Lot’s of things have been fixed but theres still much to do. The issue was broken down to smaller issues for tracking and I check back every once in a while.
Even if there were no security issues, exposing jellyfin is also another can… choice of:
open up ports
cloudflare (and potential ban for video content on the free tier, even if caching is disabled)
I think the difference is Plex offers a web address you can use for logging into Plex and for sharing it with others. So, you get a friendly admin interface with oauth for logging in from other popular services as the Plex user getting setup.
Any particular API security issues? Never considered exposing Jellyfin, but can certainly understand how it simplifies access.
This was the security report from awhile back:
https://github.com/jellyfin/jellyfin/issues/5415
Lot’s of things have been fixed but theres still much to do. The issue was broken down to smaller issues for tracking and I check back every once in a while.
Even if there were no security issues, exposing jellyfin is also another can… choice of:
Don’t you have to open a port for Plex remote access?
I think the difference is Plex offers a web address you can use for logging into Plex and for sharing it with others. So, you get a friendly admin interface with oauth for logging in from other popular services as the Plex user getting setup.
You do not but you’ll be severely bandwidth limited. It’ll go through their servers if a port can’t be opened.
Oh I forgot about that option
That sounds like you do have to open one then? Otherwise you are “severely bandwidth limited” and who wants that?
https://sh.itjust.works/comment/25489149