this post was submitted on 01 Apr 2026
709 points (99.0% liked)

Selfhosted

59999 readers
721 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
709
Jellyfin critical security update - This is not a joke (github.com)
submitted 2 months ago by Mubelotix@jlai.lu to c/selfhosted@lemmy.world
260 comments fedilink hide all child comments
(page 2) 50 comments
sorted by: hot top controversial new old
[–] Decronym@lemmy.decronym.xyz 8 points 2 months ago* (last edited 1 month ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
Git Popular version control system, primarily for code
HTTP Hypertext Transfer Protocol, the Web
IP Internet Protocol
NFS Network File System, a Unix-based file-sharing protocol known for performance and efficiency
Plex Brand of media server package
RPi Raspberry Pi brand of SBC
SBC Single-Board Computer
SMB Server Message Block protocol for file and printer sharing; Windows-native
SSH Secure Shell for remote terminal access
SSL Secure Sockets Layer, for transparent encryption
TLS Transport Layer Security, supersedes SSL
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)
nginx Popular HTTP server

12 acronyms in this thread; the most compressed thread commented on today has 13 acronyms.

[Thread #203 for this comm, first seen 1st Apr 2026, 09:50] [FAQ] [Full list] [Contact] [Source code]

[–] Wispy2891@lemmy.world 8 points 2 months ago

Thanks for this post, i would have updated mine next semester...

[–] roserose56@lemmy.zip 5 points 2 months ago (1 children)

Im on fedora and I have installed through dnf, no updates with the dnf update..... should I wait?

[–] gigachad@piefed.social 8 points 2 months ago (4 children)

I depends a bit on your threat model. If you have Jellyfin exposed to the internet I would shut it down immediately. If you are running locally and rely on it, let it run maybe? If behind a tailnet or some other VPN, I would deactivate it as well. If it is an Axios like vulnerability it may be possible your secrets are in danger, dependent on how well they are secured. Not a security expert, but I would handle this a little more conservative...

load more comments (4 replies)
[–] lmr0x61@lemmy.ml 5 points 2 months ago

The update rolled out perfectly for my Kubernetes setup (using the Docker image). 👍

load more comments
view more: ‹ prev next ›