Mastodawn

"These vulnerabilities will be disclosed in 14 days as per our security policy" says #Jellyfin update notes https://github.com/jellyfin/jellyfin/releases/tag/v10.11.7

I am not a #security expert, but fixes to the vulnerabilities vaguely mentioned in the release notes are right there, in git history. One comment even says "Only allow remote shortcut paths [...] could be used to read arbitrary files from the server"

* https://github.com/jellyfin/jellyfin/commit/0581cd661021752e5063e338c718f211c8929310
* https://github.com/jellyfin/jellyfin/commit/fddd4e7e6b4de03060d190ac7f332bf34d949ce0
* https://github.com/jellyfin/jellyfin/commit/d1fd81c38263f4932f28ed24c3042272c901a594
* https://github.com/jellyfin/jellyfin/commit/50dc37065b8d530e7dcebc9672dd07583b203582

Jay

2h ago

If you run Jellyfin, you'll want to update immediately for some major security fixes which will be announced publicly in 14 days.

https://github.com/jellyfin/jellyfin/releases/tag/v10.11.7

#jellyfin #opensource

Release 10.11.7 · jellyfin/jellyfin

🚀 Jellyfin Server 10.11.7 We are pleased to announce the latest stable release of Jellyfin, version 10.11.7! This minor release brings several bugfixes to improve your Jellyfin experience. As alway...

GitHub

Troed Sångberg 5h ago

Update your #Jellyfin _now_.

"This release contains several extremely important security fixes. These vulnerabilities will be disclosed in 14 days as per our security policy. Users of all versions prior to 10.11.7 are advised to upgrade immediately."

https://github.com/jellyfin/jellyfin/releases/tag/v10.11.7

Release 10.11.7 · jellyfin/jellyfin

GitHub

VirtualWolf 9h ago

Ooo happy new #Navidrome and #Jellyfin release day everyone!

Release v0.61.0 · navidrome/navidrome

This version brings a comprehensive Artwork overhaul, with per-disc cover art, artist image uploads, animated image preservation, and a faster image pipeline powered by WebP encoding. You can now u...

