New Jellyfin Server/Web release: 10.10.7

Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨otter@lemmy.ca⁩ to ⁨selfhosted@lemmy.world⁩

https://forum.jellyfin.org/t-new-jellyfin-server-web-release-10-10-7

cross-posted from: aussie.zone/post/19146681

Jellyfin Server 10.10.7

Important Notes

Configurations behind a reverse proxy that did not explicitly configure trusted proxies will not work after this release. This was never a supported configuration, so please ensure you correct your configuration before upgrading. See the updated docs here for more information.

Security

Fix validation of API parameters to FFmpeg [GHSA-2c3c-r7gp-q32m], by @Shadowghost

Fix trusting forward headers if none are configured [GHSA-qcmf-gmhm-rfv9], by @JPVenson

Note: GHSAs will be published seven (7) days after this release.

General Changes

Fix regression where “Search for missing metadata” not handling cast having multiple roles [PR #13720], by @Lampan-git

Clone fallback audio tags instead of use ATL.Track.set [PR #13694], by @gnattu

Backport 10.11 API enum changes [PR #13835], by @nielsvanvelzen

Support more rating formats [PR #13639], by @IDisposable

Fix stackoverflow in MediaSourceCount [PR #12907], by @JPVenson

Upgrade LrcParser to 2025.228.1 [PR #13659], by @congerh

Include Role and SortOrder in MergePeople to fix “Search for missing metadata” [PR #13618], by @Lampan-git

Delete children from cache on parent delete [PR #13601], by @Bond-009

Fix overwrite of PremierDate with a year-only value [PR #13598], by @IDisposable

Wait for ffmpeg to exit on Windows before we try deleting the concat file [PR #13593], by @Bond-009

Fix 4K filtering when grouping movies into collections [PR #13594], by @theguymadmax

Remove empty ParentIndexNumber workaround [PR #13611], by @Shadowghost

Update dependency z440.atl.core to 6.20.0 [PR #13845], by @Shadowghost

Jellyfin Web 10.10.7

General Changes

Fix parsing minor version of Tizen [PR #6661], by @dmitrylyzo

Fix re-focusing on pause button when displaying OSD [PR #6510], by @dmitrylyzo

Fix skip button not displaying correctly with OSD [PR #6583], by @rlauuzo

Fix catalog plugin page not setting page title [PR #6570], by @nielsvanvelzen

source

Comments

Sort:hotnew top

renegadespork@lemmy.jelliefrontier.net ⁨3⁩ ⁨weeks⁩ ago

Configurations behind a reverse proxy that did not explicitly configure trusted proxies will not work after this release. This was never a supported configuration, so please ensure you correct your configuration before upgrading. See the updated docs here for more information.

Well I’m glad I read that before upgrading!

source
- sugar_in_your_tea@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
  It’s odd to throw that into a patch release. I guess we’ll find out if I did it correctly.
  
  source
  - jonne@infosec.pub ⁨3⁩ ⁨weeks⁩ ago
    I mean, it’s patching a security issue caused by trusting headers it shouldn’t, so I don’t think they should wait for a big number release.
    
    source
    -> View More Comments
  - N0x0n@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
    I mean, where else should they show that warning? It’s also posted in the forum. They also edited the documentation page.
    
    Maybe you’re more into mailing list or the like? I’m genuine curious on what and how you expected getting this kind of information.
    
    source
    -> View More Comments
- 486@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  Thanks for pointing this out! I probably would have missed this, since I didn’t expect such a change for a patch release.
  
  Their documentation mentions:
  
  For jellyfin to know which reverse proxy is trusted, the IP, Hostname or Subnet has to be set in the Known Proxies (under Admin Dashboard -> Networking) setting.
  
  Does this really mean, that the only way to configure this is through the web UI? This is kind of a problem when deploying it, since without the reverse proxy I can’t reach the Jellyfin server. Is there no way of doing this outside the web UI, via a config file or something?
  
  source
  - jagged_circle@feddit.nl ⁨2⁩ ⁨weeks⁩ ago
    Yeah the lack of info in the docs on how to configure jellyfin in the CLI is pathetic
    
    source
  - Lem453@lemmy.ca ⁨2⁩ ⁨weeks⁩ ago
    If I in traefik and jellyfin in docker, so I add the docker IP of traefik as the trusted proxy?
    
    source
    -> View More Comments
- slazer2au@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  Do you not normally read patch notes before patching?
  
  source
  - kata1yst@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago
    Fuck no, ain’t nobody got time for that! My self hosted stack has 40+ services. I lock them to minor releases (where semvers are used), deploy blind with automation, and fire alerts when breakages occur, which is thankfully rarely.
    
