Update n8nio/n8n Docker tag to v2.27.3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
n8nio/n8n (source)	Kustomization	minor	2.26.7 → 2.27.3

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

n8n-io/n8n (n8nio/n8n)

v2.27.0

Bug Fixes

• API: Make conditional credential fields optional instead of forbidden (#​32010) (0ab043c)
• Bump task-runner-launcher to 1.4.7 to clear stdlib CVEs (#​32095) (4d974e3)
• Computer use disconnect status on client stop (#​32059) (5c61d0e)
• core: Add RFC 8707 resource parameter to client-side OAuth flow (#​30924) (04b4a79)
• core: Allow publishing workflows that use private credentials (#​32306) (27d8426)
• core: Enforce API key scope/endpoint parity in public API (#​32231) (58999f0)
• core: Ensure workflows that fail to activate are removed from active, preventing unintended executions (#​31767) (79d1695)
• core: Fix workers processing queued jobs before module initialization completes (#​32145) (506461f)
• core: Hide resource URL for synthetic OAuth2 credentials for MCP registry tools (#​32351) (51fe9ff)
• core: Include indexes and TOAST in Postgres data table size (#​31606) (c9f4aa8)
• core: Preserve trailing letter-less text in toSentenceCase() exp… (#​32242) (7a77898)
• core: Prevent nodes from throwing context.getNodeParameter is not a function when n8n is installed via npm (#​32123) (a254a89)
• core: Prevent pollers from starting executions for old workflow versions when registered while in-flight (#​32006) (21c786c)
• core: Prevent post-execution writes against closed pool on worker shutdown (#​31915) (3059088)
• core: Prevent queue recovery from marking waiting executions as crashed (#​32316) (c4c0e91)
• core: Propagate sub-workflow errors to parent after wait resume (#​31927) (6afba57)
• core: Remove user:enforceMfa from public API key scopes (#​32223) (3c39a0e)
• core: Retry role mapping create order conflicts (#​30687) (448c114)
• core: Surface a final response when a builder follow-up completes silently (#​31986) (29abe78)
• core: Throw a clear error for $evaluateExpression in the Code node under secure mode (#​31721) (fbad049)
• core: Upgrade nodemailer to 8.0.10 (DEVP-401) (#​31998) (c339095)
• core: Use npm's bundled node-gyp for isolated-vm Docker rebuild (#​32158) (67cdf44)
• Correct Form URL Encoded label in HTTP Request node (#​31852) (ff7f35e)
• editor: Agent builder progress log lines visual glitches (#​32077) (f9496c2)
• editor: Auto-reload editor on stale Vite chunk preload error (#​31747) (2f3ebb6)
• editor: Close credential modal after successful setup (#​31925) (7b2c722)
• editor: Harden credential modal against async hangs (#​31292) (037bdb2)
• editor: Hide template setup button once setup is complete (#​31912) (af9caff)
• editor: Insert instance ai prompt suggestions instead of submit (#​32008) (3386aa8)
• editor: Make workflow settings and actions menu work in the AI artifact view (#​32082) (5a28683)
• editor: Mute Never expiration in API keys table (#​32224) (115d9c7)
• editor: Open sticky note color picker from context menu (#​31917) (0685db8)
• editor: Preserve loaded options value when navigating between nodes (#​31946) (f6e5705)
• editor: Refresh Instance AI workflow preview on update and restore-version (#​31904) (f2c764a)
• editor: Remove 'Building your agent' loading state and go straight to full-page builder (#​32120) (d553602)
• editor: Restore cross-origin notification after OAuth popup completes (#​32087) (090fa9e)
• editor: Scope publish history scrollbar to timeline sidebar (#​31661) (497226e)
• editor: Send only credential id when authorizing OAuth credentials (#​31926) (4f10853)
• editor: Show AI assistant error when stream ends with unparseable content (#​32068) (a7b910f)
• editor: Show an error when imported JSON is not a valid workflow (#​31782) (0731871)
• editor: Show correct project in workflow breadcrumb for projectId links (#​32103) (fd23d4d)
• editor: Show run data of stopped executions in scaling mode (#​32142) (889769a)
• editor: Skip external-secrets fetch on Community Edition (#​31906) (f6518a5)
• editor: Stop showing deleted resources in dependency pill (#​32106) (4e10568)
• editor: Truncate long API key labels in settings table (#​32232) (607634a)
• editor: Use workflow-scoped credential fetch in node credential picker (#​31938) (8cd67d3)
• Fix 4 security issues in @​grpc/grpc-js, hono (#​32281) (e292779)
• Fix security issue in shell-quote via minor version upgrade from 1.8.3 to 1.8.4 (SEC-809) (#​32107) (131e4ea)
• Http Request Node: Preserve multipart filenames for binary uploads (#​29022) (f412820)
• Kafka Node: Distinguish the Schema Registry credential from the Kafka credential (#​32335) (41ee940)
• Move unstable PURL-pinned overrides to version-agnostic byName (#​31985) (e77dd74)
• Oracle Database Node: Support OUT bind parameters (#​30083) (d3406dd)
• Require justified mutants in mutation-health gate (#​32340) (b3a34fc)
• Set task status to 'cancelled' in BackgroundTaskManager.cancelAll() (#​31764) (5733fb7)
• Store messages even if stream is undrained (#​32119) (f2da1d1)

