🚀 Jellyfin Server 10.11.7
We are pleased to announce the latest stable release of Jellyfin, version 10.11.7! This minor release brings several bugfixes to improve your Jellyfin experience. As alway...
Its the only software project I know of that you can’t put behind http basic auth. They mark this bug as “wontfix” every time someone points it out to them
Ok, I’ll look it up anyway. Under the jellyfin repository, there were eight results, none of which seemed to describe what you meant, and under the jellyfin-web repository, there were none. Using a web crawler search, I was able to find Issue #123 for jellyfin-android
Unlike custom implemented logins. So it’s common to use basic auth in front of custom auth implementations. So even when the app has a login vuln, you’re safe.
Yes that ticket is one of many.
Try searching the repo. Make sure to backspace out the prefix that ignores closed tickets.
That’s exactly how I searched.
If you want security, it’s probably best to follow the Unix philosophy of do one thing and do it well. In other words, don’t trust someone building a media server to handle auth and instead use the OIDC or LDAP plugins.
Search for “basic auth”
Its the only software project I know of that you can’t put behind http basic auth. They mark this bug as “wontfix” every time someone points it out to them
Basic auth? The insecure authentication method?
Ok, I’ll look it up anyway. Under the jellyfin repository, there were eight results, none of which seemed to describe what you meant, and under the jellyfin-web repository, there were none. Using a web crawler search, I was able to find Issue #123 for jellyfin-android
Is that it?
Basic auth is very secure.
Unlike custom implemented logins. So it’s common to use basic auth in front of custom auth implementations. So even when the app has a login vuln, you’re safe.
Yes that ticket is one of many.
Try searching the repo. Make sure to backspace out the prefix that ignores closed tickets.
That’s exactly how I searched. If you want security, it’s probably best to follow the Unix philosophy of do one thing and do it well. In other words, don’t trust someone building a media server to handle auth and instead use the OIDC or LDAP plugins.