diff --git a/FUTURE.md b/FUTURE.md
index 1fac9b2..f9d4980 100644
--- a/FUTURE.md
+++ b/FUTURE.md
@@ -3,7 +3,7 @@
 **This document tracks potential future enhancements for Bill Tracker.**
 
 **Last Updated:** 2026-05-09  
-**Current Version:** v0.19.2
+**Current Version:** v0.19.3
 
 ## How to Use This Document
 
diff --git a/HISTORY.md b/HISTORY.md
index b4e3d13..181363c 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -1,5 +1,16 @@
 # Bill Tracker — Changelog
 
+## v0.19.3
+
+### Fixed
+- **Legacy database login now works** — When `INIT_ADMIN_PASS` is set, the default admin's password is reset and `must_change_password=1` is enforced. This solves the case where a legacy DB has users with unknown passwords.
+- **Legacy migrations now actually run** — Every entry in `reconcileLegacyMigrations()` now has a `run()` function. Migrations whose changes aren't present in the DB (like `is_seeded` columns) are executed instead of silently skipped.
+- **v0.40 ownership migration assigns to admin** — Unowned bills/categories now go to the first admin user instead of the first regular user. Prevents data being assigned to a non-admin account.
+
+### Security
+- **Removed username from password reset log** — `[init] Reset password for default admin user` no longer includes the username (Hudson finding)
+- **Password reset is always explicit** — If `INIT_ADMIN_PASS` is set, the reset happens. If not set, no reset. No silent side-effects.
+
 ## v0.19.2
 
 ### Added