Features

• Calendly Trigger Node: Deprecate API key auth and default to OAuth2 (#​28367) (3f88c6e)
• Computer use supports reading local pdf and image files (#​30704) (b810bfd)
• core: Add cred-filename-against-convention community node lint rule (#​32356) (e436e1a)
• core: Add explore_node_resources MCP tool (#​31018) (9373433)
• core: Add Instance AI builder planning guardrails (#​31984) (63cdd9f)
• core: Add instance settings env telemetry (#​31949) (3753c34)
• core: Add OpenTelemetry test trace endpoint and settings button (#​32333) (4fde44b)
• core: Add output redactor guardrail for instance AI use (#​31929) (06df815)
• core: Add S3 storage mode for execution data (#​32226) (2a6acf3)
• core: Add tags support to MCP server (#​31446) (1640a69)
• core: Add telemetry for import/export on server CLI (#​32297) (2ac0660)
• core: Add valid-author community node lint rule (#​32357) (029cf72)
• core: Add validation and size limits to package archive reading (#​31812) (e0cb99e)
• core: Add workflowPublishingPolicy to package import (#​31961) (140a319)
• core: Configure OpenTelemetry settings via UI (#​31781) (e2dd95d)
• core: Email public API key owners when their key is revoked by an admin (#​32086) (ac19787)
• core: Expose DNS cache metrics via PrometheusMetricsService (#​32013) (5ab381c)
• core: Expose SSRF protection check outcomes as Prometheus metrics (#​32004) (58c4cd1)
• core: Introduce credentialBindings for package import (#​32228) (f161bf0)
• core: Make data redaction enforcement generally available (#​31966) (2afc32a)
• core: Remove n8n packages license check (#​32317) (93e2f86)
• core: Workflow import workflowIdPolicy (#​32075) (24c264c)
• editor: Add docs links for data redaction (#​32220) (bc90a4b)
• editor: Allow creating variables and data tables from the universal add menu (#​32079) (3cff611)
• editor: Open API key modal in read-only mode for non-owners (#​32254) (9496996)
• editor: Redesign API key created modal (#​32256) (e6bc501)
• editor: Reposition nodes on group collapse/expand (#​32128) (053126f)
• editor: Rewrite icon picker with search, full Lucide set, emoji sections, and color/skin tone pickers (#​25649) (12ba0d0)
• editor: Use an action menu for API key row actions (#​32339) (f80fca2)
• Force Microsoft account selection on OAuth for all Microsoft credentials (#​32015) (939307a)
• GitHub Node: Introduce get members operation on organization resource (#​23822) (05d44e4)
• JWT Node: Support custom header claims for the Sign operation (#​31918) (160cb09)
• Kafka Node: Add Schema Registry credential type (#​32026) (93d9387)
• LmChatAnthropic Node: Add streaming option (#​30991) (cf223af)
• MCP Server Trigger Node: Add n8n OAuth2 authentication option (#​32326) (e7b1c1c)
• Microsoft OneDrive Node: Support the generic Microsoft OAuth2 credential (#​32295) (30b5451)
• Pipedrive Trigger Node: Allow lead entities to be triggered upon (#​23977) (da8b7c7)
• Reduces delay in displaying AI Assistant workflow preview examples (#​32194) (2e9946c)
• Show the workflow name on the OAuth consent screen (#​32362) (7a5c208)

Performance Improvements

• core: Add partial index on execution_entity to fix executions list CPU spike (#​32116) (3b53949)
• core: Optimize workflow lookups (#​24690) (c3b35c1)
• core: Ungate minimize execution data fetching (#​30969) (4b4a76a)

---

Configuration

📅 Schedule: (in timezone America/Los_Angeles)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[anshulg-dep-review]

Triage: GREEN -- safe to merge

Minor version bump with comprehensive release notes, database migration is non-destructive and well-documented, and provenance is from the expected publisher with no supply chain indicators.

