diff --git a/jellyfin/docker-compose.yml b/jellyfin/docker-compose.yml
index cd429a3..ee27961 100644
--- a/jellyfin/docker-compose.yml
+++ b/jellyfin/docker-compose.yml
@@ -8,7 +8,7 @@ services:
       PROXY_AUTH_ADD: "false"
 
   server:
-    image: linuxserver/jellyfin:10.8.9@sha256:af281e1b23198076a2ce848d710e8c7ee6f96134d18c61e9c23128e3419d9e86
+    image: linuxserver/jellyfin:10.8.10@sha256:6d425c0a3bcc8a4e13e994ffd728c866c261548ff30c2b22dd095ef57a2bfbbf
     restart: on-failure
     hostname: "${DEVICE_HOSTNAME}"
     environment:
diff --git a/jellyfin/umbrel-app.yml b/jellyfin/umbrel-app.yml
index 6a5a0b5..03f0355 100644
--- a/jellyfin/umbrel-app.yml
+++ b/jellyfin/umbrel-app.yml
@@ -2,7 +2,7 @@ manifestVersion: 1
 id: jellyfin
 category: media
 name: Jellyfin
-version: "10.8.9"
+version: "10.8.10"
 tagline: The Free Software Media System
 description: >-
   Jellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached. Your media, your server, your way.
@@ -32,7 +32,7 @@ path: ""
 defaultUsername: ""
 defaultPassword: ""
 releaseNotes: >-
-  Updates Jellyfin from version 10.8.4 to 10.8.9. This update includes a series of stable hotfix releases that improve the overall performance, stability, and functionality of Jellyfin.
+  ⚠️ CRITICAL SECURITY ADVISORY: There's a significant security issue in previous versions, where two vulnerabilities can be paired to allow any Jellyfin user, even those without admin rights, to remotely control the system. One of these issues has been around since the 10.8.0 release, while the other has been present in all versions of Jellyfin up to now. It's essential for all Jellyfin administrators to update to this version, especially if they have untrusted users or if their Jellyfin is accessible on the Internet.
   
 
   Full changelogs for Jellyfin releases can be found here: https://github.com/jellyfin/jellyfin/releases