see spikes in errors in the API and Auth servers, and you may also select a part of the chart to open them in the logs pages (Way more easier than combing through them in the Logs Explorer)

PR: https://github.com/supabase/supabase/pull/39013

Link: https://supabase.com/dashboard/project/_/reports/auth

Additional settings for Realtime#

We've added the following 3 settings that can be configured for your project through the realtime settings page! ⚙️💨 Information regarding all configurable settings for Realtime can be found in our documentation here!

• Enable / Disable Realtime service
  • If disabled, no clients will be able to connect and new connections will be rejected
• Max presence events per second
  • Maximum number of presence events per second that can be sent to your Realtime service
• Max payload size in KB
  • Maximum number of payload size in KB that can be sent to your Realtime service

PR: https://github.com/supabase/supabase/pull/39566

Link: https://supabase.com/dashboard/project/_/realtime/settings

Support for Sentry Log Drains#

You can now send your project logs to Sentry as a third party destination! 🙂🪵 Read more about this in our documentation here!

PR: https://github.com/supabase/supabase/pull/39442

Link: https://supabase.com/dashboard/project/_/settings/log-drains

Other bug fixes and improvements#

General

• Simplified UI for project while in a paused state (PR)

Auth

• Persist sort by search configuration, but only if number of users in database is < 10,000 (PR)

Database

• Add support for duplicating database functions (PR)
• Add support for duplicating database triggers (PR)
• Database functions link to triggers list if function has trigger return type (PR)
• Database triggers link to table editor and functions list if for the table and function of the trigger respectively (PR)

Edge Functions

• Added support for drag and drop to add files while editing an edge function (PR)

Storage

• Add virtualization for buckets to support rendering a large number of buckets (PR)

Table Editor

• Fix schema not persisting when creating a table outside of the public schema (PR)

Reports

• Fix database reports "Database Connections" charts (PR)

Realtime

• Improved error messages when channel fails to join (PR)
• Add warning when updating realtime settings that clients will be disconnected (PR)

With @supabase/supabase-js@2.75.1 and a CLI version > 2.53.1, the type-generation and runtime support for embedded functions / computed relationships has been improved. The introspection now includes SetofOptions metadata via the supabase/postgres-meta#971, and the client library types in supabase-js now provide stronger type inference and compile-time errors for invalid function usage.

🔍 What’s new#

• Functions returning SETOF or table types are now correctly inferred as embedded relationships (arrays) when used in .select() queries (computed relationships). Supported via SetofOptions from introspection. note: If you define a function in Postgres with RETURNS SETOF … ROWS 1, the tool-chain (introspection + type generation) will infer this as a single object instead of an array.

• TypeScript errors at call-site when you attempt to call a function with wrong or conflicting parameters. For example:

  
  

  _10

  const res = await supabase.rpc('postgrest_unresolvable_function', { a: 'test' });

  _10

  // Error: Could not choose the best candidate function between: public.postgrest_unresolvable_function(a => integer), public.postgrest_unresolvable_function(a => text).

  
  

  This kind of error helps you catch ambiguous overloads that the introspection cannot decide between.

• Additional error cases like:

  
  

  _10

  const res = await supabase.rpc('blurb_message', {});

  _10

  // Error: Searched for the function public.blurb_message with parameter or with a single unnamed json/jsonb parameter, but no matches were found in the schema cache.

  
  

  This corresponds to underlying PostgREST error codes PGRST202 / PGRST203.

Important caveats:

Nullable embed relationships by default: When you embed a function (computed relationship) in a .select() query, the generated type will treat the function result as possibly null, since it may not return any rows.

You can override the nullability globally using a DeepMerge override when generating types using the CLI. Example:

This approach mimics defining custom JSON types via MergeDeep.

However, when a function has multiple overloads or multiple SetofOptions variants (for example one overload returns from someTable → someOtherTable, another returns someTable2 → someOtherTable), a global override may become ambiguous:

In such cases, the recommendation is to use the !inner hint in the query itself so the inference knows the result won’t be null:

✅ What you should do#

1. Upgrade to @supabase/supabase-js@2.75.1 (or higher)
2. Ensure you are using the CLI at version > 2.53.1 so that SetofOptions metadata is correctly included in the generated types.
3. Regenerate your types (e.g., npx supabase gen types typescript …) after introspection so that functions with SETOF return types are captured with the proper metadata.

