🚀 Release 2.20.0

[n8n-assistant]

2.20.0 (2026-05-05)

Bug Fixes

• ai-builder: Add boundaries on the workflow builder remediation loops (#29430) (2259f32)
• ai-builder: Allow skipping final ask-user question (#29563) (661f990)
• ai-builder: Filter LangSmith eval dataset by local file slugs (#29507) (54d9286)
• ai-builder: Handle properties with contradicting displayOptions as OR alternatives instead of AND (#29500) (84ac811)
• ai-builder: Stop builder from adding auth to inbound trigger nodes by default (#29648) (c28d501)
• Allow 5-field cron expressions with step values in polling nodes (#29447) (d18f183)
• Anthropic Chat Model Node: Add adaptive thinking mode for Claude Opus 4.7+ (#29467) (90d875c)
• Compare Datasets Node: Preserve falsy values in mix mode except fields (#29666) (62ddc5c)
• core: Accept placeholder() inside node credentials slot (#29691) (dc6bd68)
• core: Acquire expression isolate for dynamic node parameter requests (#29671) (418f1f2)
• core: Add file path validation to localFile source (#29464) (7277566)
• core: Add GET handler to MCP endpoint for Streamable HTTP spec compliance (#28787) (4ae0322)
• core: Add timeout to external secrets provider refresh (#29679) (e350429)
• core: Apply credential allowed domains in declarative node requests (#29082) (8551b1b)
• core: Correct LDAP search filter construction (#29388) (32dd743)
• core: Fix code node executions hanging when idle timer overlaps with task acceptance (#29239) (7bd3532)
• core: Fix MCP OAuth discovery URL construction and grant type selection (#27283) (d92ec16)
• core: Force saving executions when instance AI executes WFs (#29515) (ef56501)
• core: Gate Instance AI edits to pre-existing workflows (#29501) (6175fd6)
• core: Generate array types for properties with multipleValues (#29410) (fb65c61)
• core: Handle missing runData during execution recovery (#29513) (8b7b4f5)
• core: Harden Set node workflow SDK contract (#29568) (625ed5e)
• core: Include stack trace in error logs for non-ApplicationError errors (#29496) (16d1461)
• core: Increase default task runner grant token TTL to 30s (#29443) (328f4b8)
• core: Isolate expressions on chat resumption and test webhook deactivation (#29703) (568e5a2)
• core: Make MCP client registration cap tunable and surface a proper limit error (#29429) (dad4231)
• core: Make task runner grant token TTL configurable (#29357) (3f350a8)
• core: Pass nodeTypesProvider to validate workflows fully at instance AI (#29333) (388cd79)
• core: Persist execution context before writing to db (#28973) (c4bb5ae)
• core: Recreate data table backing tables on entity import (#29454) (6bca1fa)
• core: Reject empty webhookMethods in community lint rule (#29474) (34d7a02)
• core: Reset Redis retry counter on successful reconnect (#29377) (7722023)
• core: Respect global admin scope when listing favorites (#29472) (d9d1e7c)
• core: Restore peer project discovery in share dropdowns (#29537) (2a0e2fb)
• core: Round fractional time saved values before inserting into insights BIGINT column (#29553) (74d55b9)
• core: Show AI Builder draft workflows in workflow list (#29670) (dc52bbd)
• core: Use editor base URL for workflow and execution links (#23630) (896461b)
• core: Validate workflow import URL requests (#29178) (ecd0ba8)
• core: Wire EncryptionKeyProxy provider on bootstrap (#29581) (ee7260c)
• DeepL Node: Update credentials to use header-based authentication (#24614) (b72bd19)
• Drop template search tools from builder (#29573) (9b00ccb)
• editor: Add proper bg color for hover state with color-mix() (#29590) (6698c42)
• editor: Align message box button radius with N8nButton (#29397) (bc315d0)
• editor: Fix OAuth2 credential showing "Needs first setup" after connecting (#29617) (243f665)
• editor: Fix sub-workflow folder placement and connection loss (#28770) (44579d6)
• editor: Ignore paste events on read-only canvas (#29673) (34c49b9)
• editor: Keep publish actions menu enabled for published workflows (#29396) (c65fa28)
• editor: Load more executions on tall screens (#29407) (a273a9d)
• editor: Make instance ai resource link chips open resources (#29577) (b97ca36)
• editor: Make textarea resize handle accessible in NDV (#29676) (9fda733)
• editor: Mark workflow dirty after debug pinData changes (#28886) (2beb006)
• editor: Never block publishing on node execution issues (#29479) (5a56459)
• editor: Polish encryption keys date range filter (#29569) (56412bc)
• editor: Remove clipping for focus panel textarea (#28677) (5361257)
• editor: Restore read-only mode for archived workflows on canvas (#29559) (a7ef741)
• editor: Show permission-aware message on redacted input/output panels (#29521) (83c400e)
• editor: Surface unofficial verified community node tools in AI Tools picker (#28985) (f77dfd1)
• Fix ollama node url path and thinking tokens (#23963) (4ea1153)
• Google Drive Node: Resolve original file name when copying with empty name (#28896) (c274976)
• Merge Node: Improve SQL Query mode memory efficiency and error reporting (#28993) (12275c8)
• Microsoft Outlook Trigger Node: Use per-folder endpoints for folder-scoped message polling (#29663) (f401f91)
• No Credits state for n8n Connect badge (#29375) (47ad397)
• Notion Node: Support app.notion.com URL format for page and block ID extraction (#29554) (221c7f7)
• Postgres Node: Output Large-Format Numbers As option ignored after pool is cached (#29477) (a65e181)
• Salesforce Node: Allow overriding JWT audience with My Domain URL (#29016) (9decb1e)
• Schedule Node: Cap day-of-month jitter at 28 (#29614) (86f47ee)
• Skip AI tool generation for community trigger nodes (#29453) (c724dac)
• Snowflake Node: Avoid call stack overflow on large result sets (#29200) (b2ac67f)
• Telegram Trigger Node: Drop pending updates when creating a new webhook (#29103) (4358f1d)
• Todoist Node: Migrate to Todoist unified API v1 endpoints (#29532) (5799481)
• Use explicit node references for AI memory session keys (#29473) (139b803)
• Validate sql (#24706) (47a6658)
• Zammad Node: Add To and CC fields for email articles (#28860) (e04f027)

