ElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 1 month agoJellyfin critical security update - This is not a jokegithub.comexternal-linkmessage-square261linkfedilinkarrow-up1713arrow-down17 cross-posted to: jellyfin@lemmy.mlpiracy@lemmy.dbzer0.comjellyfin@lemmy.ml
arrow-up1706arrow-down1external-linkJellyfin critical security update - This is not a jokegithub.comElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 1 month agomessage-square261linkfedilink cross-posted to: jellyfin@lemmy.mlpiracy@lemmy.dbzer0.comjellyfin@lemmy.ml
minus-squareatzanteol@sh.itjust.workslinkfedilinkEnglisharrow-up18·edit-21 month agoY’all are assuming the security issue is something exploitable without authentication or has something to do with auth. But it it could be a supply chain issue which a VPN won’t protect you from.
minus-squareWhyJiffie@sh.itjust.workslinkfedilinkEnglisharrow-up4·1 month agoto be fair, Jellyfin had multiple unauthenticated vulnerabilities in the past so it makes sense to talk about it
minus-squarePossibly linux@lemmy.ziplinkfedilinkEnglisharrow-up2arrow-down1·1 month agoThe design of Jellyfin is really insecure
minus-squarePossibly linux@lemmy.ziplinkfedilinkEnglisharrow-up1arrow-down1·1 month agoIt isn’t a supply chain attack. If it was they would’ve disclosed it mmediately instead of waiting.
Y’all are assuming the security issue is something exploitable without authentication or has something to do with auth.
But it it could be a supply chain issue which a VPN won’t protect you from.
to be fair, Jellyfin had multiple unauthenticated vulnerabilities in the past so it makes sense to talk about it
The design of Jellyfin is really insecure
It isn’t a supply chain attack. If it was they would’ve disclosed it mmediately instead of waiting.