🔗 References#

• PostgREST docs — Computed Relationships
• supabase/supabase-js#1632
• supabase/postgres-meta#971
• Defining custom JSON types (type override docs)

Another brief summary of changes that went into the dashboard over the past 2 weeks 🙂🙏

Update to the Authentication Users page#

You may have already noticed but we've recently had to make some changes to the Users page under the Authentication section, specifically around how users are fetched and searched 🙏 The reason behind the change is primarily technical which is summarized nicely in this tweet here, but TLDR the query which the dashboard was running to retrieve users from the database wasn't performant in particular if your project had a large number of users.

Understandably this makes the UX less than ideal consequently, in particular with sorting since users are no longer sorted by "Created at" by default which was helpful for seeing new users who signed up to your application. While this is still possible by swapping the search mode to "Unified search", it was pretty inconvenient since the search configurations aren't persisted across sessions (we definitely hear all feedback as promised! 🙏🙂)

As such and we've recently shipped an update that moves search configuration into the URL (so that refreshing keeps you in the same state), but also persist the search mode in local storage to ensure that it's restored whenever you return to the Users page.

There's definitely more than we can do here and we're actively looking into this! In the meantime, feel free to leave any thoughts or feedback in this discussion here! 🙂🙏

PR:

• https://github.com/supabase/supabase/pull/39349
• https://github.com/supabase/supabase/pull/39599
• https://github.com/supabase/supabase/pull/39649

Link: https://supabase.com/dashboard/project/_/auth/users

Other bug fixes and improvements#

Account

• Add settings to disable hotkeys in dashboard (PR)

General

• Add more context for common issues in session expired dialog (PR)
• Add visibility toggle for password input field in sign in page (PR)
• Consolidate information in Connect dialog to reduce cognitive load (PR)

Assistant

• Add support for rating individual assistant responses (PR)
• Add error handler for when conversation gets too long (PR)
• Add support for switching models for Assistant (PR)

Edge Functions

• Add Hide / Show anonymous key CTA in Edge Function details page "Invoke function" section (PR)
• Opt to ignore "Cannot find modules" errors in Edge Functions code editor (PR)
• Omit quotes when pasting contents of a .env file into Edge Functions secrets (PR)

Realtime

• Add Assistant CTA to set up realtime for project (PR)
• Add max events per second configuration in realtime settings (PR)

Reports

• Add timezone to tooltips (PR)

Settings

• Improve clarity in Postgres upgrade callout regarding objects that need to be removed (PR)

Table Editor

• Fix occasional duplicate rows issue when exporting table into CSV (PR)

SQL Editor

• Mitigate "Unable to find snippet" issue Part 1 (PR)
• Mitigate "Unable to find snippet" issue Part 2 (PR)

What's changed?#

The Supabase MCP server is now hosted as a remote (HTTP) MCP server at the following URL:

Or if you are developing locally using the CLI, you can access the MCP server at:

This makes it easier and more secure to connect your MCP clients with Supabase while expanding the number of clients Supabase can connect to.

Why remote MCP?#

Up until now you had to run Supabase MCP locally via an npx command:

Running the MCP server this way came with a lot of pain points:

1. Limited MCP clients: Most web-based AI agents (like ChatGPT) are limited to HTTP-based MCP servers due to the environments they run in.
2. Authentication was clunky: You needed to manually generate a personal access token (PAT) in order to authenticate with your Supabase account which added friction to the setup experience and had weaker security (it was easy to accidentally commit this to source control).
3. Setup was tricky: You needed Node.js installed to run the server, needed to make sure your environment was configured correctly with the right version, and you needed to modify the command slightly based on the operating system you were running.

Now with remote MCP, you are able to connect Supabase with many more MCP clients, you authenticate using a much simpler browser-based OAuth 2 flow, and setup is much easier. We also built an interactive widget to help you connect popular MCP clients to Supabase and customize the URL to your preferences (like project-scoped mode and read-only mode).

Security reminder#

A friendly reminder to never connect MCP to production data! Supabase MCP was designed from the beginning to assist with app development and shouldn't be connected to production databases. See our post on Defense in Depth for MCP Servers.

More info#

Read more about all the features in the Remote MCP blog post!

We recently rolled out a change that updates pgmq version from 1.4.4 to 1.5.1 for new projects created with release version https://github.com/supabase/postgres/releases/tag/17.6.1.016 and newer.

There is a potential breaking change for users of the delay parameter as discussed here https://github.com/pgmq/pgmq/releases/tag/v1.5.0 for versions 1.5.0 and newer

However, there is a temporary issue with upgrade of existing projects with just the pgmq extension. At the moment if you trigger an upgrade, your pgmq extension will remain on version 1.4.4 until we fix this upgrade issue. We'll report back here when this is fixed. It will likely be fixed by an upstream contribution or fix of the extension itself, and a release of a version newer than 1.5.1

Again, once this issue is resolved we'll update this changelog issue, although users should still be aware of the potential breaking change

Another brief summary of changes that went into the dashboard over the past 2 weeks, but before that...

Supabase Select just wrapped up over the weekend!#

If you might have missed it or want to get involved - Livestreams are available on the Supabase Youtube channel, or on our site here! A huge thank you to everyone in the community for joining us on this journey thus far - and as always let us know any feedback / ideas / thoughts, anything! We promise we look at every message that comes in 🙂🙏

Assistant Improvements#

We've been shipping some incremental improvements to the Assistant which involves both better response speeds, better quality outputs, and better UX with a more action-oriented approach (along with some style refinements to messages and tools)! 🤖🙂

These are all in hopes to support you while building out with Supabase and we're still looking into how we can make the experience even better for you! Feel free to leave any feedback or ideas in this thread on how we can further improve the Assistant 😄🙏

PR:

• https://github.com/supabase/supabase/pull/38806
• https://github.com/supabase/supabase/pull/38805
• https://github.com/supabase/supabase/pull/39031
• https://github.com/supabase/supabase/pull/39072

Link: https://supabase.com/dashboard/project/_

Contextual error handling in Table Editor#

Enabling users to self-debug when running into issues have been at the forefront of our priority recently - this is just a small addition to that topic in which we're opting to provide contextual errors in the table editor, specifically when applying filters 🙂🔍

Hopefully these will provide better clues while working with the Table Editor instead of just merely showing "Failed to retrieve rows" - and we're hoping to expand this further too to cover more cases! 🙏

PR: https://github.com/supabase/supabase/pull/39004

Link: https://supabase.com/dashboard/project/_/editor

Other bug fixes and improvements#

General

• Improve clarity of errors for organization member invite flow (PR)
• Fix deleting project not refreshing list of projects on home page (PR)

Table Editor

• Fix "New table" button not working if on an unknown table (PR)
• Improve stability of tab state syncing between URL params and local storage (PR)
• Use session storage as default cache for tab state (PR)
• Ensure CSV chunk uploads handle rate limits properly (PR)
• Refrain from applying a default sort on JSON columns (PR)
• Flatten copy cell and row actions in context menu (PR)

Storage Explorer

• Fix long bucket names blocking bucket actions (PR)

Integrations

• Fix webhooks HTTP headers for edge functions not loading Auth headers on first open (PR)

Advisors

• Query performance improve layout of metadata in query details panel (PR)
• Query performance consolidate time consumed and total time columns (PR)
• Query performance make query pattern expandable (PR)
• Query performance improve time consumed text to be more human readable (PR)

Reports

• Improve tooltip UX (PR)
• Make chart highlight actions configurable per chart (PR)
• Use is instead of matches in API filters (PR)
• Fix max pooler connections tooltip (PR)
• Always show tooltip values (PR)

What Changed#

We've consolidated all Supabase JS client libraries into a unified monorepo at supabase/supabase-js.

