Closed nCrafts closed 2 months ago
Thanks for reporting. We resolved this with https://github.com/supabase/splinter/pull/70 2 days ago but it hasn't propagated to Studio yet. If you give another day or two you should see clear
Still seeing this, has the fix landed in studio yet?
Not quite yet. You can track the production rollout here https://github.com/supabase/supabase/pull/26263
Bug report
Describe the bug
I don't know if the issue is with security reporting or how extensions work, but enabling timescale in Supabase throws up a lot of errors in the security advisor. Timescale creates a bunch of schemas like _timescaledb_cache when enabled, and these schemas are accessible by the PUBLIC role.
Here is an example of a create script run by Timescale:
Supabase says:
The new schemas are not in the 'search' path, or a part of the 'public' schema. Are they still somehow available and vulnerable?
To Reproduce
Simply enable the timescaledb extension:
Expected behavior
If this is an issue with the extension: the schemas should not have PUBLIC access.
If this is an issue with the security advisor: it shouldn't report this as being an issue.