GitHub

cm0002 9h ago

Jellyfin 10.11.7 Minor WARNING IMPORTANT SECURITY FIX

https://toast.ooo/post/13111637

Jellyfin 10.11.7 Minor WARNING IMPORTANT SECURITY FIX - toast.ooo

> WARNING: This release contains several extremely important security fixes. These vulnerabilities will be disclosed in 14 days as per our security policy. Users of all versions prior to 10.11.7 are advised to upgrade immediately. > > You can find more details about and discuss this release on the official forums [https://forum.jellyfin.org/t-new-jellyfin-server-web-release-10-11-7]. > > As always, please ensure you stop your Jellyfin server and take a full backup of your metadata/configs [https://jellyfin.org/docs/general/administration/backup-and-restore/#manual-backup] before upgrading! > > 🚀 Jellyfin Server 10.11.7 > > 🔒 Security > > Fix for GHSA-j2hf-x4q5-47j3, by @Shadowghost > Fix for GHSA-8fw7-f233-ffr8, by @Shadowghost > Fix for GHSA-v2jv-54xj-h76w, by @Shadowghost > Fix for GHSA-jh22-fw8w-2v9x, by @Shadowghost > > > 📈 General Changes > > Fix CA1810 build error [PR #16522], by @Bond-009 > Fix Null was not checked before using the H264 profile [PR #16519], by @nyanmisaka > Remove -copyts and add -flush_packets 1 to subtitle extraction [PR #16440], by @Molier > Fix lint issue [PR #16514], by @theguymadmax > Fix nullref ex in font handling [PR #16369], by @Bond-009 > Fix restore backup metadata location [PR #16425], by @theguymadmax > Fix NFO saver using wrong provider ID for collectionnumber [PR #16449], by @theguymadmax > Fix readrate options in FFmpeg 8.1 [PR #16423], by @nyanmisaka > Apply analyzeduration and probesize for subtitle streams to improve codec parameter detection [PR #16293], by @IceStormNG > Fix filter detection in FFmpeg 8.1 [PR #16392], by @nyanmisaka > Fix subtitle extraction caching empty files [PR #16257], by @lowbit > Fix hls segment length adjustment for remuxed content [PR #16341], by @crimsonspecter > Fix broken library subtitle download settings [PR #16204], by @MBR-0001 > Checkpoint WAL before moving library.db in migration [PR #16253], by @theguymadmax > Fix nullref in Season.GetEpisodes when the season is detached from a series [PR #16150], by @dfederm > Reattach user data after item removal during library scan [PR #16227], by @dfederm > Deduplicate provider IDs during MigrateLibraryDb migration [PR #16226], by @dfederm > Skip image checks for empty folders [PR #16231], by @theguymadmax > Fix TMDB image URLs missing size parameter [PR #16116], by @saltpi > Fix random sort returning duplicate items [PR #16098], by @theguymadmax > Fix SessionInfoWebSocketListener not using SessionInfoDto [PR #16109], by @nielsvanvelzen > Fix HLS playlist generation for transcodes with fractional framerate [PR #16053], by @IceStormNG > Rehydrate cached UserData after reattachment [PR #16071], by @MarcoCoreDuo > Fix TMDB crew department mapping [PR #16066], by @theguymadmax > Revert hidden directory ignore pattern [PR #16077], by @theguymadmax > > > > 🚀 Jellyfin Web 10.11.7 > > 🏗️ Enhancements > > Improve performance by disabling unnecessary user data when retrieving list of playlists [PR #7261], by @kevgrig > Add padding to mobile drawer [PR #7529], by @viown > Use display missing episodes setting in search [PR #7528], by @lmaotrigine > Add client names to image.ts [PR #7518], by @nielsvanvelzen > Allow to play Dolby Vision with fallback on webOS [PR #7526], by @antaljanosbenjamin > Wait for app host to initialize before proceeding [PR #7516], by @nielsvanvelzen > Fix alignment of music lyrics containing RTL or bidi text [PR #7461], by @ebkalderon > > 📈 General Changes > > Fix crashes on playback exit [PR #7645], by @thornbill > Fix music video random playback [PR #7632], by @theguymadmax > Fix carousel buttons for “My Media” appearing needlessly [PR #7391], by @bjorntp > Add autofocus to ConnectionErrorPage and FallbackRoute [PR #7641], by @dmitrylyzo > Order MediaMetadata.artwork from highest resolution to smallest [PR #7631], by @agausmann > Add polling fallback to sessions [PR #7565], by @viown > Fix card and item list accessibility issues [PR #7514], by @thornbill > Disable AV1 and OPUS on Xbox One [PR #7547], by @JPVenson > Fix random sort items refetching [PR #7541], by @thornbill > Navigate to wizard if not completed on server add [PR #7504], by @viown > Fix library menu button disappearing when name is too long [PR #7475], by @FelixRoediger