For Package Users 👥#

Nothing changed for you! Continue installing packages as usual:

For Contributors 🛠️#

All development now happens in the monorepo:

Old repositories (will be archived soon):

• supabase/auth-js
• supabase/postgrest-js
• supabase/realtime-js
• supabase/storage-js
• supabase/functions-js

New location: All libraries are now under packages/core/ in supabase/supabase-js

Benefits#

• Fixed versioning - all packages share the same version for compatibility
• Atomic changes - fix bugs across libraries in single PRs
• Better testing - immediate integration testing without manual releases
• Unified tooling - consistent build, test, and release processes

Getting Started#

1. Fork and clone: github.com/supabase/supabase-js
2. Read the guides: Complete documentation in the new repository
3. Use Nx commands: npx nx test auth-js, npx nx build storage-js, etc.

Documentation#

All documentation is now in the monorepo:

• Contributing Guide - Development workflow and PR process
• Migration Guide - Detailed transition information
• Testing Guide - Package-specific testing requirements

Questions?#

• Issues: supabase-js Issues
• Migration help: Open a new issue. Add [migration] in the title of your issue.

Another brief summary of changes that went into the dashboard over the past 2 weeks! 🙂

Couple of improvements to the Query Performance Advisor#

We've been shipping incremental improvements to the Query Performance Advisor in hopes to simplify the usability of the report despite all the information present on the page 🙏🙂 There's quite a few tidbits there so check out the advisor and let us know what you think! Huge shoutout to @kemaldotearth for this one! 😄

PRs:

• https://github.com/supabase/supabase/pull/38470
• https://github.com/supabase/supabase/pull/38523
• https://github.com/supabase/supabase/pull/38606
• https://github.com/supabase/supabase/pull/38657
• https://github.com/supabase/supabase/pull/38634
• https://github.com/supabase/supabase/pull/38744
• https://github.com/supabase/supabase/pull/38778
• https://github.com/supabase/supabase/pull/38783
• https://github.com/supabase/supabase/pull/38819
• https://github.com/supabase/supabase/pull/38825
• https://github.com/supabase/supabase/pull/38815
• https://github.com/supabase/supabase/pull/38867
• https://github.com/supabase/supabase/pull/38920

URL: https://supabase.com/dashboard/project/_/advisors/query-performance

Configure to save Auth Audit Logs in project's database#

We've added a new page under the Auth section "Audit Logs" which will allow you to toggle disabling writing Auth audit logs to your project's database. The Auth audit logs will still be available in the auth logs but doing so will then prevent the audit logs from taking up your project's database space, which subsequently reduces your database storage costs. Read more about this in our docs here!

PR: https://github.com/supabase/supabase/pull/37409

URL: https://supabase.com/dashboard/project/_/auth/audit-logs

Other bug fixes and improvements#

Table Editor

• Shift refresh button to top nav for better visibility (PR)
• CSV imports will show row number with the error to give a more actionable message (PR)
• Fix default value placeholder for fields with foreign keys (PR)
• Add support for expanding rows into a side panel for foreign tables (FDW) (PR)
• Add contextual errors for foreign tables if failed to fetch rows (FDW) (PR)

Integrations

• Fix webhooks HTTP headers for edge functions not loading auth headers on first open (PR)

Reports

• Chart highlight actions can be configured per chart (PR)

Launch week, Storage, Supabase CLI, Connection Pooling, Supabase UI, and Pricing. Here's what we released last month.

This is also available as a blog post and a video demo.

Supabase Storage#

Need to store images, audio, and video clips? Well now you can do it on Supabase Storage. It's backed by S3 and our new OSS storage API written in Fastify and Typescript. Read the full blog post.

Connection Pooling#

The Supabase API already handles Connection Pooling, but if you're connecting to your database directly (for example, with Prisma) we now bundle PgBouncer. Read the full blog post.

React UI Component Library#

We open sourced our internal UI component library, so that anyone can use and contribute to the Supabase aesthetic. It lives at ui.supabase.io . It was also the #1 Product of the Day on Product Hunt.

CLI#

Now you can run Supabase locally in the terminal with supabase start. We have done some preliminary work on diff-based schema migrations, and added some new tooling for self-hosting Supabase with Docker. Blog post here.

OAuth Scopes#

Thanks to a comunity contribution (@_mateomorris and @Beamanator), Supabase Auth now includes OAuth scopes. These allow you to request elevated access during login. For example, you may want to request access to a list of Repositories when users log in with GitHub. Check out the Documentation.

