this post was submitted on 02 Apr 2025
230 points (100.0% liked)

Technology

38492 readers
734 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
230
I don't know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet (github.com)
submitted 1 week ago by [email protected] to c/[email protected]
160 comments fedilink hide all child comments
 

Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla...

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 15 points 6 days ago* (last edited 6 days ago) (1 children)

~~Many of these have already been fixed FWIW, it's not a collection of open issues.~~ Nevermind, they have only been closed, not fixed. Yikes.

[–] [email protected] 15 points 6 days ago* (last edited 6 days ago) (1 children)

No. None of the items are closed. Click the "closed" items. All of them are "Not planned. Duplicate, see 5415".

Edit: The biggest issue of unauthenticated streaming of content... https://github.com/jellyfin/jellyfin/issues/13777

Last opened last week. closed as duplicate. it's unaddressed completely.

[–] [email protected] 1 points 6 days ago (1 children)

That's really sad. Damn, how disappointing.

[–] [email protected] 2 points 6 days ago (1 children)

I mean it was closed as a duplicate of the collection, not closed.

[–] [email protected] 1 points 5 days ago

I meant it's disappointing that they haven't addressed any of the security issues.

[–] [email protected] 4 points 6 days ago (1 children)

Honestly, is the problem that they need extra hands to fix these issues?

[–] [email protected] 2 points 6 days ago* (last edited 6 days ago) (1 children)

Thank you for this list. We are aware of quite a few, but for reasons of backwards compatibility they've never been fixed. We'd definitely like to but doing so in a non-disruptive way is the hard part.

While I'm sure that some of the answer is in not having dev time to fix it... Their response makes it seem like they're not fully interested in fixing it for other reasons... In the case of this response, "Backwards compatibility".

[–] [email protected] 2 points 4 days ago

Thats sad honestly, this is where open source excells, and refusing to fix an issue without a plan to address it as a tech debt is just a bad solution

load more comments
view more: next ›