MubelotixApr 1

Jellyfin critical security update - This is not a joke

https://jlai.lu/post/35398174

Jellyfin critical security update - This is not a joke - jlai.lu

Lemmy

Show threadescApr 1
Don’t expose jellyfin to the internet is a golden rule.
Show threadCompactFlaxApr 1
That’s never made sense to me; why build an authn frontend instead of just clicking your user if the security is just an illusion anyways. “Use a VPN” is fine for a mainframe, but an active project in 2026 should aspire to be better.
Show threadHammersamatomApr 1
Unfortunately, not everyone is tech-literate enough nowadays to understand how a VPN works, nor do they want to
Show threadInfernal_pizzaApr 1
Isn’t it easier to set up a VPN than expose it to the internet?
Show threadHammersamatomApr 1

Oh absolutely, difference being that you only need to expose the service once, versus helping however many people set up VPNs to access the service on your LAN

I know way too many people who won’t remember to toggle it on, or just won’t deal with it It’s just not convenient enough

Show threadWhyJiffie

I know way too many people who won’t remember to toggle it on, or just won’t deal with it

they need a VPN app that toggles automatically. turn off when they happen to connect to your network, otherwise on, and only forward jellyfin and such apps through it.

Apr 2 at 5:53amWeb