Features

• Add instance-level JWKS URI endpoint for JWE public key distribution (#29498) (794334c)
• Add no-runtime-dependencies ESLint rule (#29366) (8aace75)
• Add pairwise workflow eval pipeline (#29123) (fdceec2)
• Add valid-credential-references ESLint rule (#29452) (c6c6f8f)
• core: Add --include and --exclude flags to import:credentials command (#29364) (f5132b9)
• core: Add configurable event log path per process (#29403) (45effb8)
• core: Add endpoint to toggle mcp access for multiple workflows (#29007) (0d907d6)
• core: Add JWE decryption to OAuth2 credential flow (#29497) (ad7cdcc)
• core: Add MCP tool search executions (#29161) (1d9548c)
• core: Add migration for postgres variable values (#29489) (898ba5a)
• core: Add preAuthentication support to requestOAuth2 pipeline (#29418) (473d49c)
• core: Bootstrap legacy CBC and initial GCM encryption keys on startup (#29400) (9576ab9)
• core: Broadcast workflow settings updates (#29459) (9cb1605)
• core: Decouple insights pruning max age from license (#29527) (45c18fb)
• core: Fix user access control logic (#29481) (484cb2e)
• core: Manage MCP settings via environment variables (#29368) (05e10e2)
• core: Run evaluation test cases in parallel behind PostHog rollout flag (#29412) (4c76aa1)
• core: Use versioned prebuilt Daytona snapshots for Instance AI sandboxes (#29359) (308d0b4)
• core: Warn and skip on duplicate scheduled executions (#28649) (b8b7571)
• editor: Add data encryption keys settings page (#29068) (656f9c2)
• editor: Add environment variable to disable workflow autosave (#25144) (a2afc47)
• editor: Add reveal redacted data permission to custom roles execution section (#29526) (be22095)
• editor: Add transition on Sidebar collapsed (#29650) (07b5343)
• editor: Hide model selector for unsupported AI Gateway actions (#29588) (0f7776e)
• editor: Move Switch component to core design system (#27322) (758f89c)
• editor: Track IdP role mapping in provisioning telemetry (#29416) (40da23f)
• editor: Update copy for mcp settings (#29399) (5f93b48)
• Include updatedAt in encryption key response DTO (#29424) (569f94b)
• instance-ai: Orchestrator-executed checkpoint tasks for planned workflow verification (#29049) (ad359b5)
• Netlify Trigger Node: Add webhook request verification (#29256) (1516ec7)
• Slack Node: Allow users to configure OAuth2 scopes (#28728) (aa0daf9)
• Validate workflow-sdk output topology against mode (#29363) (0a80722)

