A load of those so called vulnerabilities are way overblown and in most cases require you to be logged in anyway.
Comment on That's all folks, Plex is starting to charge for sharing
douglasg14b@lemmy.world 6 days agoI use jellyfin, and jellyfin is not safe to expose to the internet.
They have a handful of vulnerability and security holes that have been open for like 5+ years now. And the old emby architecture is quite difficult to work with.
kylian0087@lemmy.dbzer0.com 6 days ago
dependencyinjection@discuss.tchncs.de 6 days ago
So you’re saying there are some vulnerabilities which are not overblown and therefore should be a concern?
kylian0087@lemmy.dbzer0.com 6 days ago
That is with any piece of software. their will always be some vulnerabilities that are very bad. so by your definition using any piece of software is a concern.
dogs0n@sh.itjust.works 6 days ago
I agree with you, it’s likely this vulnerability is only known because Jellyfin is open source… how many are hiding in Plex’s proprietary source code…
Anyways when has anyone ever been pwnd by this “exploit”, I have seriously never heard of anyone being “hacked” by one of them.
Definitely overblown as far as I am aware… don’t post your instance url all over the internet and you will likely be fine.
Using Plex (is fine, do whatever u want) and giving them your data instead doesn’t really help you (or at least sending your data through them).
MaggiWuerze@feddit.org 6 days ago
And they actively refuse to do anything about them because it would force clients to update. You could just just as well open an unsecured ftp server to your content