Highlights
- Added owner visibility controls so dashboard and calendar entry forms can hide advanced owner-only tracking sections without deleting historical values from private history or exports.
- Added the dashboard cycle-overview hero and aligned its next-period window with calendar predictions while keeping irregular and unpredictable states conservative.
- Hardened recovery confirmation UX, the runtime image, and CI security automation without weakening the owner-only web contract.
Security and quality
- The supported browser product path is now owner-only, and legacy non-owner roles are denied before page or API access instead of remaining as a supported web mode.
- Recovery-code confirmation keeps localized inline validation and clean post-confirmation redirects, avoiding browser-locale tooltip leakage and empty query-string artifacts.
- The runtime image remains shell-free and package-manager-free, and CI now isolates Codecov OIDC into a dedicated least-privilege upload job while Trivy filesystem scans cover CI-executed npm dependencies.
Upgrade notes
- This release includes forward-only database migrations. Back up your SQLite file or Postgres data before upgrading, then restart Ovumcy and let the built-in migration runner apply schema version
017_owner_visibility_controls. - Tagged images publish under
ghcr.io/ovumcy/ovumcy-web:v0.9.0. - Existing deployments can upgrade in place and pin
OVUMCY_IMAGE=ghcr.io/ovumcy/ovumcy-web:v0.9.0if they do not want to track future tags manually. - The supported browser UI remains owner-only after upgrade. Legacy non-owner roles should expect denial at page and API boundaries instead of partial browser access.
Full changelog
- Compare: v0.8.5...v0.9.0
- Changelog entry:
CHANGELOG.mdsection0.9.0.