MubelotixApr 1

Jellyfin critical security update - This is not a joke

https://jlai.lu/post/35398174

Jellyfin critical security update - This is not a joke - jlai.lu

Lemmy

Show threadescApr 1
Don’t expose jellyfin to the internet is a golden rule.
Show threadCompactFlaxApr 1
That’s never made sense to me; why build an authn frontend instead of just clicking your user if the security is just an illusion anyways. “Use a VPN” is fine for a mainframe, but an active project in 2026 should aspire to be better.
Show threadHammersamatomApr 1
Unfortunately, not everyone is tech-literate enough nowadays to understand how a VPN works, nor do they want to
Show threadInfernal_pizzaApr 1
Isn’t it easier to set up a VPN than expose it to the internet?
Show threadsanzkyApr 1
and then you are giving access to your lan to people whose computer you don’t control and might be full of malware.
Show threadFauxLivingApr 1

You only have to give them access to a specific port on a specific machine, not your entire LAN.

My VPN has a ‘media’ usergroup who can only access the, read-only, NFS exports of my media library.

If you’re just installing Wireguard and enabling IP forwarding, yeah it would not be secure. But using a mesh VPN, like Tailscale/Headscale, gives you A LOT more tools to control access.

Show threadWhyJiffieApr 2
yeah but even with plain wireguard the peers can be limited. you just have to figure out the firewall rules, or use opnsense as your wireguard server because it figures the harder part out for you.
Show threadsanzky
it’s not that it cannot be done. the issue is that something as simple as acceding a service should not require to configure wire guard and routing rules. plenty of FOSS priests are safe to expose through a simple reverse proxy
Apr 2 at 7:56pmWeb
Show threadWhyJiffie4d ago

plenty of FOSS projects are safe to expose through a simple reverse proxy

I have my doubts about that. Personally I would never do that.