this post was submitted on 06 Apr 2025
285 points (98.6% liked)

Selfhosted

45541 readers
1180 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
285
New Jellyfin Server/Web release: 10.10.7 (forum.jellyfin.org)
submitted 2 days ago by otter@lemmy.ca to c/selfhosted@lemmy.world
74 comments fedilink hide all child comments
 

cross-posted from: https://aussie.zone/post/19146681

Jellyfin Server 10.10.7

Important Notes

Configurations behind a reverse proxy that did not explicitly configure trusted proxies will not work after this release. This was never a supported configuration, so please ensure you correct your configuration before upgrading. See the updated docs here for more information.

Security

  • Fix validation of API parameters to FFmpeg [GHSA-2c3c-r7gp-q32m], by @Shadowghost
  • Fix trusting forward headers if none are configured [GHSA-qcmf-gmhm-rfv9], by @JPVenson

Note: GHSAs will be published seven (7) days after this release.

General Changes

  • Fix regression where "Search for missing metadata" not handling cast having multiple roles [PR #13720], by @Lampan-git
  • Clone fallback audio tags instead of use ATL.Track.set [PR #13694], by @gnattu
  • Backport 10.11 API enum changes [PR #13835], by @nielsvanvelzen
  • Support more rating formats [PR #13639], by @IDisposable
  • Fix stackoverflow in MediaSourceCount [PR #12907], by @JPVenson
  • Upgrade LrcParser to 2025.228.1 [PR #13659], by @congerh
  • Include Role and SortOrder in MergePeople to fix "Search for missing metadata" [PR #13618], by @Lampan-git
  • Delete children from cache on parent delete [PR #13601], by @Bond-009
  • Fix overwrite of PremierDate with a year-only value [PR #13598], by @IDisposable
  • Wait for ffmpeg to exit on Windows before we try deleting the concat file [PR #13593], by @Bond-009
  • Fix 4K filtering when grouping movies into collections [PR #13594], by @theguymadmax
  • Remove empty ParentIndexNumber workaround [PR #13611], by @Shadowghost
  • Update dependency z440.atl.core to 6.20.0 [PR #13845], by @Shadowghost

Jellyfin Web 10.10.7

General Changes

  • Fix parsing minor version of Tizen [PR #6661], by @dmitrylyzo
  • Fix re-focusing on pause button when displaying OSD [PR #6510], by @dmitrylyzo
  • Fix skip button not displaying correctly with OSD [PR #6583], by @rlauuzo
  • Fix catalog plugin page not setting page title [PR #6570], by @nielsvanvelzen
you are viewing a single comment's thread
view the rest of the comments
[–] renegadespork@lemmy.jelliefrontier.net 74 points 2 days ago (3 children)

Configurations behind a reverse proxy that did not explicitly configure trusted proxies will not work after this release. This was never a supported configuration, so please ensure you correct your configuration before upgrading. See the updated docs here for more information.

Well I’m glad I read that before upgrading!

[–] 486@lemmy.world 20 points 2 days ago* (last edited 2 days ago) (2 children)

Thanks for pointing this out! I probably would have missed this, since I didn't expect such a change for a patch release.

Their documentation mentions:

For jellyfin to know which reverse proxy is trusted, the IP, Hostname or Subnet has to be set in the Known Proxies (under Admin Dashboard -> Networking) setting.

Does this really mean, that the only way to configure this is through the web UI? This is kind of a problem when deploying it, since without the reverse proxy I can't reach the Jellyfin server. Is there no way of doing this outside the web UI, via a config file or something?

Edit: Apparently the configuration for the proxies is stored in Jellyfin's network.xml config file. So it should be possible to do this without manually configuring it via the web UI.

Another edit: It works. Adding <KnownProxies>[proxy ip or hostname]</KnownProxies> in place of the empty <KnownProxies/> key to that config file does the trick.

