Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.
-
AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
I just validated that the latest version of the LDAP privilege escalation issue is not an issue anymore. The
curlscript is in the ticket.This was the one where a standard user could get plugin credentials, such as the LDAP bind user, and change the LDAP endpoint. I.E., bad.
I chose this one because after going through all of them, it was the only one that allowed access to something that wasn't just data in Jellyfin.
So for me, security is less of an issue knowing that, as only family use the service, and the remaining issues all require a logged in user (hit admin endpoint with user token).
Plus, I tried a few of those and they were also fixed, just not documented yet. I didn't add to those tickets because I was not as formal with my testing.
@EncryptKeeper@lemmy.world