106
New Jellyfin Server/Web release: 10.11.10 (forum.jellyfin.org)
submitted 3 days ago by 1hitsong@lemmy.ml to c/jellyfin@lemmy.ml
8 comments fedilink hide all child comments

We are pleased to announce the latest stable release of Jellyfin, version 10.11.10! This minor release brings several bugfixes to improve your Jellyfin experience. As always, please ensure you take a full backup before upgrading!

You can find the full changelogs on the GitHub releases for the server repository and the web repository.

Release prepared with <3 by @joshuaboniface, the rest of the Jellyfin team, and contributors like you.

Happy watching!

top 8 comments
sorted by: hot top new old
[-] Mountaineer@aussie.zone 12 points 3 days ago

As always, please ensure you stop your Jellyfin server and take a full backup of your metadata/configs before upgrading!

๐Ÿš€ Jellyfin Server 10.11.10

๐Ÿ”’ Security

Fix GHSA-f47c-m7gr-q92j, by @Shadowghost
Fix GHSA-jg92-mrxq-vv75, by @Shadowghost
Fix GHSA-wwwm-px48-fpvq, by @Shadowghost

๐Ÿ“ˆ General Changes

Fix stale UserData cache [PR #15048], by @theguymadmax
Fix/user manager collation [PR #16906], by @JPVenson

๐Ÿš€ Jellyfin Web 10.11.10

๐Ÿ”’ Security

Fix xss in listview [PR #7955], by @thornbill
[-] hperrin@lemmy.ca 7 points 3 days ago

Yay, Jellyfin!! :D

[-] Minnels@lemmy.zip 2 points 3 days ago

I just installed and fixed my setup yesterday. Sigh Guess the backup part is irelevant at least.

[-] Semi_Hemi_Demigod@lemmy.world 2 points 3 days ago

Just in time for my first deployment.

[-] Lemmchen@feddit.org 1 points 3 days ago

Should I worry that this is essentially a security update for vulnerabilities that are (intentionally?) not explained?

[-] ShortN0te@lemmy.ml 6 points 3 days ago

Why should you? They got fixed?

Often security vulnabilities do not go public the moment the got discovered. There are often wirhheld to only the researcher and the team or only a few ppl of the team the vulnabilitie related to.

This is to give system admins time to update and patch their systems before more details and the research gets released.

Responsible disclosure is one of those procedures.

[-] Prove_your_argument@piefed.social 2 points 3 days ago

I would update. In a few months those will be published Iโ€™m sure.

Itโ€™s disappointing that weโ€™ve come to this because when you deal with pcidss or some other regulation frameworks you need to patch or eliminate vulnerabilities and when patching is not feasible you can generally make tweaks to eliminate the attack. I like to apply the same level of hardening to all of my servers and services anyway.. but without details published I have no idea what the vector is or if the vulnerability even applies in my environment - itโ€™s not uncommon for one to require very specific configuration to either be vulnerable or protected.

Easy enough to smash update in this case but still.

[-] ShortN0te@lemmy.ml 1 points 2 days ago

I would update. In a few months those will be published Iโ€™m sure.

I mean the patches themself are there and visible. The only thing that is not there is the explenation on what the vulnabilitie is/was.

this post was submitted on 24 May 2026
106 points (98.2% liked)

Jellyfin: The Free Software Media System

8982 readers
1 users here now

Current stable release: 10.11.10

Community Standards

Website

Forum

GitHub

Documentation

Feature Requests

Matrix (General Information & Help)

Matrix (Announcements)

Matrix (General Development)

Matrix (Off-Topic) - Come get to know the team and blow off steam!

Matrix Space - List of all the available rooms on Matrix.

Discord - Bridged to our Matrix rooms

founded 5 years ago
MODERATORS
sparky8251@lemmy.ml
1hitsong@lemmy.ml
anthonylavado@lemmy.ca