n8n stable released on 22-04-2026
n8n stable is out now. It enforces credential access checks when nodes request dynamic parameter values (for example dropdowns and autocomplete), so nodes only receive data they are authorised to access and the risk of credential exposure is reduced.
Visit the n8n GitHub release page for full details and the linked commit that implements the fix.
What’s in this release
- Enforces credential access checks in dynamic node parameter requests (dropdowns, autocomplete).
- Fixes issue #28861; implemented in commit 9aadc28.
- Hardens authorization around dynamic parameter fetching to reduce the risk of unauthorised credential exposure.
Upgrade notes
- No reported breaking changes; administrators and self-hosted users should upgrade to 2.17.5 to ensure credential access controls are enforced.
- Rollback is not expected for this patch-level security/hardening fix — after upgrading, quickly test flows that use dynamic node parameters or custom nodes that fetch credential-dependent values to confirm expected behaviour.
Share any comments or experience after upgrading, especially if you use custom nodes or rely on dynamic parameter values in your flows.
