🚀 Jellyfin Server 10.11.7
We are pleased to announce the latest stable release of Jellyfin, version 10.11.7! This minor release brings several bugfixes to improve your Jellyfin experience. As alway...
edit: to add something constructive to my snarky comment, what kind of attack surface are we talkin here? Multiple ports? Lots of separate services running? No authentication?
There has been a known “anyone can access your media without authentication” vulnerability for seven years and counting, and the Jellyfin devs have openly stated that they have no intentions of fixing it. Because fixing it would require completely divesting from the Enby branch that the entire program is built upon. And they never plan on refactoring that entire thing, so they never plan on fixing the vulnerabilities.
The “don’t expose it to the internet” people aren’t just screaming at clouds. Jellyfin is objectively insecure, and shouldn’t be exposed.
You objectively shouldn’t expose Jellyfin to the internet. It has a rather large attack surface and isn’t designed with security in mind.
Pretending everything is fine won’t solve the problem
Sounds like a great reason to use Plex instead!
edit: to add something constructive to my snarky comment, what kind of attack surface are we talkin here? Multiple ports? Lots of separate services running? No authentication?
There has been a known “anyone can access your media without authentication” vulnerability for seven years and counting, and the Jellyfin devs have openly stated that they have no intentions of fixing it. Because fixing it would require completely divesting from the Enby branch that the entire program is built upon. And they never plan on refactoring that entire thing, so they never plan on fixing the vulnerabilities.
The “don’t expose it to the internet” people aren’t just screaming at clouds. Jellyfin is objectively insecure, and shouldn’t be exposed.