this post was submitted on 28 Nov 2025
561 points (98.3% liked)

Selfhosted

60542 readers
1436 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the link in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post. )

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Plex is starting to enforce its new rules, which prevent users from remotely accessing a personal media server without a subscription fee.

If anyone needs it: https://jellyfin.org/

you are viewing a single comment's thread
view the rest of the comments
[–] Cocodapuf@lemmy.world 3 points 7 months ago (1 children)

list of installed plugins.

Yeah, as you said, that's a pretty serious security issue. That's a data leak that explicitly lays out the shape of your attack surface. It tells the attacker exactly what additional software your server is running and if any of it includes known vulnerabilities, the attacker now knows how to gain access.

[–] tyler@programming.dev 0 points 7 months ago

That only works if the plugins are somehow accessible through an api controller, which as far as I’m aware, is not how jellyfin plugins work. So no, it wouldn’t increase your attack surface at all.