Mubelotix@jlai.lu to Selfhosted@lemmy.worldEnglish · 2 days agoJellyfin critical security update - This is not a jokegithub.comexternal-linkmessage-square243fedilinkarrow-up1680arrow-down17 cross-posted to: piracy@lemmy.dbzer0.comjellyfin@lemmy.mljellyfin@lemmy.ml
arrow-up1673arrow-down1external-linkJellyfin critical security update - This is not a jokegithub.comMubelotix@jlai.lu to Selfhosted@lemmy.worldEnglish · 2 days agomessage-square243fedilink cross-posted to: piracy@lemmy.dbzer0.comjellyfin@lemmy.mljellyfin@lemmy.ml
minus-squarerumba@lemmy.ziplinkfedilinkEnglisharrow-up2·11 hours agoBiggest worry is someone finding an uncaught RCE. Of course plugins also have surface area. We know they can anon pull video. You can sandbox it to limit exposure. But if they modify the web client with an RCE, then you hit your own server as a trusted site and that delivers a payload…
Biggest worry is someone finding an uncaught RCE.
Of course plugins also have surface area.
We know they can anon pull video. You can sandbox it to limit exposure.
But if they modify the web client with an RCE, then you hit your own server as a trusted site and that delivers a payload…