Mubelotix@jlai.lu to Selfhosted@lemmy.worldEnglish · 4 天前Jellyfin critical security update - This is not a jokegithub.comexternal-linkmessage-square251fedilinkarrow-up1706arrow-down16 cross-posted to: piracy@lemmy.dbzer0.com
arrow-up1700arrow-down1external-linkJellyfin critical security update - This is not a jokegithub.comMubelotix@jlai.lu to Selfhosted@lemmy.worldEnglish · 4 天前message-square251fedilink cross-posted to: piracy@lemmy.dbzer0.com
minus-squarerumba@lemmy.ziplinkfedilinkEnglisharrow-up2·3 天前Biggest worry is someone finding an uncaught RCE. Of course plugins also have surface area. We know they can anon pull video. You can sandbox it to limit exposure. But if they modify the web client with an RCE, then you hit your own server as a trusted site and that delivers a payload…
Biggest worry is someone finding an uncaught RCE.
Of course plugins also have surface area.
We know they can anon pull video. You can sandbox it to limit exposure.
But if they modify the web client with an RCE, then you hit your own server as a trusted site and that delivers a payload…