Mubelotix@jlai.lu to Selfhosted@lemmy.worldEnglish · 3 days agoJellyfin critical security update - This is not a jokegithub.comexternal-linkmessage-square250linkfedilinkarrow-up1698arrow-down16
arrow-up1692arrow-down1external-linkJellyfin critical security update - This is not a jokegithub.comMubelotix@jlai.lu to Selfhosted@lemmy.worldEnglish · 3 days agomessage-square250linkfedilink
minus-squarerumba@lemmy.ziplinkfedilinkEnglisharrow-up2·2 days agoBiggest worry is someone finding an uncaught RCE. Of course plugins also have surface area. We know they can anon pull video. You can sandbox it to limit exposure. But if they modify the web client with an RCE, then you hit your own server as a trusted site and that delivers a payload…
Biggest worry is someone finding an uncaught RCE.
Of course plugins also have surface area.
We know they can anon pull video. You can sandbox it to limit exposure.
But if they modify the web client with an RCE, then you hit your own server as a trusted site and that delivers a payload…