[–] Lem453@lemmy.ca 2 points 1 day ago* (last edited 1 day ago) (2 children)

If I run traefik and jellyfin in docker, do I add the docker IP of traefik as the trusted proxy?

[–] klopstock@feddit.org 2 points 22 hours ago

I think you can use the container name if both containers are in the same docker network

[–] 486@lemmy.world 1 points 1 day ago

I don't know your exact setup, but you should add the IP that Jellyfin sees when the reverse proxy makes a request. That probably comes from the IP of your Traefik docker container.

[–] jagged_circle@feddit.nl 2 points 1 day ago

Yeah the lack of info in the docs on how to configure jellyfin in the CLI is pathetic

[–] sugar_in_your_tea@sh.itjust.works 30 points 2 days ago (2 children)

It's odd to throw that into a patch release. I guess we'll find out if I did it correctly.

[–] jonne@infosec.pub 10 points 1 day ago (1 children)

I mean, it's patching a security issue caused by trusting headers it shouldn't, so I don't think they should wait for a big number release.

[–] sugar_in_your_tea@sh.itjust.works 15 points 1 day ago (1 children)

Why wait? Just release it as a big number release. The version number doesn't define the size or cadence of a release, it just says whether there's a breaking change.

[–] mac@lemm.ee 7 points 1 day ago* (last edited 1 day ago) (1 children)

At least in my org we use semantic versioning ( Major.Minor.patch) where patch must either be a new feature, a fix, or something that is backwards compatible

Minor can be breaking

Major is basically something you're proud of lol

[–] Rogue@feddit.uk 1 points 22 hours ago (1 children)

That's not semantic versioning...

[–] mac@lemm.ee 1 points 5 hours ago

Guess my org fucked it up ¯\(ツ)

[–] N0x0n@lemmy.ml 0 points 2 days ago* (last edited 2 days ago) (1 children)

I mean, where else should they show that warning? It's also posted in the forum. They also edited the documentation page.

Maybe you're more into mailing list or the like? I'm genuine curious on what/ how/ where you expected getting this kind of information.

[–] fitgse@sh.itjust.works 28 points 2 days ago (2 children)

I expect in a patch release that nothing has changed and I can blindly update getting minor bug fixes and security fixes. In a minor release I expect to review the changes for configuration changes or any minor UI changes. For a major release I expect to read docs on how to upgrade and prepare backups and downtime.

[–] N0x0n@lemmy.ml 7 points 1 day ago* (last edited 1 day ago) (1 children)

Ohhh thanks for the clarification ! As you guessed I'm not into dev/programming so I wasn't aware of this kind of detail !

Thank you :)

Edit: Now semver makes sense !

[–] sugar_in_your_tea@sh.itjust.works 5 points 1 day ago

Yeah, it's really nice when done properly. I have my images pinned to minor releases (they can sometimes break backwards compatibility on accident), so I expect upgrades to newer patch versions to mostly be safe. Mistakes happen, but if 95% of my patch upgrades work w/o intervention, I'll probably enable automatic updates.

As a refresher for others, a semantic version looks like this: X.Y.Z:

  • X - bump when breaking backwards compatibility
  • Y - bump for new features
  • Z - bump for bug fixes

You can always bump a "higher" version whenever you like (e.g. 2.0 may not break compatibility w/ 1.0), but never bump a lower version (i.e. bumping Z should never break backwards compatibility). A version bump generally indicates how much I should pay attention to the release notes.

[–] sugar_in_your_tea@sh.itjust.works 18 points 2 days ago (1 children)

Exactly. It has nothing to do with where they post it, but what their version numbers communicate. I should be able to blindly apply patch releases, and this breaks that.

I'm even okay with a minor release here. It was never advertised to work that way so removing it technically isn't a breaking change, but there is a known breakage here. I'm much more likely to read minor release notes than patch release notes, so I would likely see this warning if it was a minor release.

[–] slazer2au@lemmy.world 2 points 2 days ago (1 children)

Do you not normally read patch notes before patching?

