691
Jellyfin critical security update - This is not a joke (github.com)
submitted 2 days ago by Mubelotix@jlai.lu to c/selfhosted@lemmy.world
248 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] ugo@feddit.it 9 points 2 days ago

No need to expose jellyfin to the internet if you selectively allow peers on your lan via wireguard.

[-] EncryptKeeper@lemmy.world 24 points 2 days ago

This attitude is why Plex remains popular.

[-] keyez@lemmy.world 18 points 2 days ago

Easy for me but not my aunts, cousins or father in law to setup and use.

[-] douglasg14b@lemmy.world 8 points 2 days ago

Nor will the VPN work on things like their TV or Roku or game console. You know the things that people typically sit down and watch media on....

[-] Dultas@lemmy.world -1 points 1 day ago

Wireguard and possibly openvpn work on Android TVs. I set it up for my mom. Not sure about other OSs.

[-] WhyJiffie@sh.itjust.works 0 points 1 day ago

they are not setting up the Jellyfin server either, why would they need to bother with the VPN?

[-] vaionko@sopuli.xyz 2 points 1 day ago

They're connecting to it.

[-] WhyJiffie@sh.itjust.works 1 points 1 day ago

yeah, it's the operator's job to help setting that up

[-] ugo@feddit.it 1 points 2 days ago

I believe your situation, that said I set up wireguard on my SO’s mac and all that is needed is to flip a switch in an app to connect. For my aunt, I’d likely set that up permanently since it only affects traffic when accessing the lan.

[-] Damarus@feddit.org 14 points 2 days ago

I'd rather just not use it at that point

[-] ugo@feddit.it 7 points 2 days ago

Fair, you do you, I get a lot of value out of it instead.

[-] Damarus@feddit.org 12 points 2 days ago

The difference is that my friends get a lot of value out of my server, as they don't need to use any technology they're unfamiliar with.

[-] WhyJiffie@sh.itjust.works -2 points 1 day ago* (last edited 1 day ago)

you are better just closing up shop then, because it's not like the other services you are hosting are much better. vulnerabilities being discovered don't mean they don't exist, it just means the software is not popular enough or too complex for someone to look into it

[-] Damarus@feddit.org 3 points 1 day ago

lol the whole internet better shut down right? Too vulnerable

[-] WhyJiffie@sh.itjust.works -5 points 1 day ago

much of the internet is run on simpler software or by full time employees tasked to deal with all this. but sure, ignorance is bliss, what you don't see does not exist, etc etc, keep running your Jellyfin exposed to the internet. you wouldnt even get to know when your system is compromised. but you know what? you could even remove your password for extra convenience. who would want to log in to a random jellyfin account anyway! surely no one! just don't recommend these practices to anyone, because you are putting them at risk.

[-] Damarus@feddit.org 4 points 1 day ago

I mean I do this stuff for a living but okay go off king

[-] WhyJiffie@sh.itjust.works -4 points 1 day ago

would not ever use your services in that case

[-] Damarus@feddit.org 4 points 1 day ago

Thank god

[-] WhyJiffie@sh.itjust.works -2 points 1 day ago* (last edited 1 day ago)

wow not just totally unprofessional, but even downvoting the calling out the lack of credible security! you can be ashamed of yourself, and hope that your clients never find out you are a contrarian

I really doubt your work has anything to do with computers

[-] Damarus@feddit.org 2 points 1 day ago

You're hilarious. I haven't downvoted you, others are reading these threads as well.

Talking about security... Have you heard of intrusion detection, process isolation, or principle of least privilege?

[-] douglasg14b@lemmy.world 6 points 2 days ago

Which doesn't work for The grand majority of devices that would be used to watch said media.

Tvs game consoles rokus so on so forth typically don't support VPN clients.

The Jonathan clients for these devices also typically don't support alternative authentication methods which would allow you to put jellyfin behind a proxy and have the proxy exposed to the internet. Gating all access to jellyfin apis behind a primary authentication layer thus mitigating effectively all security vulnerabilities that are currently open.

[-] WhyJiffie@sh.itjust.works 0 points 1 day ago* (last edited 1 day ago)

Tvs game consoles rokus so on so forth typically don't support VPN clients.

and that's why you set up a VPN client box on the location, set it up as a regular VPN client, and install a reverse proxy on it that the dumb clients can connect to.

the VPN box could be as simple as an old android phone no one uses, and termux

this post was submitted on 01 Apr 2026
691 points (99.1% liked)

Selfhosted

58128 readers
767 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz