Skip to content

Oikos

v0.66.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 10d Productivity & Wikis
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

docker family family-planner home-automation planner-app privacy-first
+4 more
progressive-web-app pwa self-hosted selfhosted-apps

Affected surfaces

crypto_tls

Summary

AI summary

Avatar color selection now uses cryptographically secure random number generation.

Changes in this release

Security High

Avatar color selection now uses crypto.randomInt instead of Math.random

Avatar color selection now uses crypto.randomInt instead of Math.random

Source: llm_adapter@2026-06-09

Confidence: low
Full changelog

Security

  • Avatar color selection now uses crypto.randomInt instead of Math.random (CWE-338).

Security Fixes

  • Avatar color selection now uses crypto.randomInt instead of Math.random (CWE-338).
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Oikos

Get notified when new releases ship.

Sign up free

About Oikos

Family planner for small households

All releases →

Related context

Earlier breaking changes

  • v0.71.3 Changes WebDAV backup default path from "/oikos/backups/" to "/yuvomi/backups/".
  • v0.66.0 Repository URL changed to `https://github.com/ulsklyc/yuvomi`.
  • v0.66.0 Docker image moved to `ghcr.io/ulsklyc/yuvomi`.
  • v0.66.0 Project renamed from Oikos to Yuvomi.
  • v0.62.0 Changes event dialog to unified sync target picker across Google and CalDAV calendars.

Beta — feedback welcome: [email protected]