[–] kata1yst@sh.itjust.works 18 points 1 day ago (1 children)

Fuck no, ain't nobody got time for that! My self hosted stack has 40+ services. I lock them to minor releases (where semvers are used), deploy blind with automation, and fire alerts when breakages occur, which is thankfully rarely.

What you're suggesting works for small, very carefully curated environments. I grew past that years ago and doubly so when I had kids.

[–] slazer2au@lemmy.world 4 points 1 day ago (1 children)

40? Kinda curious what you are running now.

[–] kata1yst@sh.itjust.works 8 points 1 day ago* (last edited 1 day ago) (3 children)

The general list:

  1. Immich
  2. Jellyfin
  3. Plex (deprecated but kept around for my plexpass using friends)
  4. Internet Radio (custom container)
  5. PBS kids downloader (custom container)
  6. Lidarr
  7. Sonarr
  8. Mylar
  9. Radar
  10. Prowlarr
  11. Open-Webui
  12. QBittorrent
  13. Sabnzbd
  14. Navidrome
  15. Synapse
  16. Element
  17. Forgejo
  18. Tdarr
  19. Calibre
  20. Calibre Web
  21. Tautulli
  22. Bazarr
  23. Syncthing
  24. LazyLibrarian
  25. Linkwarden
  26. Mealie
  27. GlueTun
  28. Kopia
  29. Home Assistant
  30. Music Assistant
  31. Blocky
  32. FoundryVTT
  33. Wireguard
  34. ArchiveTeam Warrior
  35. Traefik
  36. Docspell
  37. Birdcage (though I'm slowly replacing this with my own bird sound server)
  38. Frigate
  39. FreshRSS
  40. Ntfy
  41. Samba
  42. SearxNG
  43. CouchDB for Obsidian Self-Hosted LiveSync

With all the supporting services:

Server:
 Containers: 76
  Running: 74
  Paused: 0
  Stopped: 2
 Images: 92
[–] gccalvin@lemmy.world 3 points 1 day ago (1 children)

Could you please explain your use case for Music Assistant if you already have Jellyfin/Plex and Navidrome?

[–] kata1yst@sh.itjust.works 8 points 1 day ago (2 children)

Certainly!

Jellyfin I use for video content. I find its music functions lackluster.

Navidrome I use (and my family uses) for personal listening.

Music around the house, like on one or more of my casting capable speakers / tvs I use Music Assistant. Also let's me do automations easily, and doesn't tie up an android phones media's output. Struggled with earbuds while casting taking over audio for too long before deploying Music Assistant!

[–] Getting6409@lemm.ee 2 points 1 day ago (1 children)

If you're looking for more tinkering on the music around the house front, Lyrion music server + squeezelite players can be a very fun endeavor. I think it gets a little sketchy if you're favoring automation and casting, but as a network of players that will utilize a wide swath of hardware, it shines. I had a bunch of pi4s laying around and eventually repurposed them all into a multiroom audio gang.

[–] kata1yst@sh.itjust.works 2 points 1 day ago

Yeah Music Assistant uses Snapcast, which has been fun. I did try squeeze, but haven't had a reason to switch so far

[–] gccalvin@lemmy.world 2 points 1 day ago (1 children)

Thanks! I thought most people don't use navidrome if they have multiple users because they can't create user-specific playlists. Is this not the case? What music features do you find limiting on Jellyfin? Also, how did you get your family to switch off music streaming for your navidrome server?

[–] kata1yst@sh.itjust.works 1 points 1 day ago* (last edited 1 day ago)

The streaming was easy, just declared I wasn't paying for it anymore lol. We still have a crappy version of Spotify for free because of another service (ISP or phone plan something like that), but it's purely used as a backup.

Jellyfin's interface is a bit clunky as a music client in my experience. FinAmp looks cool but it's still early on.

