But if you just run it locally an a media server in your home, and you don’t expose the service to the internet, that doesn’t really matter? Though perhaps more people connect to their Jellyfin instances remotely than I realize.
Comment on Plex got hacked.
TheGrandNagus@lemmy.world 16 hours agoI enjoy using Jellyfin and hope it continues to improve, but it has some problematic security of its own.
Logical@lemmy.world 13 hours ago
thax@lemmy.dbzer0.com 12 hours ago
It matters if someone manages to hide an exploit in jellyfin’s codebase, or more likely, a popular plugin. I imagine many folk have permissive outgoing firewall rules, in which case, an exploit could establish connectivity. Whether that eventually leads to privilege escalation on the jellyfin host would depend upon other variables.
cosmo@lemmy.world 12 hours ago
Well. If you’re not streaming why have such a service in the first place? If I didn’t stream remotely with Plex (and share with my friends and family) I’d just go back to running Kodi on my htpc like I did ten years ago.
nonfuinoncuro@lemmy.zip 4 hours ago
steam locally to multiple devices plus for remote streaming I just VPN into my home network
bobzer@lemmy.zip 14 hours ago
For example?
magguzu@midwest.social 5 hours ago
Have fun: github.com/jellyfin/jellyfin/issues/5415#event-17…
bobzer@lemmy.zip 4 hours ago
Thank you. These should get fixed.
But again, I can host behind a VPN and have zero risk here. I can work around my own shit, a Plex user can’t protect their data when Plex owns it.
weirdbeardgame@lemmy.world 13 hours ago
Lack of built-in 2FA for one thing
bobzer@lemmy.zip 5 hours ago
But it’s not difficult to integrate it yourself.
It’s inherently different. Plex liked having your data and didn’t protect it.
Jellyfins security is as good as the infrastructure you build yourself.