this post was submitted on 01 Apr 2026
658 points (99.1% liked)

Selfhosted

58212 readers
596 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
658
Jellyfin critical security update - This is not a joke (github.com)
submitted 4 days ago by Mubelotix@jlai.lu to c/selfhosted@lemmy.world
233 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] psoul@lemmy.world 4 points 4 days ago (2 children)

I indeed use a container. Wasn’t familiar with the update process for containers but now know how to do it.

[–] ButtDrugs@lemmy.zip 5 points 3 days ago

There's a lot of good container management solutions out there that are worth investigating. They do things like monitor availability, resource management, as well as altering on versioning.

[–] quick_snail@feddit.nl -5 points 3 days ago (2 children)

Lol it's already insecure then. Don't bother.

[–] mic_check_one_two@lemmy.dbzer0.com 3 points 3 days ago* (last edited 3 days ago) (1 children)

Implying you have access to some major Docker 0-day exploit, or just talking out of your ass? Because a container is no more or less secure than the machine it runs on. At least if a container gets compromised, it only has access to the volumes you have specifically given it access to. It can’t just run rampant on your entire system, because you haven’t (or at least shouldn’t have) given it access to your entire system.

[–] quick_snail@feddit.nl -1 points 3 days ago (2 children)

Docker is known insecure. It doesn't verify any layers it pulls cryptography. The devs are aware. The tickets remain open.

[–] psoul@lemmy.world 1 points 3 days ago (1 children)

I don't know if I remember correctly but I could not install Jellyfin on the latest Ubuntu server version. I had to use docker to get Jellyfin running.

[–] quick_snail@feddit.nl 1 points 1 day ago

Jellyfin has a Debian repo. Worked fine on Debian 12 and 13.

[–] def@aussie.zone 1 points 3 days ago (1 children)

If that is indeed true it would only mean that the docker container is vulnerable to a supply chain attack. You are not any more vulnerable to a vulnerability in the codebase.

If you’re using the ghcr image, to post malicious code there, the attack would have already had to compromise their github infra … which would likely result in the attacker being able to push malicious code to git or publish malicious releases. Their linux distro packages are self published via a ppa/install script, which I would assume just pull from their github releases, so a bad github release would immediately be pulled as an update by users just as fast as a container.

[–] quick_snail@feddit.nl 1 points 1 day ago

No, it's also vulnerable to a targeted mitm attack. Github can be unaffected and you can get a malicious version on your server.

[–] mpramann@discuss.tchncs.de 2 points 3 days ago

Insane way of thinking.