Comment on That's all folks, Plex is starting to charge for sharing
merthyr1831@lemmy.ml 3 weeks agoI use a non-rooted docker, reverse proxy, and cloudfare domain. I know Jellyfin has some API security issues but I’m still unconvinced that any of them can be used to escalate to any level that would threaten my server (or even my instance of Jellyfin).
MaggiWuerze@feddit.org 3 weeks ago
They are not about escalating permissions but about unauthorized access to your library. As some living in a country with professional piracy lawyers, that go out and try to catch people in the act, I won’t open my server to that kind of risk.
I like Jellyfin being open source and all, but the maintainers made it clear that they prefer backwards compatibility with clients over fixing these issues.
merthyr1831@lemmy.ml 3 weeks ago
Oh yeah I don’t buy the backwards compat stuff because you can version an API to preserve backwards compatibility to sensible ends.
I’d be very interested to see cases of streaming or copyright lawyers essentially hacking users to litigate them. The only stuff Ive ever seen on snooping by corps on pirates it’s usually collecting PII from public sources like torrent clients without VPN coverage.
MaggiWuerze@feddit.org 3 weeks ago
The alternative is that dey just don’t care or are not capable of fixing it, despite numerous suggestions in the github thread. Both don’t blde well for the project, especially seeing as that ticket has veen open and discussed for almost 5 years