this post was submitted on 01 Apr 2026
709 points (99.0% liked)

Selfhosted

59999 readers
721 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
709
Jellyfin critical security update - This is not a joke (github.com)
submitted 2 months ago by Mubelotix@jlai.lu to c/selfhosted@lemmy.world
260 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] JigglySackles@lemmy.world 8 points 2 months ago (16 children)

Are you singling out Jellyfin for a particular reason? Or are also going to advise just never opening ports in general?

[–] kieron115@startrek.website 13 points 2 months ago* (last edited 2 months ago) (13 children)

jellyfin people just always spout this advice as some sort of copium and i dont even know why. ALL software will have security issues at some point or another. just update and move on with your life.

[–] neclimdul@lemmy.world 5 points 2 months ago (5 children)

Definitely.

But I think more than copium it's them understanding their users. It's advice for people that will figure out how to run Jellyfin but won't stay on top of updates, setup a waf, use a firewall/reverseproxy to limit access, etc. There are surely a lot of those that just one clicked an installer etc and for them it's good advice.

[–] kieron115@startrek.website 1 points 2 months ago (1 children)

that's fair, does it not have any kind of encryption by default?

[–] HK65@sopuli.xyz 2 points 2 months ago (1 children)

Standard TLS, I think, but what else would you need?

[–] kieron115@startrek.website 1 points 2 months ago* (last edited 2 months ago) (1 children)

None really, just wondering what the issue with opening it up is if it has TLS? In 10+ years I've never had my Plex server compromised and it just uses TLS. I do change the default port but that's it.

[–] neclimdul@lemmy.world 2 points 2 months ago (1 children)

Plex logins go through their login server so you'll also have login throttling and probably other bot protections.

[–] kieron115@startrek.website 2 points 2 months ago

They also do some SSL shenanigans to get every user a unique, valid public certificate created during setup. https://words.filippo.io/how-plex-is-doing-https-for-all-its-users/

load more comments (3 replies)
load more comments (10 replies)
load more comments (12 replies)