Navidrome does smart playlist, crossfading, gapless, flac streaming, and flac to opus transcoding. Those are sorta my core requirements, and Navidrome + the clients we use handles them all with aplomb.

And actually that's another great feature I enjoy for Navidrome, there are dozens of excellent clients, so if one of them falls short for someone they can find one that they enjoy.

As for the user playlist thing... I haven't seen anything like that but maybe I'm misunderstanding.

[–] soulofdragnsfire@sh.itjust.works 2 points 1 day ago (2 children)

What's your hardware solution for that? I've reached the limit of my configuration and may need to look into more robust hardware (or moving things like jellyfin off to a dedicated machine)

[–] kata1yst@sh.itjust.works 2 points 1 day ago* (last edited 1 day ago)

It's old but fairly beefy. Most of the RAM is reserved for ZFS reads, but in reality theres tons of headroom.

CPU: 2x E5-2630L v2

Motherboard: Intel S2600CP

RAM: 16x8GB DDR3 1333 ECC

Disk:

  • 1x 500GB SSD OS
  • 1x 500GB SSD ZFS cache (L2ARC)
  • 45TB ZFS Mirror+Stripe pool (various sizes, 8 disks)

I'll probably be moving this to a cluster of mini computers whenever prices look right, just for power efficiency.

Minus the storage the box cost me about $600, mostly in RAM. The CPUs were like $20 each, the mobo was about $150, etc

[–] kata1yst@sh.itjust.works 1 points 1 day ago (2 children)

I will add, what helped me the most with Plex/Jellyfin load was using Tdarr to normalize my library's formats into something easy to direct stream to any device without transcoding.

[–] soulofdragnsfire@sh.itjust.works 1 points 1 day ago

I'll check out tdarr. If it's something I can configure to run overnight it probably would be worth the effort. Thanks!

[–] rumba@lemmy.zip 1 points 1 day ago (1 children)

I ran tdarr for a while, eventually I found for most things that it was faster (and better quality) to re-download in better formats than to re-encode.

[–] kata1yst@sh.itjust.works 2 points 1 day ago

That's fair!

[–] AtariDump@lemmy.world 1 points 1 day ago (1 children)

Tell me more about this PBS Kids downloaded (like where I might find it) 😁

[–] kata1yst@sh.itjust.works 2 points 1 day ago (3 children)

It's a crappy python script I packaged in a docker container lol. Turns out PBS kids uses an open unauthenticated CDN for serving videos to the website and apps.

I can share if you want, but it'll take me until tomorrow to make it public

[–] couch1potato@lemmy.dbzer0.com 1 points 1 day ago (1 children)

I'm also interested 🫡

[–] kata1yst@sh.itjust.works 1 points 1 day ago (1 children)
[–] couch1potato@lemmy.dbzer0.com 2 points 1 day ago (1 children)

So i got the container running, logs are showing the same error loop every couple of seconds. I'm wondering if it's because the video url don't match what's in your gitlab readme:

https://pbskids.org/videos/watch/design-squad-full-episodes/1385861/one-giant-leap-part-2-ep-409/35449

https://pbskids.org/videos/watch/cyberchase-full-episodes/1385841/if-you-cant-stand-the-heat/1568637

[–] kata1yst@sh.itjust.works 1 points 1 day ago (1 children)

Hmmm. I just double checked and my episodes are still downloading. But maybe newer shows have a different format... What's the exact error? I'll try to reproduce and fix.

[–] couch1potato@lemmy.dbzer0.com 2 points 1 day ago (1 children)

Ah. I just walked away from my computer for the day. I can check tomorrow.

[–] kata1yst@sh.itjust.works 1 points 1 day ago* (last edited 1 day ago) (1 children)

So I just spot checked. Both shows work, you just have to not click an episode anymore.

E.g, https://pbskids.org/videos/design-squad -> design-squad

Thank you for telling me, I'll update the readme

[–] couch1potato@lemmy.dbzer0.com 2 points 1 day ago

Ah cool. Thanks for checking it out.