🚀 Release 2.11.0

[n8n-assistant]

2.11.0 (2026-03-02)

Bug Fixes

• Add missing chat tool input logs (#26229) (c3ddc49)
• Admin should be able to install community nodes (#26296) (e01ce10)
• ai-builder: Fix chat fade, keyboard shortcuts, node tidy-up, and feedback styling (#26200) (c30870c)
• Assignments control buttons top padding fix (#26165) (265aea3)
• core: Disallow file uploads on Chat hub when chat trigger doesn't permit them (#25714) (218569c)
• core: Dispatch composite targets in onError() instead of dropping them (#25981) (b585be5)
• core: Don't show setup in demo mode (#26233) (36bde68)
• core: Increase timeout for workflow execution tests (#26150) (7af85fc)
• core: Make n8n-workflow a peer dependency in ai-utilities (#26404) (b62d857)
• core: Resolve multi-main startup race condition in AuthRolesService (#26176) (5a85a4f)
• core: Skip onboarding screen for SAML users with IdP-provided names (#26245) (e9627a6)
• Dependency bumps in transitive dependencies (#26149) (4f4644b)
• editor: Add aria-label to icon-only buttons missing accessible labels (#26145) (3bcc76e)
• editor: Allow clearing credential resolver in workflow settings (#26343) (c2e31e9)
• editor: Batch community node requests to respect strapi arraySize (#26168) (a3d5937)
• editor: Change node list shortcut from Tab to N to unlock keyboard navigation (#26148) (0243412)
• editor: Compact i18n secrets count (#25883) (fa46fc4)
• editor: Custom sticky text color (#25961) (b298a5d)
• editor: Fix shift+space key combo in canvas (#26169) (8803226)
• editor: Fix CSV export for data tables downloading wrong table (#26325) (470fc50)
• editor: Fix grid alignment on Safari 18.6 (#26234) (4e489a6)
• editor: Fix input panel error output (#23116) (e97b6b8)
• editor: Fix workflow diff navigation left arrow hover state (#26253) (82db0b9)
• editor: Hide client secret field in resolver when user info endpoint is selected (#26340) (c320383)
• editor: Prevent scrollbar flashing when toasts are shown (#26338) (bfa4550)
• editor: Replace jsonpath with jsonpath-plus to resolve CVE (#26399) (4e0cd02)
• editor: Resolve credential modal expressions without workflow co… (#26191) (e0ef26b)
• editor: Setup panel visual tweaks (no-chaneglog) (#26107) (2e07bb8)
• editor: Stop hijacking search shortcut for layouts without search (#26222) (4fd3fd7)
• Enable external secrets multi-connection to vault (#26189) (fc5c842)
• Fix 11 security issues in jsonpath, mailparser, mysql2 and 6 more (#26362) (0b84e10)
• Improve chat message button handling (#26249) (4b9e7e3)
• Microsoft Teams Node: Block Teams link preview service from triggering sendAndWait approvals (#26125) (4655a62)
• Remove SystemCredentials source check during AWS role assume (#22859) (8525799)
• XML Node: Invalid attributes (#26353) (ba687da)

Features

• Add assignments tab for custom roles with project visibility (#25992) (c93e438)
• ai-builder: Implement changes list for builder and on canvas diff (#26062) (f7c3684)
• Chat Trigger Node: Add Suggested prompts, shown on Chat hub (#26217) (a006e02)
• core: Add execution:reveal scope (#26252) (81ab10d)
• core: Add runtime bundle and extension utilities (#26077) (776d328)
• core: Enable external secrets for projects (#26329) (4dcc2d8)
• core: Expand workflow-sdk test fixtures from 500 to 2000 workflows and fix codegen bugs (#26041) (a0664a1)
• core: Split share and unshare into separate scopes (#26011) (928242d)
• core: Track dynamic credential resolution per node execution in ITaskData (#26354) (634041c)
• editor: Add dynamic credentials UI for ChatHub (#25685) (26b36e0)
• editor: Add project badge in data table overview (#26289) (0ec749e)
• editor: Add quick connect inside the credential edit modal (#26058) (f6836c7)
• editor: Add searching and sorting to data table overviews (#25623) (1bacba3)
• editor: Add success button variant and fix trial banner CTA styling (#26190) (2dcc76e)
• editor: Allow comparing workflow history versions (#26060) (d3afac8)
• editor: Disable scope selection when opened from project settings page (#26403) (b883b3c)
• editor: Disable v2 migration report via shared target version constant (#26244) (4aacc57)
• editor: Enable adding secret store from project settings page (#26122) (25c6d14)
• editor: Expose workflow:execute scope checkbox in custom role UI (#26405) (eb19e00)
• editor: Forward rich message types from SDK instead of flattening to text (#26177) (ec4496d)
• editor: Use single select dropdown for selecting scope of a secrets store (#26146) (84966aa)
• Initialise data redaction module, execution data redaction service (#25975) (9edc271)
• Update Replace Me placeholder in Loop Over Items (#23756) (27949dd)