[codecov]

Bundle Report

Bundle size has no change ✅

[cubic-dev-ai]

No issues found across 33 files

Architecture diagram

sequenceDiagram
    participant Client as Editor UI / AI Builder
    participant API as REST API (n8n)
    participant Auth as Auth / RBAC Service
    participant WFService as Workflow Service
    participant InstanceAI as Instance AI Orchestrator
    participant TaskRunner as Task Runner
    participant DB as Database (PostgreSQL)
    participant Redis as Redis
    participant ExtSec as External Secrets Provider
    participant MCP as MCP Server
    participant LDAP as LDAP Server
    participant Slack as Slack OAuth API
    participant Email as SMTP / Email Service

    Note over Client,Email: n8n 2.20.0 Runtime Architecture

    Note over Client,API: AI Builder Workflow Edit Flow
    Client->>API: POST /workflows (AI-generated edit)
    API->>Auth: Verify scope: workflow:update
    alt User has global admin OR is workflow owner
        API->>WFService: NEW: Allow edits only on pre-existing workflows
        WFService->>DB: Check workflow exists
        DB-->>WFService: Workflow record
        WFService->>WFService: NEW: Validate output topology vs mode
        WFService->>DB: Save workflow (persist context before write)
    else Unauthorized scope
        API-->>Client: 403 Forbidden
    end

    Note over API,DB: Execution & Recovery
    InstanceAI->>API: Execute workflow via AI
    API->>WFService: NEW: Force saving executions when AI-triggered
    WFService->>DB: Persist execution context
    opt Missing runData during recovery
        WFService->>WFService: NEW: Handle missing runData gracefully
    end
    WFService->>TaskRunner: Dispatch task to runner
    TaskRunner->>API: CHANGED: Grant token with configurable TTL (default 30s)
    API->>Redis: Reset retry counter on successful reconnect

    Note over API,Redis: Encryption Key Bootstrap
    API->>API: NEW: Bootstrap legacy CBC + initial GCM keys on startup
    API->>DB: Store encryption keys
    API->>API: NEW: Wire EncryptionKeyProxy provider
    opt Admin settings page
        Client->>API: GET /encryption-keys
        API->>DB: Query keys (include updatedAt)
        API-->>Client: Key list with date range filter
    end

    Note over API,Slack: OAuth2 with JWE Decryption
    Client->>API: POST /oauth2-credential/auth (redirect URL)
    API->>Auth: NEW: PreAuthentication support in requestOAuth2 pipeline
    Auth->>API: Validated callback
    API->>API: NEW: Decrypt JWE from state parameter
    API->>Slack: Exchange code for token (with allowed domains check)
    Slack-->>API: OAuth token
    API->>DB: Save credential (header-based auth for DeepL)

    Note over API,ExtSec: Secrets & Configuration
    API->>ExtSec: Refresh external secrets
    ExtSec-->>API: CHANGED: Timeout on refresh (prevent hang)
    API->>API: NEW: Manage MCP settings via env vars
    API->>MCP: NEW: Streamable HTTP (GET handler for spec compliance)

    Note over API,LDAP: LDAP & Scheduling
    API->>LDAP: Search users
    LDAP-->>API: CHANGED: Corrected filter construction
    API->>DB: NEW: Warn and skip duplicate scheduled executions
    API->>DB: NEW: Cap day-of-month jitter at 28 for Schedule Node

    Note over Client: Frontend (Editor)
    Client->>Client: NEW: Ignore paste events on read-only canvas
    Client->>Client: NEW: Track IdP role mapping in provisioning telemetry
    Client->>Client: NEW: Hide model selector for unsupported AI Gateway actions

Loading

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!