01·
3 months agoNo… because more people would be working on it.
- 0 Posts
- 6 Comments
Joined 3 years ago
Cake day: June 12th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
They are not marked as resolved.
That only works if the plugins are somehow accessible through an api controller, which as far as I’m aware, is not how jellyfin plugins work. So no, it wouldn’t increase your attack surface at all.
Aside from most of those being “potential issues”, which weren’t proven, the rest are GETs of things that do not need to be secret, things like album art and list of installed plugins. Besides the one plugin issue, which was an actual security issue, which was fixed over a year and a half ago. https://github.com/jellyfin/jellyfin/pull/11436
Contrast that with Plex which has numerous high severity CVEs that include things like remote code execution, directory traversal, and more.
Please do explain or link sources to what you think are “security holes”.
I thought it was only voice though. Not screen share or chat.