ElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 21 days agoJellyfin critical security update - This is not a jokegithub.comexternal-linkmessage-square256fedilinkarrow-up1704arrow-down17
arrow-up1697arrow-down1external-linkJellyfin critical security update - This is not a jokegithub.comElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 21 days agomessage-square256fedilink
minus-squareburghler@sh.itjust.workslinkfedilinkEnglisharrow-up39·21 days agoWonder if it’s the Axios one. Sounds like it isn’t from their description though hmm
minus-squaredoeknius_gloek@discuss.tchncs.delinkfedilinkEnglisharrow-up24·21 days agoI don’t think so, the previous release 10.11.6 is a few months old and the axios supply chain attack happened yesterday.
minus-squareStrit@lemmy.linuxuserspace.showlinkfedilinkEnglisharrow-up13·21 days agoSo lets hope this 10.11.7 is not subject to the axios one. :)
minus-squarerollerbang@lemmy.worldlinkfedilinkEnglisharrow-up13·21 days agoDiff agrees, not likely. Might be permisson related, elevation of privileges.
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up2arrow-down2·21 days agoAxios is a Javascript library and Jellyfin is written in C#.
minus-squaredvlsg@lemmy.worldlinkfedilinkEnglisharrow-up8·edit-221 days agoTrue, but there is a web frontend. Possible it could be using npm and axios somewhere in there. I still doubt it. But it could happen.
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up2arrow-down5·21 days agoThe web server is in C#. It’s open source lol, I’m looking at the code and there’s no JavaScript.
minus-squareElectricVocalist@jlai.luOPlinkfedilinkEnglisharrow-up10·21 days agoLook better https://github.com/jellyfin/jellyfin-web
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up3arrow-down1·21 days agoThat’s awkward. I didn’t know that was in a separate repo.
Wonder if it’s the Axios one. Sounds like it isn’t from their description though hmm
I don’t think so, the previous release 10.11.6 is a few months old and the axios supply chain attack happened yesterday.
So lets hope this 10.11.7 is not subject to the axios one. :)
Diff agrees, not likely. Might be permisson related, elevation of privileges.
Axios is a Javascript library and Jellyfin is written in C#.
True, but there is a web frontend. Possible it could be using npm and axios somewhere in there.
I still doubt it. But it could happen.
The web server is in C#. It’s open source lol, I’m looking at the code and there’s no JavaScript.
Look better https://github.com/jellyfin/jellyfin-web
That’s awkward. I didn’t know that was in a separate repo.
deleted by creator