this post was submitted on 01 Apr 2026
703 points (98.9% liked)

Selfhosted

60177 readers
716 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
703
Jellyfin critical security update - This is not a joke (github.com)
submitted 2 months ago by Mubelotix@jlai.lu to c/selfhosted@lemmy.world
260 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Damarus@feddit.org 1 points 2 months ago (1 children)

I'm not running my stuff as root if I don't have to. You're moving goalposts

[–] WhyJiffie@sh.itjust.works 0 points 2 months ago (1 children)

"if I don't have to". and, is your jellyfin running as root? or are you running it a different way, e.g. from apt package (where I believe it's sensible by default)? I smell doubt.

but in either case it does not matter how do you run jellyfin. what I care is how many other people are running jellyfin exposed to the internet because they think its safe, because people on forums told them so, with the popular docker image where it is being ran as root.

I'm not moving goalposts. I'm still firmly besides my point that for the general jellyfin admin exposing jellyfin to the wide internet is unsafe and irresponsible. and seeing all the downvotes but no one else telling their opinion, it seems no one knows better either and they are just angry I pointed this out.
again, I don't care how are you running Jellyfin. I don't want to convince you on that, you do whats best for you, it seems you might have done some precautions. what I care is to not recommend these practices to others (without the full picture), because they are unsafe, especially without further precautions like running a(n unofficial) rootless jellyfin docker image and an intrusion detection system, which I guarantee most people won't have.

[–] Damarus@feddit.org 0 points 2 months ago (1 children)

I had my fun with you but this is becoming increasingly annoying

[–] WhyJiffie@sh.itjust.works 1 points 2 months ago

Unfortunately I didn't have much fun, but good to know you were only here to stir up shit and have "fun", while spreading bad advice.