~~Many of these have already been fixed FWIW, it's not a collection of open issues.~~ Nevermind, they have only been closed, not fixed. Yikes.
this post was submitted on 02 Apr 2025
215 points (100.0% liked)
Technology
38432 readers
479 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 3 years ago
MODERATORS
No. None of the items are closed. Click the "closed" items. All of them are "Not planned. Duplicate, see 5415".
Edit: The biggest issue of unauthenticated streaming of content... https://github.com/jellyfin/jellyfin/issues/13777
Last opened last week. closed as duplicate. it's unaddressed completely.
That's really sad. Damn, how disappointing.
PluginsController only requires user privileges for potentially sensitive actions
- Includes, but is not limited to: Listing all plugins on the server without being admin, changing plugin settings, listing plugin settings without being admin. This includes the possibility of retrieving LDAP access credentials without admin privileges.
Outch
I remember when they were arguing that you don't need a VPN or proxy basic authentication in front of it because their team knows how to write secure code...
There's a bug (closed as won't fix) where proxy basic authentication breaks jellyfin. You can't use it.
For those unaware, it's a good idea to be using a service like tailscale (self hosted=headscale if you don't want to make your login credentials tied to apple, google, or Microsoft). It's a VPN but a lot simpler to use.
I dont know what that means.
Can I use that in addition to another VPN on mobile?
Afaik android doesn't allow two VPNs at the same time. If you have a VPN back to your home already, like via your router, you don't need tailscale although I'd argue it's still better.
If you mean a VPN like mullvad, afaik you can't mullvad and tailscale at the same time. I may be wrong but I gave up on global VPNs a while ago.
You can, its an option if you use tailscale. https://tailscale.com/mullvad
Also look into using tailscale lock to secure things more if you do decide to use it
Oh right I forgot about that, cool. Should see if you can do this with headscale (ie client feature vs server feature)
I'm not sure who needs to hear this, but unless you work as a security engineer or in another security-focused tech field, you really shouldn't be exposing your homelab to the open internet anyway
Most people access their homelabs via VPN - i don't see anything here that's a problem for that use-case.
load more comments
(6 replies)
view more: next ›