    What you’re suggesting works for small, very carefully curated environments. I grew past that years ago and doubly so when I had kids.
    
    source
    -> View More Comments
node815@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
Not related to the server, but I was very happily surprised with the latest Roku Jellyfin channel. A complete refresh of everything and it’s great to see it.

source
- gazby@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago
  You’ll want to get off Roku soon, they’re already testing preroll ads for the home screen.
  
  source
  - node815@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    I can see them doing that, I use a DNS ad-block (Adguardhome) with plenty of filters and last night, I spotted that they were able to inject two ads (standard one to the right of the channels and one at the bottom below the menu for the new Minecraft movie when they changed my background. So, they are finding ways around this stuff. I simply disabled the Sponsored themes. We are on the fence about replacing the TV later this year but not 100% sure just yet. It’s been quite buggy randomly rebooting when switching sources and other things.
    
    source
    -> View More Comments
- timbuck2themoon@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago
  For real. JF roku team is killing it. Latest release is so nice.
  
  source
  - 1hitsong@lemmy.ml ⁨2⁩ ⁨weeks⁩ ago
    🤘 Thanks
    
    source
- 1hitsong@lemmy.ml ⁨2⁩ ⁨weeks⁩ ago
  🤘 Enjoy
  
  source
melfie@lemmings.world ⁨2⁩ ⁨weeks⁩ ago
Really looking forward to 10.11 when the EFCore functionality is in place so I can run it with PostgreSQL and actually backup the DB properly and also have proper replication for a hot standby.

source
- retmas@lemm.ee ⁨2⁩ ⁨weeks⁩ ago
  As far as I can understand, even with EFCore in 10.11, there still will only sqlite be available as a database backend. There are plans for postgresql and other types but it’s a much more distant prospect. Reference
  
  source
  - melfie@lemmings.world ⁨2⁩ ⁨weeks⁩ ago
    Ah, seems I had a misunderstanding and appreciate the info!
    
    source
- wabasso@lemmy.ca ⁨2⁩ ⁨weeks⁩ ago
  If you have the time, I’d love to learn how to set up a hot standby, not just for jellyfin but in general.
  
  source
  - melfie@lemmings.world ⁨2⁩ ⁨weeks⁩ ago
    I was imagining setting up an old laptop as a backup to my main server with PostgreSQL replication for the Jellyfin DB and some sort of file synchronization for media and metadata. I have yet to manually setup PostgreSQL replication outside of a cloud provider where the process is automated, so I was planning it as an interesting learning experience. However, from the post above, it seems I was misinformed about the timeframe of PostgreSQL support in Jellyfin.
    
    source
    -> View More Comments
- chaospatterns@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
  Oh that would be nice. I would use that to just go into the database and fix all my broken music metadata which I can’t see to fix any other way.
  
  source
  - melfie@lemmings.world ⁨2⁩ ⁨weeks⁩ ago
    I stand corrected about PostgreSQL support dropping in 10.11. Seems we may still have quite a wait ahead of us.
    
    source
hperrin@lemmy.ca ⁨2⁩ ⁨weeks⁩ ago
My friend who’s been praising Plex for years and making fun of me for using Jellyfin instead just told me the other day he’s thinking about switching. It’s their new subscription fee that finally did it. xD

source
- kcweller@feddit.nl ⁨2⁩ ⁨weeks⁩ ago
  It’s what made me switch this weekend. I didn’t know I missed the “Episode ends on (time)” functionality until I got it with Jellyfin, Holy shit that’s so nice ❤️
  
  source
  - raptore39@lemm.ee ⁨2⁩ ⁨weeks⁩ ago
    I wish everything had that
    
    source
- LordKitsuna@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
  I mean i understand praising it, i still primarily use plex despite their Shenanigans and will VPN to bypass the remote streaming charge. I still have jellyfin installed but it has several issues for me still.
  
  I have quite a large library and I still regularly have issues with matching especially on anime. It will either fail to match at all until I do it manually, or match incorrectly and I will have to manually correct it. I still frequently have playback issues for no apparent reason especially on Android where I will hit a file that just refuses to play back for no apparent reason with none of the error logs being particularly helpful on files that play perfectly in Plex with absolutely no issues, I have both friends and family that use my server and the device support is basically everything even remotely capable of media playback for Plex but is unfortunately just not as robust for jellyfin.
  
  I know that in this particular subreddit I’m likely to just get downloaded for saying it but sometimes the open source solution just isn’t as good and this is definitely one of those cases. It’s been getting better has time goes on but it’s not a solid replacement yet for a lot of cases
  
  source
Supernova1051@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago
So I upgraded and tested not adding a trusted proxy (using Traefik in front of Jellyfin) and nothing broke. Was it supposed to break or is it just that its insecure? Am I less secure by not adding it as a trusted proxy?

source
cupcakezealot@lemmy.blahaj.zone ⁨2⁩ ⁨weeks⁩ ago
updated on mint this weekend; admittedly it’s not a big library (mostly just for me and my family) but it was pretty painless. i put in my trusted proxies ahead of time and backed up /etc/jellyfin and /var/lib/jellyfin ahead of time. no problems at all.

source