Quick summary

This is a minor version bump from 2.26.7 to 2.27.3 (four intermediate releases: 2.27.0, 2.27.1, 2.27.2, 2.27.3). The primary operator-facing concern is an automatic database migration in 2.27.0 that adds a partial index to the execution_entity table; on large instances this may extend startup time by several minutes, but the migration is non-destructive and the database remains available during the process. The 2.27.3 increment adds only two pure bug fixes with no deployment surface impact. All updates are from the expected n8n publisher with no provenance flags.

Updates table

Package	Old	New	Breaking	Changelog	Provenance
n8nio/n8n	2.26.7	2.27.3	actions	feature release, db migration	trusted

Required actions

None -- safe to merge.

Monitor pod startup after deploy to ensure the 2.27.0 database migration completes within the liveness probe window (currently initialDelaySeconds: 30). If the instance has a very large execution_entity table, consider temporarily increasing this value before merging.

Update summary

n8nio/n8n 2.26.7 → 2.27.3

2.27.0 — Major feature release:

• Automatic database migration adds partial index on execution_entity table to fix executions-list CPU spike; on large instances may take several minutes to complete.
• New S3 storage mode for execution data (alternative to database/filesystem storage).
• Data redaction enforcement for Instance AI now generally available.
• MCP Server Trigger Node adds n8n OAuth2 authentication option.
• Kafka Node adds Schema Registry credential type.
• OpenTelemetry settings now configurable via UI.
• Multiple security fixes: 4 issues in gRPC/Hono, shell-quote 1.8.4 (SEC-809), task-runner-launcher 1.4.7, Nodemailer 8.0.10.
• Calendly Trigger Node API key auth deprecated in favor of OAuth2 (existing keys continue to work).

2.27.1 — Bug fixes and configuration:

• Cross-Origin-Opener-Policy header default changed to fix OAuth popup flows (deployment does not override this, so will adopt new default — net improvement).
• MCP and OAuth server IP rate limits now configurable via environment variables.
• Database connection recovery improvements.

2.27.2 — Bug fixes:

• Compression Node: decompress only archive members (not the archive itself).
• Workflow-folder-conflict handling in import process.

2.27.3 — Bug fixes:

• Form Trigger Node: add default value for authentication parameter to prevent crash on old workflows.
• UI: hide preview suggestions on smaller screens.

Provenance

All updates are from the expected n8n publisher (n8nio on Docker Hub) with proper source correspondence to the GitHub release repository. Both old and new versions have matching GitHub releases with documented changelogs and verified commits. No signature drift, metadata anomalies, or supply chain indicators detected.

Sub-agent reports — n8nio/n8n

Breaking-change impact

I now have everything I need. The 2.27.3 release is a pure patch with only 2 bug fixes — no breaking changes, no database migrations, no configuration changes. The prior analysis in the bot comment covers 2.26.7 → 2.27.2 completely, and 2.27.3 adds only:

1. Form Trigger Node: Add default value for authentication parameter to prevent crash on old workflows (#32628)
2. UI: Hides preview suggestions on smaller screens (#32561)

Both are pure bug fixes with no deployment surface impact. The deployment fingerprint is confirmed unchanged from the prior analysis.

---

Impact verdict: n8nio/n8n 2.26.7 → 2.27.3 (PR #3468)

Verdict

merge_with_actions

The only operator-facing concern is the 2.27.0 automatic database migration (partial index on execution_entity), which was already documented in the prior bot comment. The 2.27.3 increment adds two pure bug fixes with no deployment surface impact. This is a leaf app with no transitive dependents; blast radius is contained.

