We just signed up to an n8n Pro cloud-hosted plan, and then realised that we need to manually update our n8n version - not very “cloud like”? This makes us worried about security issues - we effectively need to monitor your release notes 24/7 and upgrade ASAP to avoid our instance potentially being compromised.
I’m aware that its in n8n’s self interest to protect their cloud instances before disclosing security issues (at the network/firewall level), but that’s more of an implicit commitment that I wouldn’t want to rely on.
To make matters worse, only the instance owner can perform such an upgrade, and you can only have one user with that role. How does that work when the instance owner happens to be on leave or otherwise unavailable?
If you force users to manually upgrade, then at least streamline that process - and allow multiple users to be declared instance owners.
You only have a little bit of latitude on when to upgrade. I think they may have chosen not to automatically upgrade ASAP on each release to avoid breaking functional workflows when a new release has bugs. However, if you let that go too long (~4 months), the version will be updated/upgraded anyway.
There appears to be a way to transfer ownership to another user, so, assuming that works, you could pass ownership off to someone else, and transfer it back later. That does seem like a risky way to manage it though. If something goes wrong, you could end up needing intervention from support to get access back. The multiple owner account idea does sound better.
Alternatively, maybe an ‘Admin’ account type could be given permission to do upgrades. The management console seems to be a completely separate application, so maybe it isn’t just a permissions (authorization) issue, but also requires reworking the login (authentication) part.
Thanks! Yeah leaving an instance potentially vulnerable for 120 days until its auto-upgraded isn’t really going to cut it. I’m assuming this will be handled responsibly by n8n Cloud in case a critical vulnerability is discovered, but as they say: “Trust but verify”.
Regarding the ownership transfer, that’s pretty clunky - especially if you’re doing this under urgency (unpredictable security announcement from n8n).
The solution of giving admin accounts permission to upgrades would work for me. I get the constraints of having two auth systems (n8n “admin console” and n8n instance), but I think it’s pretty crucial to allow effective maintenance of this. An alternative could be an opt-in to minor/patch auto upgrades performed by n8n cloud, assuming you’re following semantic versioning.
1 Like