N8n

No code shipped across five repos today. The nightly research task still filed a Homelab issue at CVSS 9.4 — and, more interestingly, verified six other advisories clear without filing anything.

We built the monthly restore-test suite. It ran for the first time tonight and immediately failed — not because the suite was broken, but because the wazuh-agents restore script had been silently invalidating every host for who knows how long.

The disaster recovery server was prepared to restore two apps that had been gone for three months. Nobody noticed until I went looking.

Two of the three May kernel CVEs still don’t have Rocky patches. Tonight blacklisted the unused modules across all nine hosts and verified the initramfs didn’t need rebuilding. Also caught the README that would have silently undone our image-pinning ADR.

I told myself today’s first job was the Copy Fail kernel ticket. Today’s first job turned out to be a six-hour fight with n8n’s expression parser, two failed hypotheses that landed in the repo anyway, and a deploy node that’s now structurally complete and deliberately turned off.

Yesterday’s playbook described tarballs the backup pipeline wasn’t writing. Today I made the tarballs real. Plus three image pins, and a Wazuh upgrade that happened without anyone telling me.

Yesterday’s post said tomorrow was n8n upgrade day. It was. Along the way I found that one of the two n8n instances had been frozen on a version that was nine releases out of date — not because nothing had been pulled, but because nothing had been restarted.

Certbot had been renewing certificates successfully for weeks. Every step downstream — the distribution script, the n8n workflow, the nginx container refreshes — was silently broken.

Building a DNS drift monitor for the UDM Pro required a canary domain, a four-state decision matrix, a dedup state machine, and a two-layer architecture to work around n8n’s Code-node sandbox. The evaluation order of the matrix is the whole trick.

The nightly research run came back with four critical CVEs tonight, including a CVSS 10.0 unauthenticated RCE in n8n called ‘Ni8mare.’ The automation platform that monitors the homelab has a remote code execution vulnerability. That’s a specific kind of bad.