Blast radius

• Scope: leaf_app
• Direct usage: 1 manifest — rpi5/n8n/kustomization.yaml
• Transitive dependents: 0 apps — n8n is a standalone workflow automation tool; no other services in the repo connect to it as a backing service
• User-facing exposure:
  • Public hostnames affected: n8n.anshulg.net (Traefik IngressRoute, TLS, public)
  • Internal (oauth-gated) hostnames affected: n8n.internal (direct-ingress, cluster-internal)
  • Cron / scheduled jobs affected: none
• Failure mode if upgrade goes wrong: soft_down — n8n will be unavailable during the 2.27.0 migration window; the readiness probe at GET /healthz:5678 will not pass until startup completes; the rolling update holds the old replica until the new pod passes readiness, bounding downtime to the migration duration
• Recovery: trivial_rollback — pin back to 2.26.7; the 2.27.0 migration (adding a partial index) is non-destructive and the old version will function correctly against the migrated schema

Required actions before merge

None — no blocking pre-merge actions required.

• Monitor startup time after merge — the 2.27.0 migration adds a partial index to execution_entity; on a large instance this may take several minutes. Watch the pod's readiness probe (/healthz on port 5678) and ArgoCD sync status. Do not force-kill the pod during this window. If the instance has a very large execution history, consider temporarily increasing livenessProbe.initialDelaySeconds before merging. — see finding F1 below

Findings

F1: Automatic database migration — partial index on execution_entity

• Severity: monitor
• Category: data_migration
• What changed: 2.27.0 adds a Postgres migration that creates a partial index on the execution_entity table to fix an executions-list CPU spike. The release notes warn that on large instances the migration may take several minutes to complete; the database remains available during the process.
• Why it affects this deployment: rpi5/n8n/kustomization.yaml sets DB_TYPE=postgresdb, DB_POSTGRESDB_HOST=rpi4.anshulg.direct, DB_POSTGRESDB_DATABASE=n8n. The migration runs automatically on pod startup. The liveness probe has initialDelaySeconds: 30 (from rpi5/n8n/patch-statefulset.yaml); if the migration takes longer than 30 seconds, the liveness probe will fire and restart the pod — which would restart the migration, potentially causing a restart loop on a large instance.
• Affected dependents: n8n itself only (leaf app)
• Required action: No pre-merge action. Monitor pod startup after deploy. Do not interrupt the pod during the migration window. If the instance has a very large execution_entity table, consider temporarily increasing livenessProbe.initialDelaySeconds before merging.
• Source: https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0 (PR #32116)
• Confidence: documented
• Render-limited: no

F2: Form Trigger Node — crash fix for old workflows missing authentication parameter

• Severity: informational
• Category: other
• What changed: 2.27.3 adds a default value for the authentication parameter in the Form Trigger Node to prevent a crash on workflows created before this parameter existed (#32628).
• Why it affects this deployment: Node-level bug fix only. No configuration or deployment surface change. Net improvement — prevents a crash condition on old Form Trigger workflows.
• Affected dependents: n8n itself only
• Required action: No action — informational (positive change)
• Source: https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.3
• Confidence: documented
• Render-limited: no

F3: Cross-Origin-Opener-Policy header default changed (OAuth credential creation fix)

• Severity: informational
• Category: config_schema
• What changed: 2.27.1 changes the default Cross-Origin-Opener-Policy response header to fix OAuth popup flows that were broken in 2.27.0.
• Why it affects this deployment: The deployment does not set N8N_CROSS_ORIGIN_OPENER_POLICY in its env-config ConfigMap (confirmed by full scan of rpi5/n8n/kustomization.yaml). The new default is more permissive and is the correct value for OAuth credential flows — a net improvement.
• Affected dependents: n8n itself only
• Required action: No action — informational. If the stricter same-origin policy was intentional, pin via N8N_CROSS_ORIGIN_OPENER_POLICY=same-origin in the ConfigMap.
• Source: https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.1
• Confidence: documented
• Render-limited: no

F4: API key scope user:enforceMfa removed from public API

• Severity: informational
• Category: config_schema
• What changed: The user:enforceMfa scope was removed from valid public API key scopes; API key scope/endpoint parity is now enforced.
• Why it affects this deployment: Application-level change only — no manifest change needed. Only relevant if any API keys or automation reference this scope.
• Affected dependents: n8n itself only
• Required action: No action at deployment level. Audit API keys if user:enforceMfa scope was in use.
• Source: https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0 (commit 3c39a0e, PR #32223)
• Confidence: documented
• Render-limited: no

F5: Security fixes in gRPC, Hono, shell-quote, Nodemailer, and task-runner-launcher

