01·
2 days agoYou may need to reevaluate your threat model.
- 0 Posts
- 5 Comments
Joined 2 years ago
Cake day: July 8th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I agree with you, it’s likely this vulnerability is only known because Jellyfin is open source… how many are hiding in Plex’s proprietary source code…
Anyways when has anyone ever been pwnd by this “exploit”, I have seriously never heard of anyone being “hacked” by one of them.
Definitely overblown as far as I am aware… don’t post your instance url all over the internet and you will likely be fine.
Using Plex (is fine, do whatever u want) and giving them your data instead doesn’t really help you (or at least sending your data through them).
you will absolutely lose a bunch of them
I always see this and I have to ask: why do you care?
They likely aren’t paid customers of yours, if they don’t follow your rules and the software you like to use, then they are free to use any other method of consuming media.
VPN
Have to agree with the other comment that asks why do you need to use a vpn. Fax
You didn’t ask, but if you’ve had a bad experience with the apps, you could try one of the native apps.
My friends on Apple devices think Swiftfin (https://github.com/jellyfin/Swiftfin) is much better than the normal jellyfin app.
I haven’t used this one/know anyone that has: Findroid (third party) (https://github.com/jarnedemeulemeester/findroid). Mostly because I haven’t had any issues with the official jellyfin app for android, but it would probably give a cleaner experience, being native and all.
For the server, I think it’s fantastic. Never had any problems that weren’t a few clicks to resolve. Pretty much use it and forget I’m the one maintaining it for the most part. I wonder what issues you encountered?
Hm I don’t remember posting the comment you are replying to, to the one I replied to.
You are right, but I still argue that keeping Jellyfin up to date is fine, there’s no serious bugs (afaik) that will compromise your whole server for instance, so these bots have nothing valuable to exploit here.
When I say don’t post your instance url I was talking about normal people finding it to try streaming from it without auth, I think I was replying to someone else and though this was the same thread.