Oikos

v0.67.5 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 3d Productivity & Wikis

✓ No known CVEs patched

This release patches 1 known CVE

Topics

docker family family-planner home-automation planner-app privacy-first

+4 more

progressive-web-app pwa self-hosted selfhosted-apps

Affected surfaces

auth

Summary

AI summary

Added Content-Security-Policy and Referrer-Policy meta tags to landing-site pages.

Type	Severity	Summary	CVE
Security	High	Adds Content-Security-Policy and Referrer-Policy meta tags to landing-site pages. Adds Content-Security-Policy and Referrer-Policy meta tags to landing-site pages. Source: llm_adapter@2026-06-09 Confidence: high	—

Full changelog

Added Content-Security-Policy and Referrer-Policy meta tags to all landing-site pages (index.html, install.html, impressum.html, datenschutz.html). The CSP restricts resources to same-origin plus the inline styles/scripts the pages actually use; the referrer policy is strict-origin-when-cross-origin. (Clickjacking headers such as X-Frame-Options/frame-ancestors only take effect as real HTTP headers and cannot be enforced on plain GitHub Pages.)

Added Content‑Security‑Policy (same‑origin + allowed inline styles/scripts) and Referrer‑Policy `strict-origin-when-cross-origin` meta tags to all landing‑site pages.

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track Oikos

Get notified when new releases ship.

About Oikos

Family planner for small households

v0.71.3 Changes WebDAV backup default path from "/oikos/backups/" to "/yuvomi/backups/".
v0.66.0 Repository URL changed to `https://github.com/ulsklyc/yuvomi`.
v0.66.0 Docker image moved to `ghcr.io/ulsklyc/yuvomi`.
v0.66.0 Project renamed from Oikos to Yuvomi.
v0.62.0 Changes event dialog to unified sync target picker across Google and CalDAV calendars.