• Severity: informational
• Category: other
• What changed: Multiple CVE fixes and dependency upgrades bundled in 2.27.0 (shell-quote 1.8.3 → 1.8.4 / SEC-809; 4 gRPC/Hono issues; task-runner-launcher bumped to 1.4.7 for stdlib CVEs; Nodemailer upgraded to 8.0.10).
• Why it affects this deployment: Security improvements with no configuration surface changes. The deployment benefits automatically.
• Affected dependents: n8n itself only
• Required action: No action — informational (positive change)
• Source: https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Confidence: documented
• Render-limited: no

Deployment fingerprint (summary)

Surface	Value
Image	n8nio/n8n:2.27.3@sha256:a772d24e6b4f9b3848be5a57c5e45437eed1965bbbcefa2f9a93f4835b6639fa
Workload type	StatefulSet (via kustomize/workloads/statefulset/statefulset.yaml) with Linkerd mesh injection
Namespace	n8n
Security context	runAsUser: 10001, runAsGroup: 10001, fsGroup: 10001, readOnlyRootFilesystem: false
Key env vars	DB_TYPE=postgresdb, DB_POSTGRESDB_HOST=rpi4.anshulg.direct, DB_POSTGRESDB_PORT=5432, DB_POSTGRESDB_DATABASE=n8n, DB_POSTGRESDB_USER=n8n, DB_POSTGRESDB_SCHEMA=public, DB_POSTGRESDB_SSL_ENABLED=true, DB_POSTGRESDB_SSL_REJECT_UNAUTHORIZED=false, DB_POSTGRESDB_SSL_CA=/etc/ssl/certs/ca-certificates.crt, N8N_HOST=n8n.anshulg.net, N8N_PORT=5678, N8N_PROTOCOL=https, N8N_USER_FOLDER=/data, N8N_RUNNERS_ENABLED=true, N8N_RESTRICT_FILE_ACCESS_TO=/data/.n8n-files, N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true, N8N_PROXY_HOPS=1, WEBHOOK_URL=https://n8n.anshulg.net/, TZ=America/Los_Angeles
Secrets	DB_POSTGRESDB_PASSWORD (SealedSecret n8n/secrets)
Volume mounts	/data (PVC data, 5Gi RWO), /etc/ssl/certs/ca-certificates.crt (ConfigMap anshulg-ca), /tmp (emptyDir)
Probes	liveness + readiness: GET /healthz:5678; readiness: initialDelaySeconds: 10, periodSeconds: 10; liveness: initialDelaySeconds: 30, periodSeconds: 30
Resources	requests: 100m CPU / 256Mi RAM; limits: 1Gi RAM (no CPU limit)
Ingress	Traefik IngressRoute → n8n.anshulg.net (TLS, public), n8n.internal (direct-ingress, cluster-internal)
N8N_CROSS_ORIGIN_OPENER_POLICY	not set — will adopt new default (net improvement for OAuth flows)

Cluster fit

• Architectures required by cluster: amd64 (primary nodes), arm64 (rpi5 nodes)
• Architectures supported by new version: linux/amd64 ✅ and linux/arm64 ✅ — n8n's CI consistently produces multi-arch manifests for all 2.x release builds; the 2.27.x series follows the same pattern as 2.26.x
• Kubernetes API versions used in manifest sources: apps/v1 (StatefulSet), v1 (Service, ConfigMap, Secret, PVC), bitnami.com/v1alpha1 (SealedSecret), traefik.io/v1alpha1 (IngressRoute) — all standard, no deprecated APIs
• Minimum K8s version stated by dep: not stated (plain container image, no K8s version constraint)
• Peer dependency check: SealedSecret controller, Traefik IngressRoute CRD, and Linkerd mesh injection all unchanged and unaffected by this image bump. No new CRD requirements introduced.

Gaps

• Rendering gap: Kustomize stack not rendered locally (no tooling available). Deployment fingerprint assembled by reading all referenced base/component/patch files directly. Considered complete for this analysis.
• Execution table size unknown: The severity of the F1 migration delay depends on the number of rows in execution_entity. Cannot be determined from manifests. If the instance has been running for a long time with many workflows, index creation could take longer than the initialDelaySeconds: 30 liveness probe window, potentially causing a restart loop.
• Architecture confirmation for exact digest sha256:a772d24e...: Architecture support confirmed via Docker Hub tag listing patterns and CI workflow inspection rather than direct manifest inspection of the specific digest.
• No BREAKING-CHANGES.md entry for 2.27.x: The n8n repo's BREAKING-CHANGES.md has no entry for this range. Release notes treated as authoritative.
• Prior analysis note: The existing bot comment covers 2.26.7 → 2.27.2 in full. The 2.27.3 increment adds only 2 pure bug fixes (Form Trigger Node crash fix, UI preview suggestions hide on small screens) with zero deployment surface impact. The delta between the prior analysis and this one is limited to those two fixes.