[cubic-dev-ai]

1 issue found across 30 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="CHANGELOG.md">

<violation number="1" location="CHANGELOG.md:33">
P3: Fix the typo in the changelog entry: "no-chaneglog" should be "no-changelog".</violation>
</file>

Architecture diagram

sequenceDiagram
    participant UI as Editor / Chat Hub
    participant API as Backend API
    participant Auth as AuthRolesService
    participant Engine as Workflow Execution Engine
    participant Secrets as External Secret Store (Vault)
    participant Redactor as Data Redaction Service

    Note over Auth: CHANGED: Resolved multi-main startup race condition
    
    UI->>API: Execute Workflow / Request Chat
    
    API->>Auth: Validate Scopes
    Note right of Auth: NEW: Check for 'execution:reveal' <br/>and split 'share'/'unshare' scopes
    Auth-->>API: Authorized

    API->>Engine: runWorkflow()

    rect rgb(23, 37, 84)
    Note over Engine, Secrets: NEW: Project-level External Secrets Flow
    Engine->>Engine: Initialize ITaskData
    Engine->>Secrets: Fetch Credentials
    Note right of Secrets: CHANGED: Multi-connection support <br/>for Vault & Project-scoped secrets
    Secrets-->>Engine: Decrypted Credentials
    Engine->>Engine: NEW: Track dynamic credential resolution in ITaskData
    end

    opt Chat Hub Interaction
        Engine->>UI: NEW: Push Suggested Prompts to UI
        UI->>API: POST /chat/file-upload
        API->>API: NEW: Check Chat Trigger file permission flag
        alt Files NOT permitted
            API-->>UI: 403 Forbidden (Blocked by Trigger config)
        else Files permitted
            API-->>Engine: Process File
        end
    end

    rect rgb(5, 46, 22)
    Note over Engine, Redactor: NEW: Execution Data Privacy
    Engine->>Redactor: redactTaskData(executionId)
    Redactor-->>Engine: Sanitized Execution Object
    end

    Engine-->>UI: Workflow Finished / Result Displayed
    
    opt Workflow History
        UI->>API: GET /history/compare
        API-->>UI: NEW: Return version diff for canvas/builder
    end

Loading

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P3: Fix the typo in the changelog entry: "no-chaneglog" should be "no-changelog".

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At CHANGELOG.md, line 33:

<comment>Fix the typo in the changelog entry: "no-chaneglog" should be "no-changelog".</comment>

<file context>
@@ -1,3 +1,73 @@
+* **editor:** Prevent scrollbar flashing when toasts are shown ([#26338](https://github.com/n8n-io/n8n/issues/26338)) ([bfa4550](https://github.com/n8n-io/n8n/commit/bfa45502003791b966796dee910da7e9ced45a08))
+* **editor:** Replace jsonpath with jsonpath-plus to resolve CVE ([#26399](https://github.com/n8n-io/n8n/issues/26399)) ([4e0cd02](https://github.com/n8n-io/n8n/commit/4e0cd02d5c92ace6f7615afac8f7a6cd7c5e12fc))
+* **editor:** Resolve credential modal expressions without workflow co… ([#26191](https://github.com/n8n-io/n8n/issues/26191)) ([e0ef26b](https://github.com/n8n-io/n8n/commit/e0ef26bf1ddeee22e22206b42df978f697c2203e))
+* **editor:** Setup panel visual tweaks (no-chaneglog) ([#26107](https://github.com/n8n-io/n8n/issues/26107)) ([2e07bb8](https://github.com/n8n-io/n8n/commit/2e07bb8d04e7f06b2e0f52b229eef55e6f020f49))
+* **editor:** Stop hijacking search shortcut for layouts without search ([#26222](https://github.com/n8n-io/n8n/issues/26222)) ([4fd3fd7](https://github.com/n8n-io/n8n/commit/4fd3fd75942189ab49a8c26b92b95ed4c8cd3325))
+* Enable external secrets multi-connection to vault  ([#26189](https://github.com/n8n-io/n8n/issues/26189)) ([fc5c842](https://github.com/n8n-io/n8n/commit/fc5c8424e285198fde1f962ae294bce427ef656f))
</file context>

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[codecov]

Bundle Report

Bundle size has no change ✅

Affected Assets, Files, and Routes:

view changes for bundle: editor-ui-esm

Assets Changed:

Asset Name	Size Change	Total Size	Change (%)
assets/worker-*.js	2.91MB	2.92MB	21725.55% ⚠️
assets/worker-*.js	-2.91MB	13.37kB	-99.54%