thanks; for anyone looking, the issues have been split out at the bottom, none of them are addressed as of this writing. I don’t know that I feel like they are that serious (most of them allow you to play things if you know an ID), but they are the kind of thing you’d see in a project where there are bigger security issues.

What security gaps in particular? I did have to reverse proxy to get it to https, are there additional security issues?

I find the clients ok, not great, but I haven’t explored that space much, there are many more options than Plex. Plex seems to be making theirs worse. It actually seems like Plex tries to make my content in their client harder to find.

The real issue is jellyfin is not as good at finding metadata. I’ve overcome this with tinymediamanager, but it still isn’t as good.

For secure remote streaming, I’ve got mine behind caddy with https (caddy does the let’s encrypt dance it’s really pleasant, even works with my free DNS provider), which seems about as secure as Plex was. Are there other security aspects I’m missing that Plex provides?