this post was submitted on 28 Nov 2025
566 points (98.3% liked)

Selfhosted

53631 readers
767 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
566
Plex’s crackdown on free remote streaming access starts this week - Ars Technica (arstechnica.com)
submitted 2 weeks ago by otters_raft@lemmy.ca to c/selfhosted@lemmy.world
294 comments fedilink hide all child comments
 

Plex is starting to enforce its new rules, which prevent users from remotely accessing a personal media server without a subscription fee.

If anyone needs it: https://jellyfin.org/

you are viewing a single comment's thread
view the rest of the comments
[–] roofuskit@lemmy.world 16 points 2 weeks ago* (last edited 2 weeks ago) (11 children)

It has several unsecured endpoints.

https://github.com/jellyfin/jellyfin/issues/5415

If you read the comments the devs know it's a serious issue but don't want to break backwards compatibility fixing them. Their solution for now is to warn people of the risks of exposing their instance to the Web. Which I don't think they're doing a great job of.

[–] tyler@programming.dev 17 points 2 weeks ago (8 children)

Aside from most of those being “potential issues”, which weren’t proven, the rest are GETs of things that do not need to be secret, things like album art and list of installed plugins. Besides the one plugin issue, which was an actual security issue, which was fixed over a year and a half ago. https://github.com/jellyfin/jellyfin/pull/11436

Contrast that with Plex which has numerous high severity CVEs that include things like remote code execution, directory traversal, and more.

[–] fartsparkles@lemmy.world 3 points 2 weeks ago (3 children)

You’re aware those CVEs are only relevant for ancient versions of Plex and were fixed long ago?

[–] Mondez 1 points 2 weeks ago

Those are the the ones that somone has managed to find in closed source software...

load more comments (2 replies)
load more comments (6 replies)
load more comments (8 replies)