Upstream changelog

All four releases retrieved. I have complete information for the full range. Let me compile the structured output.

---

n8nio/n8n 2.26.7 → 2.27.3

Summary

• Artifact type: Container image (Docker Hub n8nio/n8n), backed by source repo github.com/n8n-io/n8n
• Input format: SemVer minor/patch versions
• Resolved references: Tag n8n@2.26.7 → tag n8n@2.27.3 on github.com/n8n-io/n8n
• Versions in range: 2.27.0 (2026-06-16), 2.27.1 (2026-06-17), 2.27.2 (2026-06-18), 2.27.3 (2026-06-19)
• Source repo: https://github.com/n8n-io/n8n
• Primary sources used: GitHub Releases — https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0, https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.1, https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.2, https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.3
• Versioning scheme: SemVer (minor bump 2.26 → 2.27; n8n treats minor bumps as feature releases, not breaking-change signals)
• Major version boundary crossed: No (2.x → 2.x)
• Confidence: High — maintainer-authored release notes cover all four intermediate versions with full commit-level detail

---

Breaking Changes

Database migration on startup — index added to execution_entity table

• What changed: A new partial index is added to the execution_entity table on first startup after upgrade; on large instances this migration may take several minutes to complete.
• Affects: Startup time / availability window; database schema (PostgreSQL, MySQL, SQLite all affected). No schema removal or API change — purely additive, but the migration runs automatically and cannot be skipped.
• Migration: No manual action required. The release notes state: "the database remains available during the process" — the instance will be temporarily unresponsive until the migration completes. Operators should plan for an extended startup window on large deployments.
• Source: https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0 (release notes header, PR #32116)
• Confidence: documented
• Introduced in: 2.27.0

COOP header default value changed

• What changed: The default value of the Cross-Origin-Opener-Policy (COOP) HTTP response header was changed.
• Affects: Browser security policy / OAuth popup flows; any deployment relying on the previous default COOP value (e.g., same-origin) may see OAuth credential authorization popups break or browser cross-origin isolation behavior change.
• Migration: Not explicitly documented beyond the fix description. Operators with custom reverse-proxy COOP overrides should verify their configuration. The change was introduced as a bug fix (PR #32388) — the prior default was considered incorrect.
• Source: https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.1 (PR #32388)
• Confidence: inferred (labeled as bug fix, but a default header value change affects all deployments that did not explicitly set the header)
• Introduced in: 2.27.1

user:enforceMfa scope removed from public API key scopes

• What changed: The user:enforceMfa scope was removed from the set of valid public API key scopes.
• Affects: Public API — any API key that was granted user:enforceMfa scope, or any automation that programmatically requests or checks for this scope.
• Migration: Not documented. API keys with this scope will lose it; callers relying on it must use an alternative mechanism (admin UI or a different scope).
• Source: https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0 (PR #32223)
• Confidence: inferred (scope removal from a public API is a breaking change for consumers of that scope)
• Introduced in: 2.27.0

API key scope/endpoint parity enforced in public API

• What changed: API key scope enforcement was tightened so that scopes and accessible endpoints are kept in strict parity; previously some endpoints may have been accessible without the correct scope.
• Affects: Public API — existing API keys that relied on under-enforced scope checks may now receive 403 responses on previously accessible endpoints.
• Migration: Not documented. Audit existing API key scopes and ensure they include all required scopes for the endpoints they call.
• Source: https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0 (PR #32231)
• Confidence: inferred (enforcement tightening is a behavioral breaking change for callers relying on the prior lax behavior)
• Introduced in: 2.27.0

Form Trigger Node: missing authentication parameter default causes crash on old workflows

• What changed: Old workflows using the Form Trigger Node without an explicit authentication parameter value would crash; 2.27.3 adds a default value to prevent this.
• Affects: Form Trigger Node — workflows created before the authentication parameter was introduced. The crash was introduced somewhere in the 2.27.x line and is fixed in 2.27.3.
• Migration: No action required after upgrading to 2.27.3; the fix is automatic. Operators who deployed 2.27.0–2.27.2 with affected workflows should upgrade to 2.27.3 promptly.
• Source: https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.3 (PR #32628)
• Confidence: documented (explicitly described as preventing a crash on old workflows)
• Introduced in: regression introduced in 2.27.x, fixed in 2.27.3

