From 776587169cba9e345fcbc9e54f82675fd10e9eb2 Mon Sep 17 00:00:00 2001 From: Parth Jadhav Date: Fri, 6 Oct 2023 05:20:14 +0530 Subject: [PATCH] Update Jellyfin to v10.8.11 (#796) Co-authored-by: nmfretz --- jellyfin/docker-compose.yml | 2 +- jellyfin/umbrel-app.yml | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/jellyfin/docker-compose.yml b/jellyfin/docker-compose.yml index ee27961..535c2c1 100644 --- a/jellyfin/docker-compose.yml +++ b/jellyfin/docker-compose.yml @@ -8,7 +8,7 @@ services: PROXY_AUTH_ADD: "false" server: - image: linuxserver/jellyfin:10.8.10@sha256:6d425c0a3bcc8a4e13e994ffd728c866c261548ff30c2b22dd095ef57a2bfbbf + image: linuxserver/jellyfin:10.8.11@sha256:09bd29e51d205076ee5027d9828359112b8d091c8324610f43beb438f1f94131 restart: on-failure hostname: "${DEVICE_HOSTNAME}" environment: diff --git a/jellyfin/umbrel-app.yml b/jellyfin/umbrel-app.yml index 03f0355..336b5ed 100644 --- a/jellyfin/umbrel-app.yml +++ b/jellyfin/umbrel-app.yml @@ -2,7 +2,7 @@ manifestVersion: 1 id: jellyfin category: media name: Jellyfin -version: "10.8.10" +version: "10.8.11" tagline: The Free Software Media System description: >- Jellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached. Your media, your server, your way. @@ -32,10 +32,16 @@ path: "" defaultUsername: "" defaultPassword: "" releaseNotes: >- - ⚠️ CRITICAL SECURITY ADVISORY: There's a significant security issue in previous versions, where two vulnerabilities can be paired to allow any Jellyfin user, even those without admin rights, to remotely control the system. One of these issues has been around since the 10.8.0 release, while the other has been present in all versions of Jellyfin up to now. It's essential for all Jellyfin administrators to update to this version, especially if they have untrusted users or if their Jellyfin is accessible on the Internet. + ⚠️ PREVIOUS CRITICAL SECURITY ADVISORY: For user's still running Jellyfin version 10.8.9 and below, please update Jellyfin immediately. + There is a significant security issue in previous versions, where two vulnerabilities can be paired to allow any Jellyfin user, even those without admin rights, to remotely control the system. + One of these issues has been around since the 10.8.0 release, while the other has been present in all versions of Jellyfin up to now. It's essential for all Jellyfin administrators to update to this version, + especially if they have untrusted users or if their Jellyfin is accessible on the Internet. + + This update is a hotfix release with no new features or major improvements. + - Full changelogs for Jellyfin releases can be found here: https://github.com/jellyfin/jellyfin/releases + Full release notes can be found here: https://github.com/jellyfin/jellyfin/releases torOnly: false permissions: - STORAGE_DOWNLOADS