ElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 2 months agoJellyfin critical security update - This is not a jokegithub.comexternal-linkmessage-square255linkfedilinkarrow-up1713
arrow-up1713external-linkJellyfin critical security update - This is not a jokegithub.comElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 2 months agomessage-square255linkfedilink
minus-squareburghler@sh.itjust.workslinkfedilinkEnglisharrow-up41·2 months agoWonder if it’s the Axios one. Sounds like it isn’t from their description though hmm
minus-squaredoeknius_gloek@discuss.tchncs.delinkfedilinkEnglisharrow-up24·2 months agoI don’t think so, the previous release 10.11.6 is a few months old and the axios supply chain attack happened yesterday.
minus-squareStrit@lemmy.linuxuserspace.showlinkfedilinkEnglisharrow-up13·2 months agoSo lets hope this 10.11.7 is not subject to the axios one. :)
minus-squarerollerbang@lemmy.worldlinkfedilinkEnglisharrow-up13·2 months agoDiff agrees, not likely. Might be permisson related, elevation of privileges.
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up2·2 months agoAxios is a Javascript library and Jellyfin is written in C#.
minus-squaredvlsg@lemmy.worldlinkfedilinkEnglisharrow-up8·2 months agoTrue, but there is a web frontend. Possible it could be using npm and axios somewhere in there. I still doubt it. But it could happen.
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up2·2 months agoThe web server is in C#. It’s open source lol, I’m looking at the code and there’s no JavaScript.
minus-squareElectricVocalist@jlai.luOPlinkfedilinkEnglisharrow-up10·2 months agoLook better https://github.com/jellyfin/jellyfin-web
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up3·2 months agoThat’s awkward. I didn’t know that was in a separate repo.
Wonder if it’s the Axios one. Sounds like it isn’t from their description though hmm
I don’t think so, the previous release 10.11.6 is a few months old and the axios supply chain attack happened yesterday.
So lets hope this 10.11.7 is not subject to the axios one. :)
Diff agrees, not likely. Might be permisson related, elevation of privileges.
Axios is a Javascript library and Jellyfin is written in C#.
True, but there is a web frontend. Possible it could be using npm and axios somewhere in there.
I still doubt it. But it could happen.
The web server is in C#. It’s open source lol, I’m looking at the code and there’s no JavaScript.
Look better https://github.com/jellyfin/jellyfin-web
That’s awkward. I didn’t know that was in a separate repo.
deleted by creator