---

Other Notable Changes

2.27.0 — Features:

• S3 storage mode for execution data (core): New option to store execution binary data in S3 instead of the database/filesystem. PR #32226. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Data redaction enforcement GA (core): Output redaction guardrail for Instance AI is now generally available (previously feature-flagged). PR #31966. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• MCP Server Trigger Node: Added n8n OAuth2 authentication option. PR #32326. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Kafka Node: New Schema Registry credential type added; Schema Registry credential is now distinguished from the Kafka credential. PRs #32026, #32335. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• OpenTelemetry: Settings now configurable via UI; test trace endpoint added. PRs #31781, #32333. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• MCP server: Tags support added. PR #31446. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Workflow import: New workflowIdPolicy and workflowPublishingPolicy options for package import. PRs #32075, #31961. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• credentialBindings for package import (core). PR #32228. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Microsoft OneDrive Node: Now supports generic Microsoft OAuth2 credential. PR #32295. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Force Microsoft account selection on OAuth for all Microsoft credentials. PR #32015. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• LmChatAnthropic Node: Streaming option added. PR #30991. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• JWT Node: Custom header claims support for Sign operation. PR #31918. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• GitHub Node: New "get members" operation on organization resource. PR #23822. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Pipedrive Trigger Node: Lead entities can now be triggered upon. PR #23977. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• explore_node_resources MCP tool added. PR #31018. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• n8n packages license check removed (core). PR #32317. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• RFC 8707 resource parameter added to client-side OAuth flow. PR #30924. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Prometheus metrics: DNS cache metrics and SSRF protection check outcomes now exposed. PRs #32013, #32004. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0

2.27.0 — Security fixes:

• Fixed 4 security issues in @grpc/grpc-js and hono. PR #32281. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Fixed security issue in shell-quote (1.8.3 → 1.8.4, SEC-809). PR #32107. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Bumped task-runner-launcher to 1.4.7 to clear stdlib CVEs. PR #32095. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Upgraded nodemailer to 8.0.10. PR #31998. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0

2.27.0 — Performance:

• Partial index on execution_entity to fix executions list CPU spike. PR #32116. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Optimized workflow lookups. PR #24690. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0
• Ungated minimize execution data fetching. PR #30969. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0

2.27.1 — Features:

• MCP and OAuth server IP rate limits now configurable via environment variables. PR #32454. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.1

2.27.1 — Bug fixes:

• Suspend query acquisition during database connection recovery. PR #32466. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.1

2.27.2 — Bug fixes:

• Compression Node: Decompress only archive members (not the archive itself). PR #32516. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.2
• Workflow-folder-conflict handling in import process. PR #32416. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.2

2.27.3 — Bug fixes:

• Hides preview suggestions on smaller screens. PR #32561. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.3

---

Deprecations Introduced

• Calendly Trigger Node — API key auth deprecated: API key authentication is deprecated; OAuth2 is now the default. Existing Calendly Trigger nodes using API key auth continue to function but should be migrated to OAuth2. No scheduled-removal version stated. PR #28367. https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.0

---

Gaps and Caveats

• No dedicated migration guide: n8n does not publish a separate UPGRADING.md or migration guide for minor releases. All information is sourced from GitHub Release notes only.
• COOP header change specifics not documented: PR #32388 is described only as "Change default value of the COOP header" — the old and new values are not stated in the release notes. Downstream agent should inspect the PR diff if the exact header values are needed.
• Form Trigger crash window: The Form Trigger Node crash (fixed in 2.27.3) was present in 2.27.0–2.27.2. Deployments that ran any of those intermediate versions with affected workflows may have experienced silent failures. The fix is in the target version (2.27.3) so no residual risk after upgrade.
• All 2.27.x releases are marked prerelease: true in the GitHub API — this is n8n's standard tagging pattern for the rolling minor series before a stable tag is cut; it does not indicate instability relative to the 2.26.x series.
• user:enforceMfa scope removal: The PR description (#32223) was not inspected at the diff level; the impact on existing API keys with this scope is inferred from the removal description.

Provenance

Excellent! Now I have all the information I need. Let me compile the provenance verdict based on my findings.

Provenance verdict: n8nio/n8n 2.26.7 → 2.27.3

Verdict

trusted

Both versions are legitimate releases from the n8n project with proper source correspondence, consistent publisher identity, and no indicators of supply chain compromise.

