diff --git a/CHANGELOG.markdown b/CHANGELOG.markdown
index 5dd57850..1cdf96e3 100644
--- a/CHANGELOG.markdown
+++ b/CHANGELOG.markdown
@@ -1,3 +1,17 @@
+# [1.9.0](https://github.com/favonia/cloudflare-ddns/compare/v1.8.4...v1.9.0) (2023-03-15)
+
+### Features
+
+- **cron:** add the option `UPDATE_CRON=@disabled` to disable cron ([#411](https://github.com/favonia/cloudflare-ddns/issues/411)) ([a381c5a](https://github.com/favonia/cloudflare-ddns/commit/a381c5a5d6df12a1d10cafeb74fe63cce7f18558))
+
+### BREAKING CHANGES
+
+- the quiet mode will no longer print the version and the information about superuser privileges (unless there are errors) ([#415](https://github.com/favonia/cloudflare-ddns/issues/415)) ([92a4462](https://github.com/favonia/cloudflare-ddns/commit/92a44628ab459c5eb715ecbddb9cb84ea36c927e))
+
+### Other Notes
+
+The feature to disable cron is experimental. The intention is to use another mechanism to manage the update schedule and run the updater. The quiet mode was made quieter so that repeated execution of the updater will not lead to excessive logging with non-errors.
+
 # [1.8.4](https://github.com/favonia/cloudflare-ddns/compare/v1.8.3...v1.8.4) (2023-03-03)
 
 This release comes with no user-visible changes. It was compiled by version 1.20.1 of Go (instead of 1.20) and was shipped with version 0.62.0 of the [cloudflare-go library](https://github.com/cloudflare/cloudflare-go/) that [fixed a bug about proxy settings](https://github.com/cloudflare/cloudflare-go/pull/1222). I believe the bug does not affect the updater, but there's no reason not to use the fixed version. 😄
diff --git a/internal/droproot/checker.go b/internal/droproot/checker.go
index f2092ef5..ca92ab7b 100644
--- a/internal/droproot/checker.go
+++ b/internal/droproot/checker.go
@@ -6,6 +6,7 @@ import (
 	"syscall"
 
 	"golang.org/x/exp/slices"
+	"kernel.org/pub/linux/libs/security/libcap/cap"
 
 	"github.com/favonia/cloudflare-ddns/internal/pp"
 )
@@ -44,3 +45,18 @@ func checkGroupIDs(ppfmt pp.PP, gid int) bool {
 
 	return ok
 }
+
+func checkCapabilities(ppfmt pp.PP) bool {
+	now := cap.GetProc()
+	diff, err := now.Cf(cap.NewSet())
+	switch {
+	case err != nil:
+		ppfmt.Errorf(pp.EmojiImpossible, "Failed to check Linux capabilities: %v", err)
+		return false
+	case diff != 0:
+		ppfmt.Noticef(pp.EmojiWarning, "Failed to drop all Linux capabilities; current ones: %v", now)
+		return false
+	default:
+		return true
+	}
+}
diff --git a/internal/droproot/drop.go b/internal/droproot/drop.go
index c2914b01..23768cda 100644
--- a/internal/droproot/drop.go
+++ b/internal/droproot/drop.go
@@ -67,9 +67,9 @@ func setUser(ppfmt pp.PP, uid int) bool {
 
 // dropCapabilities drop all capabilities as the last step.
 func dropCapabilities(ppfmt pp.PP) bool {
-	if err := cap.NewSet().SetProc(); err != nil {
-		ppfmt.Errorf(pp.EmojiImpossible, "Failed to drop all capabilities: %v", err)
-	}
+	_ = cap.NewSet().SetProc()
+	checkCapabilities(ppfmt)
+
 	return true
 }