Oikos

v0.54.6 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 6d Productivity & Wikis

✓ No known CVEs patched

✓ No known CVEs patched in this version

Topics

docker family family-planner home-automation planner-app privacy-first

+4 more

progressive-web-app pwa self-hosted selfhosted-apps

Affected surfaces

auth rbac

Summary

AI summary

Fixed event assignment for non‑admin users by removing the admin‑only guard on GET /auth/users.

Type	Severity	Summary	CVE
Bugfix	Medium	GET /auth/users no longer requires admin privileges for non-admin users, allowing event assignment. GET /auth/users no longer requires admin privileges for non-admin users, allowing event assignment. Source: llm_adapter@2026-05-28 Confidence: low	—
Bugfix	Medium	Removed requireAdmin guard from GET /auth/users endpoint. Removed requireAdmin guard from GET /auth/users endpoint. Source: granite4.1:30b@2026-05-28-audit Confidence: low	—

Full changelog

Calendar – event assignment for non-admin users: The GET /auth/users endpoint previously required admin privileges, causing the assignee dropdown to silently render empty for child and other non-admin family profiles. Removed the unnecessary requireAdmin guard so all authenticated family members can load the user list and assign calendar events.

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track Oikos

Get notified when new releases ship.

About Oikos

Family planner for small households