I don’t know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Scary le Poo · 2 days ago

I don’t know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Saik0 · 1 day ago

Nothing about this is hacking. They’re not defeating any authentication mechanism to scan your system. That’s the whole problem here. Nothing illegal about running a crawler/scanner service.

The fact that you have their content publicly accessible is not a “bad case” at all. Open FTP sites were sued plenty. It may be a bit harder to prove distribution intentions… but wouldn’t be hard to make a case that you violated copyright for the content they could enumerate.

Flax · 23 hours ago

It’s not publicly accessible, though. An account is clearly needed.

Saik0 · 19 hours ago

No… that’s the point of this thread. There is no requirement to login in order to manually access endpoints. Up to and including pulling video data.

I don’t know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

I don’t know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Collection of potential security issues in Jellyfin · Issue #5415 · jellyfin/jellyfin