n8n v2.0 is here: What breaks, what's new, and how to prepare

n8n just shipped version 2.0, and it's the most significant release since we started building on the platform.

This isn't a minor version bump. It's a security overhaul, a database cleanup, and a new execution architecture all rolled into one. If you're running n8n in production, you need to read this before upgrading.

The big picture

n8n 2.0 is fundamentally about security hardening. The team has locked down defaults that were previously permissive and removed legacy features that created risk. Good changes, but they require attention.

Release date: December 8, 2025

Docker tags renamed: latest is now stable, next is now beta

Security changes you'll feel immediately

These defaults have changed. If your workflows depend on the old behavior, they'll break.

Environment variables in Code nodes: blocked

Code nodes can no longer access process.env. This is a security win—it prevents credential leakage—but it will break workflows that read environment variables directly.

What to do:

• Pass needed values as input parameters to the Code node
• Or set N8N_BLOCK_ENV_ACCESS_IN_NODE=false (not recommended for production)

// Before (v1.x) - This breaks in v2.0
const apiKey = process.env.MY_API_KEY;

// After (v2.0) - Pass as input
// In workflow: add a Set node before Code with $env.MY_API_KEY
const apiKey = $input.first().json.apiKey;

ExecuteCommand and LocalFileTrigger: disabled

These nodes are now excluded by default. They allow arbitrary command execution and file system access—powerful but risky.

If you need them: Remove them from the NODES_EXCLUDE environment variable explicitly.

OAuth callbacks require authentication

OAuth redirect callbacks now require an authenticated session. This prevents token theft attacks but may break some OAuth setups.

Override: N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true

File access is restricted

Workflows can now only access files in ~/.n8n-files by default. If your workflows read or write files elsewhere, they'll fail.

Override: Set N8N_RESTRICT_FILE_ACCESS_TO to your allowed directory.

Git bare repos blocked

The Git node no longer works with bare repositories. If you're using git for workflow backup or sync, verify your setup uses standard repos.

Database changes: MySQL is gone

This is the migration that will take the most planning.

Before	After
MySQL/MariaDB	Dropped
SQLite legacy driver	Removed
Binary data in-memory	Removed

If you're on MySQL/MariaDB: You must migrate to PostgreSQL before upgrading. SQLite works for small deployments, but PostgreSQL is the recommendation for production.

Migration path:

1. Export your workflows and credentials from current n8n
2. Set up PostgreSQL database
3. Install n8n 2.0 connected to PostgreSQL
4. Import workflows and credentials
5. Test thoroughly

We've done this migration for clients. It's not trivial but it's manageable with proper planning. Contact us if you need help.

Task runners: new execution architecture

Code nodes now run on "task runners" by default. This is a sandboxed execution environment that improves security isolation.

What this means:

• JavaScript and Python in Code nodes run in separate processes
• Better memory isolation between workflow executions
• Slightly different execution characteristics

Docker changes:

• The main n8nio/n8n image no longer includes runners
• For external mode, use the separate n8nio/runners image
• Python support requires external mode with native implementation (Pyodide is gone)

# docker-compose.yml example for external runners
services:
  n8n:
    image: n8nio/n8n:stable
    environment:
      - N8N_RUNNERS_MODE=external
  
  runner:
    image: n8nio/runners
    # ... runner configuration

What's been removed

Clean out your workflows if you're using any of these:

Removed	Replacement
--tunnel CLI option	Use ngrok, localtunnel, or Cloudflare Tunnel
N8N_CONFIG_FILES env var	Use .env files or standard environment variables
Start node	Manual Trigger or Execute Workflow Trigger
update:workflow CLI	publish:workflow / unpublish:workflow

Removed nodes (services discontinued):

• Spontit
• crowd.dev
• Kitemaker
• Automizy

If you're using these nodes, you'll need to find alternatives or remove them from your workflows before upgrading.

New features worth noting

It's not all breaking changes. Some genuinely useful additions:

Workflow validation before activation

You can no longer activate a broken workflow. n8n now validates workflows before they go live, catching configuration errors early.

Native Python in AI agents

The Python code tool for AI agents now uses native Python instead of Pyodide. Better performance, more library support, but requires external runner mode.

MCP SDK updates

Model Context Protocol improvements for AI agent integrations. If you're building custom AI tools, check the updated SDK.

Your upgrade checklist

Before upgrading to n8n 2.0:

1. Database: If using MySQL/MariaDB, plan your PostgreSQL migration first
2. Code nodes: Audit for process.env usage and refactor
3. File access: Check if workflows access files outside ~/.n8n-files
4. Docker: Update compose files for new image tags and runner architecture
5. Removed nodes: Search for Spontit, crowd.dev, Kitemaker, Automizy usage
6. Test in staging: Don't upgrade production first

Our take

This is a healthy release. The security hardening is overdue, and dropping MySQL simplifies the platform. Yes, it requires migration work, but these changes make n8n more enterprise-ready.

We've already upgraded our development environments and are planning client migrations. The task runner architecture in particular is a solid foundation for future improvements.

If you're running critical workflows and don't have time to manage this migration yourself, that's what we do. We've migrated dozens of n8n instances and can handle the database migration, workflow updates, and testing for you.

---

WotAI is an n8n Certified Expert Partner. We help companies build and maintain production-grade n8n deployments.