after almost 15yrs my plex server is no more. jellyfin behind nginx with authentik is running very nicely.

  • rumba@lemmy.zip
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 day ago

    I’ve heard jellyfin has a lot of security issues

    The biggest known stuff I saw on their GitHub is that a number of the exposed service URLs under the hood don’t require auth. So, it’s open-source with known requirements, you can tell easily from the outside that it’s running, and you can cause it to activate a LOT of packages without logging in. That’s a zero-day in any package that can be passed a payload away from disaster.

    AS far as TVOS, I’m kinda surprised swiftfin doesn’t service you.

    • macstainless@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      3 hours ago

      Yeah… that’s a non-starter for me. Not gonna risk my entire home lab when Plex doesn’t have any of that risk.

      Also, running in Docker is fantastic but I’ve found Docker to be unstable at times depending on the version.

      • rumba@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        24 minutes ago

        Oh, Plex has the risk. A vulnerability in Plex is how LastPass lost all their source code. A vulnerability in Tautulli which he had ported outside surfaced his auth token, then he was able to use the auth token to get into Plex and they were able to hit an rce vulnerability and pull the entire git repo the guy had locally.

        The key difference is Plex at least has a security team and their name on the line with their investors.

    • Pup Biru@aussie.zone
      link
      fedilink
      English
      arrow-up
      2
      ·
      21 hours ago

      swiftfin is mostly there but doesn’t support media segments, which is a deal breaker for me

      really unfortunate since jellyfin media segments is a much better implementation of the concept than plex

      i’m watching the swiftfin issue for when it gets added and i’ll be all over compiling and testing it

    • Lem453@lemmy.ca
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 day ago

      Assuming this is all true, sure its not great but how much does it matter?

      Most have jellyfin in a docker. My jellyfin can’t only has read only accses to the media folder. Only the config folder has write access. Assuming the worst case scenario here, how much damage can than do?

      • rumba@lemmy.zip
        link
        fedilink
        English
        arrow-up
        3
        ·
        23 hours ago

        A lot of neophyte self hosters Will try running the binary in Windows instead. Experienced self hosters will indeed use docker.

        Then out of the ones that are using docker some of them will set it up as privileged.

        And then how many of those people actually make read-only versus how many just add the path and don’t think about it.

        Don’t confuse your good practices with what the average person will do.