ElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 3 months agoJellyfin critical security update - This is not a jokegithub.comexternal-linkmessage-square255linkfedilinkarrow-up1715
arrow-up1715external-linkJellyfin critical security update - This is not a jokegithub.comElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 3 months agomessage-square255linkfedilink
minus-squareburghler@sh.itjust.workscakelinkfedilinkEnglisharrow-up41·3 months agoWonder if it’s the Axios one. Sounds like it isn’t from their description though hmm
minus-squaredoeknius_gloek@discuss.tchncs.delinkfedilinkEnglisharrow-up24·3 months agoI don’t think so, the previous release 10.11.6 is a few months old and the axios supply chain attack happened yesterday.
minus-squareStrit@lemmy.linuxuserspace.showlinkfedilinkEnglisharrow-up13·3 months agoSo lets hope this 10.11.7 is not subject to the axios one. :)
minus-squarerollerbang@lemmy.worldlinkfedilinkEnglisharrow-up13·3 months agoDiff agrees, not likely. Might be permisson related, elevation of privileges.
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up2·3 months agoAxios is a Javascript library and Jellyfin is written in C#.
minus-squaredvlsg@lemmy.worldlinkfedilinkEnglisharrow-up8·3 months agoTrue, but there is a web frontend. Possible it could be using npm and axios somewhere in there. I still doubt it. But it could happen.
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up2·3 months agoThe web server is in C#. It’s open source lol, I’m looking at the code and there’s no JavaScript.
minus-squareElectricVocalist@jlai.luOPlinkfedilinkEnglisharrow-up10·3 months agoLook better https://github.com/jellyfin/jellyfin-web
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up3·3 months agoThat’s awkward. I didn’t know that was in a separate repo.
Wonder if it’s the Axios one. Sounds like it isn’t from their description though hmm
I don’t think so, the previous release 10.11.6 is a few months old and the axios supply chain attack happened yesterday.
So lets hope this 10.11.7 is not subject to the axios one. :)
Diff agrees, not likely. Might be permisson related, elevation of privileges.
Axios is a Javascript library and Jellyfin is written in C#.
True, but there is a web frontend. Possible it could be using npm and axios somewhere in there.
I still doubt it. But it could happen.
The web server is in C#. It’s open source lol, I’m looking at the code and there’s no JavaScript.
Look better https://github.com/jellyfin/jellyfin-web
That’s awkward. I didn’t know that was in a separate repo.
deleted by creator