🚀 Jellyfin Server 10.11.7
We are pleased to announce the latest stable release of Jellyfin, version 10.11.7! This minor release brings several bugfixes to improve your Jellyfin experience. As alway...
There has been a known “anyone can access your media without authentication” vulnerability for seven years and counting, and the Jellyfin devs have openly stated that they have no intentions of fixing it. Because fixing it would require completely divesting from the Enby branch that the entire program is built upon. And they never plan on refactoring that entire thing, so they never plan on fixing the vulnerabilities.
The “don’t expose it to the internet” people aren’t just screaming at clouds. Jellyfin is objectively insecure, and shouldn’t be exposed.
Exactly. And that’s honestly why I doubt it will ever truly contend with Plex. It’s fine for sharing with friends who can figure out how to connect via VPN, but it’ll never be robust enough to share with your tech-illiterate grandparents on the open internet. Plex wins handily in that regard, because their sign in process is basically the same as Netflix, HBO, Hulu, etc…
Plex has problems of its own, but (at least as of me writing this) it doesn’t have any major known security vulnerabilities. They had some level 10.0 vulnerability last year, but they followed standard CVE protocols and patched it before the vulnerability was actually released.
There has been a known “anyone can access your media without authentication” vulnerability for seven years and counting, and the Jellyfin devs have openly stated that they have no intentions of fixing it. Because fixing it would require completely divesting from the Enby branch that the entire program is built upon. And they never plan on refactoring that entire thing, so they never plan on fixing the vulnerabilities.
The “don’t expose it to the internet” people aren’t just screaming at clouds. Jellyfin is objectively insecure, and shouldn’t be exposed.
Ahh bummer. It works so well as a home media server… kind of calls out for sharing.
Jeez, so it’s meant to be a literal home media server. Able, but not designed, to be used for sharing.
Exactly. And that’s honestly why I doubt it will ever truly contend with Plex. It’s fine for sharing with friends who can figure out how to connect via VPN, but it’ll never be robust enough to share with your tech-illiterate grandparents on the open internet. Plex wins handily in that regard, because their sign in process is basically the same as Netflix, HBO, Hulu, etc…
Plex has problems of its own, but (at least as of me writing this) it doesn’t have any major known security vulnerabilities. They had some level 10.0 vulnerability last year, but they followed standard CVE protocols and patched it before the vulnerability was actually released.