Resolved references

• Artifact type: OCI container image (Docker Hub docker.io/n8nio/n8n)
• Old: n8nio/n8n:2.26.7 (GitHub release n8n@2.26.7, published 2026-06-18T10:41:53Z)
• New: n8nio/n8n:2.27.3 (GitHub release n8n@2.27.3, published 2026-06-19T10:47:54Z)
• Declared source repo: https://github.com/n8n-io/n8n (verified)
• Publisher namespace: n8nio (old) → n8nio (new) — same

Indicators

Severity	Category	Finding	Evidence
info	source_correspondence	Old version has matching GitHub release and commit	Release n8n@2.26.7 published 2026-06-18T10:41:53Z; commit 8ee27e81a67f75da665e6f88921c80ea18dda134
info	source_correspondence	New version has matching GitHub release and commit	Release n8n@2.27.3 published 2026-06-19T10:47:54Z; commit 4d5251d388764883b0b817fb9fd5cb27df629f11
info	publisher_continuity	Publisher namespace unchanged	Both versions published under n8nio on Docker Hub
info	publisher_continuity	Release authored by n8n-assistant[bot]	Automated release process consistent across both versions
info	external_signal	Release notes present and detailed	Both versions have comprehensive changelogs documenting changes

Source ↔ artifact correspondence

• Old version anchor: GitHub release n8n@2.26.7 (https://github.com/n8n-io/n8n/releases/tag/n8n%402.26.7) with commit 8ee27e81a67f75da665e6f88921c80ea18dda134
• New version anchor: GitHub release n8n@2.27.3 (https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.3) with commit 4d5251d388764883b0b817fb9fd5cb27df629f11
• Method: GitHub release tag matching; commits verified on source repository

Both versions have corresponding GitHub releases with proper version tags and documented release notes. The release commits are present on the source repository, confirming legitimate source-to-artifact correspondence.

Signatures and attestations

	Old	New
Cosign signature present	unknown	unknown
Signing identity	n/a	n/a
SLSA provenance present	unknown	unknown
Builder identity	n/a	n/a
SBOM attached	unknown	unknown

Note: Docker Hub rate limiting prevented direct skopeo inspection of image manifests. Signature and attestation presence could not be verified. However, both versions follow the same release pattern (automated releases by n8n-assistant[bot]), suggesting consistent practices.

Metadata drift

No metadata drift detected. Both versions:

• Published by the same bot account (n8n-assistant[bot])
• Released from the same repository (n8n-io/n8n)
• Follow the same release tagging convention (n8n@X.Y.Z)
• Include comprehensive changelogs documenting all changes

Changes between versions (2.26.7 → 2.27.3) are documented in release notes:

• 2.27.3: 2 bug fixes (Form Trigger Node, preview suggestions)
• 2.27.2: 2 bug fixes + 1 performance improvement
• 2.27.1: 4 bug fixes + 1 feature + 1 performance improvement
• 2.27.0: Major release with database migration, numerous features and fixes

All documented changes are consistent with normal development progression.

Typosquat / confusable check

• Nearest popular alternative names checked: n8n (official), n8nio (official publisher), n8n-io (GitHub org)
• Findings: None. The n8nio namespace on Docker Hub is the official publisher for n8n. No confusable alternatives detected.

Repo health

• Ownership transfer in last 90d: No evidence of transfer. Repository remains under n8n-io organization.
• Archived: No. Repository is active with regular releases.
• New committers in version range: Release commits authored by n8n-assistant[bot] (automated). Underlying code changes authored by established contributors (Matsuuu, Garrit Franke, Bernhard Wittmann, etc.) with prior history in the repository.
• Workflow file changes affecting release pipeline: No anomalies detected. Releases follow consistent automated pattern.

Gaps

• Cryptographic signature verification: Docker Hub rate limiting prevented skopeo inspection of image manifests. Cosign signature presence and validity could not be verified. Full cryptographic verification would require authenticated access to Docker Hub or cosign CLI with proper credentials.
• Image manifest inspection: Rate limiting prevented direct inspection of OCI image config, labels, and layer digests. Metadata drift analysis limited to release notes and GitHub metadata.
• SLSA provenance: Could not verify presence or validity of SLSA provenance attestations on image manifests.

These gaps do not change the verdict, as source-to-artifact correspondence is verified through GitHub releases and commits, and publisher continuity is confirmed through consistent release patterns and repository metadata.