Mountaineer 11h ago

Jellyfin 10.11.7 Minor WARNING IMPORTANT SECURITY FIX

https://aussie.zone/post/31175404

Jellyfin 10.11.7 Minor WARNING IMPORTANT SECURITY FIX - Aussie Zone

WARNING: This release contains several extremely important security fixes. These vulnerabilities will be disclosed in 14 days as per our security policy. Users of all versions prior to 10.11.7 are advised to upgrade immediately. You can find more details about and discuss this release on the official forums [https://forum.jellyfin.org/t-new-jellyfin-server-web-release-10-11-7]. As always, please ensure you stop your Jellyfin server and take a full backup of your metadata/configs [https://jellyfin.org/docs/general/administration/backup-and-restore/#manual-backup] before upgrading! 🚀 Jellyfin Server 10.11.7 🔒 Security Fix for GHSA-j2hf-x4q5-47j3, by @Shadowghost Fix for GHSA-8fw7-f233-ffr8, by @Shadowghost Fix for GHSA-v2jv-54xj-h76w, by @Shadowghost Fix for GHSA-jh22-fw8w-2v9x, by @Shadowghost 📈 General Changes Fix CA1810 build error [PR #16522], by @Bond-009 Fix Null was not checked before using the H264 profile [PR #16519], by @nyanmisaka Remove -copyts and add -flush_packets 1 to subtitle extraction [PR #16440], by @Molier Fix lint issue [PR #16514], by @theguymadmax Fix nullref ex in font handling [PR #16369], by @Bond-009 Fix restore backup metadata location [PR #16425], by @theguymadmax Fix NFO saver using wrong provider ID for collectionnumber [PR #16449], by @theguymadmax Fix readrate options in FFmpeg 8.1 [PR #16423], by @nyanmisaka Apply analyzeduration and probesize for subtitle streams to improve codec parameter detection [PR #16293], by @IceStormNG Fix filter detection in FFmpeg 8.1 [PR #16392], by @nyanmisaka Fix subtitle extraction caching empty files [PR #16257], by @lowbit Fix hls segment length adjustment for remuxed content [PR #16341], by @crimsonspecter Fix broken library subtitle download settings [PR #16204], by @MBR-0001 Checkpoint WAL before moving library.db in migration [PR #16253], by @theguymadmax Fix nullref in Season.GetEpisodes when the season is detached from a series [PR #16150], by @dfederm Reattach user data after item removal during library scan [PR #16227], by @dfederm Deduplicate provider IDs during MigrateLibraryDb migration [PR #16226], by @dfederm Skip image checks for empty folders [PR #16231], by @theguymadmax Fix TMDB image URLs missing size parameter [PR #16116], by @saltpi Fix random sort returning duplicate items [PR #16098], by @theguymadmax Fix SessionInfoWebSocketListener not using SessionInfoDto [PR #16109], by @nielsvanvelzen Fix HLS playlist generation for transcodes with fractional framerate [PR #16053], by @IceStormNG Rehydrate cached UserData after reattachment [PR #16071], by @MarcoCoreDuo Fix TMDB crew department mapping [PR #16066], by @theguymadmax Revert hidden directory ignore pattern [PR #16077], by @theguymadmax 🚀 Jellyfin Web 10.11.7 🏗️ Enhancements Improve performance by disabling unnecessary user data when retrieving list of playlists [PR #7261], by @kevgrig Add padding to mobile drawer [PR #7529], by @viown Use display missing episodes setting in search [PR #7528], by @lmaotrigine Add client names to image.ts [PR #7518], by @nielsvanvelzen Allow to play Dolby Vision with fallback on webOS [PR #7526], by @antaljanosbenjamin Wait for app host to initialize before proceeding [PR #7516], by @nielsvanvelzen Fix alignment of music lyrics containing RTL or bidi text [PR #7461], by @ebkalderon 📈 General Changes Fix crashes on playback exit [PR #7645], by @thornbill Fix music video random playback [PR #7632], by @theguymadmax Fix carousel buttons for “My Media” appearing needlessly [PR #7391], by @bjorntp Add autofocus to ConnectionErrorPage and FallbackRoute [PR #7641], by @dmitrylyzo Order MediaMetadata.artwork from highest resolution to smallest [PR #7631], by @agausmann Add polling fallback to sessions [PR #7565], by @viown Fix card and item list accessibility issues [PR #7514], by @thornbill Disable AV1 and OPUS on Xbox One [PR #7547], by @JPVenson Fix random sort items refetching [PR #7541], by @thornbill Navigate to wizard if not completed on server add [PR #7504], by @viown Fix library menu button disappearing when name is too long [PR #7475], by @FelixRoediger

Paul Chambers🚧12h ago

Jellyfin Server 10.11.7 released.

#JellyFin #SelfHost

https://github.com/jellyfin/jellyfin/releases/tag/v10.11.7

Nate 1d ago

I’m #SelfHosting my Photos (#Immich) and Video collection (#Jellyfin).

Now I’m thinking about self-hosting a notes app to replace Apple Notes/Google Keep.

Any recommendations?

#HomeLab

Mr. Funk E. Dude 🫠1d ago

Hopefully I got everything fixed on my #Jellyfin server yesterday.

An update totally changed permissions and I had to go in and not only fix the permissions again but make it so that the permissions were permanent.

I guess I wont know if it worked until the next update. 🤷

Arnan 2d ago

Does Jellyfin just have a shitty download page? Or what am I missing?
What app should I use for macOS desktop? Where are the 'smart TV' clients - For example for a TV that uses Vidaa.

#jellyfin #tv #macos #client #selfhosted