Mubelotix@jlai.lu to Selfhosted@lemmy.worldEnglish · 2 days agoJellyfin critical security update - This is not a jokegithub.comexternal-linkmessage-square246fedilinkarrow-up1688
arrow-up1688external-linkJellyfin critical security update - This is not a jokegithub.comMubelotix@jlai.lu to Selfhosted@lemmy.worldEnglish · 2 days agomessage-square246fedilink
minus-squareatzanteol@sh.itjust.workslinkfedilinkEnglisharrow-up17·edit-22 days agoY’all are assuming the security issue is something exploitable without authentication or has something to do with auth. But it it could be a supply chain issue which a VPN won’t protect you from.
minus-squarePossibly linux@lemmy.ziplinkfedilinkEnglisharrow-up1·16 hours agoIt isn’t a supply chain attack. If it was they would’ve disclosed it mmediately instead of waiting.
minus-squareWhyJiffie@sh.itjust.workslinkfedilinkEnglisharrow-up4·22 hours agoto be fair, Jellyfin had multiple unauthenticated vulnerabilities in the past so it makes sense to talk about it
minus-squarePossibly linux@lemmy.ziplinkfedilinkEnglisharrow-up1·16 hours agoThe design of Jellyfin is really insecure
Y’all are assuming the security issue is something exploitable without authentication or has something to do with auth.
But it it could be a supply chain issue which a VPN won’t protect you from.
It isn’t a supply chain attack. If it was they would’ve disclosed it mmediately instead of waiting.
to be fair, Jellyfin had multiple unauthenticated vulnerabilities in the past so it makes sense to talk about it
The design of Jellyfin is really insecure