Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability.
The company has yet to assign a CVE-ID to track the flaw and didn’t provide additional details regarding the patch, only saying that it impacts Plex Media Server versions 1.41.7.x to 1.42.0.x.
Patch it to Jellyfin 10.10.7.
I did this a few months back.
Some things aren’t as great, but you get full control and your server idles way better on JellyFin.
Yeah, as long as you have a decently supported client the entire platform is very serviceable. I do wish they would get rid of the unprotected endpoints and officially support 2FA on the server and clients.
For all their anti-consumer practices Plex does at least take their security very seriously.
I posted a while back, tested the biggest open endpoints and they were properly secured, the issues just weren’t updated.
Note: Plex didn’t have SSL, and refused to implement it, until ~6 weeks after I created a POC token exploit. Here’s the GitHub repo I posted as a patch before they got their system in order: https://github.com/Fmstrat/plex-ssl. In other words, don’t give them too much credit.
I’m on Jellyfin as they banned Hetzner.
Should clarify Plex banned using Hetzner :)
https://torrentfreak.com/plex-will-block-media-servers-at-prevalent-hosting-company-230915/
There’s the story but there’s not much tea.
I’m guessing there were just enough complaints and Hetzner refused to take anything down.
Really bizarre to license people self-hosting software and then refuse them from hosting it in certain places over what content they choose to put up.
I wonder if they’ll just roll through all the VPS now.
i’m ootl; how was plex able to ban them? isn’t hetzner just a vps provider? (not questioning you; just curious)
Plex blocked Hetzner IPs, so servers hosted there can’t reach plex.tv to auth users or validate plex pass.
I’ve been using a reverse proxy on a Hetzner VPS pointing at my home plex server for years without issue. Maybe this only applies to people running the actual Plex software on a Hetzner VPS?
Yeah, your home server is still able to reach plex.tv so there’s no problem there.
It’s people actually hosting there that got screwed over.
that’s wild :o
That’s what you get for using anything that doesn’t work fully offline. Seriously people still defending Plex and not seeing that it will bite them back sooner or later are delusional.
Given that hardware doesn’t die, my Jellyfin will probably work until the heat death of the universe.
Who the fuck still uses plex?
How is this a useful comment?
I still use Plex because I have a lifetime pass from many years ago and Jellyfin isn’t yet as feature-rich and accessible on all of my family’s devices.
I expect to someday migrate fully to Jellyfin once Plex is enshittified to the point is being a worse experience, but that hasn’t happened yet (with the Plex pass anyway)
I’ve never used Plex. What are some of the features that you’re missing in Jellyfin? Genuinely curious.
Honestly the primary reason is some specific device support, eg. my TV has a built in Plex app but not a Jellyfin app, so switching also probably involves new hardware. I also couldn’t get Jellyfin to work with another TV using Chromecast, but I’m getting rid of that anyway.
Otherwise, maybe you can update me on these since it’s been a few since I last tried Jellyfin, some of the things that come to mind are:
- Smart collections & playlists
- Skip intros and credits
- Overall slick UI
What’s the app/smart device adoption like for jellyfin these days? Plex usage for clients is really smooth. Plex comes preloaded on so many smart devices and the app ecosystem is dead simple. I can’t imagine having to walk my family and friends through setting up jellyfin.
From what I’ve gathered in other posts regarding Plex and jellyfin, the ones that never learned how to port forward or any other alternative solution for getting external traffic to their internal server. All the complaints I’ve read here regarding jellyfin boiled down to them relying on the Plex relay to handle the traffic for them.
Anecdote but ive been hosting Plex for family members for 10+ years. I tried the Jellyfin switch. Compared to Plex the Jellyfin apps are pretty bad, and I had a ton of performance problems with the remote streaming as well. Its just not ready for that use case. Family members begged me to go back to Plex.
My family at home and myself, we are using Jellyfin currently. It works OK for home use but there are days I want to go back to Plex. Its just a more polished experience.
Until jellyfin has a secure, robust, one click solution for sharing over the web plex will be supreme for family and friends access
if it’s just family and friends you care about, it was pretty easy for me to set up a jellyfin server at home and point a really small virtualhost on a server mapped to a domain name with a reverse proxy to my home ip and then just opening up the jellyfin port on my router. this was literally just for my mum and dad and brother so ymmv.
LMAO. Those are all words I’ve heard before, but that sounds waaaaay over my head!
“pretty easy” is a bit of a stretch
We have different definitions of pretty easy, I said one-click
sorry i thought you meant one click for family and friends to get on not initial setup.
Use wireguard or Tailscale.
This really isn’t viable as WireGuard clients are just that, single device per client connection, what if someone started watching/listening content on their phone then all of sudden wanted to switch over to their TV or streaming device without having to go through a lot of hoops?
I opted to reverse proxy Jellyfin with Traefik however have fail2ban setup blocking every IP and only whitelisting the known users, added bonus of hiding Jellyfin’s default login form and required Keycloak for SSO.
deleted by creator
What if they watch from their phones cell data or while traveling?
Jellyfin thankfully lets you download content offline alternatively they just text me the IP and I whitelist it then blacklist it a week later, granted if I remember.
People who bought the lifetime Plex pass, and have a huge group of friends and family already connected to their servers.
Didn’t stop me.
Nice anecdote.
Didn’t stop me, either.
In fact, Jellyseerr is a game changer. Wanna talk about it?