Kaizen#

• You can now manage your PostgREST configuration inside the Dashboard.
• Our website has been redesigned. Check out our new Homepage and Blog, and our new Database, Auth, and Storage product pages.
• We refactored some of our Filter methods to make them even easier to use. Check out the Full Text Search refactor.
• We have added several new sections to our Docs including: Local Dev, Self Hosting, and Postgres Reference docs (all still under development).

Supabase is an open source Firebase alternative. We've now been building for one year. Here's what we released last month.

This is also available as a blog post and a video demo.

Dashboard Sidebars#

We've improved the UX of our Dashboard with sidebars in every section, including the Table view, the Auth section, and the SQL Editor.

SQL Autocomplete#

Writing SQL just got 10x easier. We added autocomplete to the SQL editor, including table & column suggestions.

Auth Redirects#

Redirect your users to specific route within your site on signIn() and signUp().

Learning Resources#

We've released a new Resources section in our docs, as well as two new Auth modules: GoTrue Overview and Google OAuth.

New Region#

Launch your database in South Africa.

Kaizen#

• We filled up our Examples page with a lot of new content.
• We released a Docker Compose file for running Supabase locally. This will be used in our upcoming CLI.
• We have a couple of pending RFCs which you may want to participate in:
  • Planning our CLI and Local Development
  • Connection Pooling on Supabase

New year, new features. We've been busy at Supabase during January and our community has been even busier. Here's a few things you'll find interesting.

This is also available as a blog post and a video demo.

Count functionality#

Anyone who has worked with Firebase long enough has become frustrated over the lack of count functionality. This isn't a problem with PostgreSQL! Our libraries now have support for PostgREST's exact, planned, and estimated counts. A massive thanks to @dshukertjr for this adding support to our client library.

New Auth Providers#

We enabled 2 new Auth providers - Facebook and Azure. Thanks to @Levet for the Azure plugin, and once again to Netlify's amazing work with GoTrue to implement Facebook.

Auth Audit Trail#

We have exposed the audit trail directly in the dashboard, as well as the GoTrue logs. Great for security and debugging.

Auth UI widget#

In case our Auth endpoints aren't easy enough already, we've built a React Auth Widget for you to drop into your app and to get up-and-running in minutes.

New auth.email() function#

We added a helper function for extracting the logged in user's email address.

New Regions#

Launch your database in London or Sydney!

Copy rows as Markdown#

You can now copy SQL results as Markdown - super useful for adding to blogs and issues.

React server components#

If you're excited by React Server components then check out the Supabase + Server Components experimental repo. https://github.com/supabase/next-server-components

Learn#

We know that Auth can be a bit daunting when you're just starting out, so we have created some intro videos to get you up to speed in no time:

• Supabase Auth Deep Dive Part 1: JWTs
• Supabase Auth Deep Dive Part 2: Restrict Table Access
• Supabase Auth Deep Dive Part 3: User Based Access Policies

Kaizen#

• Performance: We migrated all of our subdomains to Route53, implementing custom Let's Encrypt certs for your APIs. As a result, our read benchmarks are measuring up 12% faster.
• Performance: We upgrade your databases to the new GP3 storage for faster and more consistent throughput.

After 10 hectic months of building, Supabase is now in Beta.

This is also available as a blog post and a video demo.

Supabase is now in Beta#

We spent months working on Performance, Security, and Reliability. Read more on our Beta Page.

Improve your docs inline#

Add comments and descriptions to your Tables directly from our auto-generated docs.

Table View now has realtime changes#

Any updates that happen to your database are reflected in the Table View immediately.

Table Pagination#

Our table view now has pagination - better for working with large data sets.

Supabase raised a Seed Round#

We raised $6M from Y Combinator, Mozilla, and Coatue. You can read more on TechCrunch.

Kaizen#

• Supabase is now 26% faster in regions which support Graviton (1460 reqs/s up from 1167 reqs/s)
• We launched a new region in Sao Paulo.
• Postgres Array Support. You can now edit Native Postgres array items in the grid editor or the side panel.
• We added better support for your custom Database Types.
• Fixed some buggy keyboard commands. We're continuously improving key commands in the Table editor.