We have recently experienced a security incident that may potentially involve your Plex account information. We believe the actual impact of this incident is limited; however, action is required from you to ensure your account remains secure. What happened An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication ...
What about the pwned users of Jellyfin that have unknowingly had security holes for 5 years because Jellyfin doesn’t care enough to even put a banner in their settings to say it’s not secure?
What security holes? I think the bigger problem here is relying on a media platform to also maintain security protocols. Use authelia or plug some other well maintained and hardened security mechanism on top of jellyfin. Then put it in front of everything else like the arrs, etc. Its weird to me to just setup jellyfin, make it Internet facing, and believing everything is just gonna be safe and secure with no issue. Frankly id prefer if all these services came without security. Its a royal pain to bypass it for localhost or proxying with something like authelia.