Gitpulse
Merged
Size
S
Change Breakdown
Bug Fix65%
Performance25%
Refactor10%
#27985fix(core): Improve audit queries to avoid PostgreSQL bind parameter limits

Audit queries fixed for large n8n instances

MA
MarcL
·Apr 10, 2026

Large n8n instances can now run audit reports without hitting PostgreSQL's bind parameter limit, which previously caused 500 errors on instances with 250k+ executions.

On large n8n deployments, the credentials risk reporter in audit endpoints would fetch all execution IDs then pass them into a WHERE IN clause. When execution counts exceeded PostgreSQL's 65,535 parameter limit, the query failed with a 500 error. Audit reports simply stopped working for enterprise-scale instances.

Audit queries now use a single INNER JOIN that requires only one bind parameter regardless of how many executions exist. The two-step fetch-then-IN pattern has been replaced with one streamlined query. Delete operations are batched in groups of 900 and wrapped in transactions for reliability.

The change affects the audit risk reporting system in n8n's CLI package, specifically the credentials risk reporter and its supporting database repository. This is part of ongoing work to improve audit operations for large-scale deployments.

View Original GitHub DescriptionFact Check

Summary

The audit endpoint's credentials risk reporter fetched all execution IDs then passed them into a single WHERE IN (...) clause. On instances with 250k+ executions, this exceeded PostgreSQL's 65,535 bind parameter limit (error code 08P01), causing a 500 error.

Replaced the two-step fetch-then-IN pattern with a single INNER JOIN query that uses one bind parameter regardless of execution count. Also batched deleteMany as defense-in-depth and removed the now-unused findByExecutionIds method.

Existing integrtation tests in redentials-risk-reporter.test.ts.

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/LIGO-282

Review / Merge checklist

  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with Backport to Beta, Backport to Stable, or Backport to v1 (if the PR is an urgent fix that needs to be backported)
  • I have seen this code, I have run this code, and I take responsibility for this code.
© 2026 · via Gitpulse