this post was submitted on 01 Apr 2026
466 points (98.7% liked)

Selfhosted

60482 readers
459 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] atzanteol@sh.itjust.works 11 points 3 months ago* (last edited 3 months ago) (2 children)

Y'all are assuming the security issue is something exploitable without authentication or has something to do with auth.

But it it could be a supply chain issue which a VPN won't protect you from.

[–] WhyJiffie@sh.itjust.works 4 points 3 months ago (1 children)

to be fair, Jellyfin had multiple unauthenticated vulnerabilities in the past so it makes sense to talk about it

[–] possiblylinux127@lemmy.zip 1 points 3 months ago

The design of Jellyfin is really insecure

[–] possiblylinux127@lemmy.zip 0 points 3 months ago

It isn't a supply chain attack. If it was they would've disclosed it mmediately instead of waiting.