Thank you for posting this. I tend to get a lot of my opensource project info from Lemmy so people who take the time to post it are awesome.
Just updated my home instance. Can confirm that 10.11.7 is available in the Debian repos and the update went perfect. I got a new kernel in the same update : D
Hi!
So I installed jellyfin on Bazzite as per this video.
But he didn’t explain how to update the server. Could you maybe tell me how you did it with your server? Maybe it could help me figure out how to update mine as well.
Poke around through the dash. I imagine it’s in the GUI there. Probably under a menu like ‘system’ or ‘about’.
Thanks for the reply!
Sadly I can’t find anything, unless I am super blind.
Ahh bummer. Not sure exactly then. Might have to hop in the terminal and try an
--updateor find an equivalent with--help. The documentation in the git repo should tell you if nothing else.podman stop jellyfin (podman ps to get the actual name of the jellyfin container)
podman rm jellyfin
podman pull docker.io/jellyfin/jellyfin:latest
systemctl restart jellyfin.container (or whatever you called your unit when you set it up)
This suggestion from another commenter worked! Apparently quadlets work with Podman in the background.
Ahh baller man. Glad you got it sorted! And thanks for sharing the fix
You can always tell who does real IT work in these threads lol
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters Git Popular version control system, primarily for code HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NFS Network File System, a Unix-based file-sharing protocol known for performance and efficiency Plex Brand of media server package RPi Raspberry Pi brand of SBC SBC Single-Board Computer SMB Server Message Block protocol for file and printer sharing; Windows-native SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting) nginx Popular HTTP server
12 acronyms in this thread; the most compressed thread commented on today has 17 acronyms.
[Thread #203 for this comm, first seen 1st Apr 2026, 09:50] [FAQ] [Full list] [Contact] [Source code]
Wonder if it’s the Axios one. Sounds like it isn’t from their description though hmm
Axios is a Javascript library and Jellyfin is written in C#.
True, but there is a web frontend. Possible it could be using npm and axios somewhere in there.
I still doubt it. But it could happen.
The web server is in C#. It’s open source lol, I’m looking at the code and there’s no JavaScript.
Look better https://github.com/jellyfin/jellyfin-web
That’s awkward. I didn’t know that was in a separate repo.
Don’t expose jellyfin to the internet is a golden rule.
That’s never made sense to me; why build an authn frontend instead of just clicking your user if the security is just an illusion anyways. “Use a VPN” is fine for a mainframe, but an active project in 2026 should aspire to be better.
Edit: or make note of that on their several pages with reverse proxy configuration.
Examples dating back over six years https://github.com/jellyfin/jellyfin/issues/5415
Unfortunately, not everyone is tech-literate enough nowadays to understand how a VPN works, nor do they want to
Isn’t it easier to set up a VPN than expose it to the internet?
and then you are giving access to your lan to people whose computer you don’t control and might be full of malware.
You only have to give them access to a specific port on a specific machine, not your entire LAN.
My VPN has a ‘media’ usergroup who can only access the, read-only, NFS exports of my media library.
If you’re just installing Wireguard and enabling IP forwarding, yeah it would not be secure. But using a mesh VPN, like Tailscale/Headscale, gives you A LOT more tools to control access.
yeah but even with plain wireguard the peers can be limited. you just have to figure out the firewall rules, or use opnsense as your wireguard server because it figures the harder part out for you.
it’s not that it cannot be done. the issue is that something as simple as acceding a service should not require to configure wire guard and routing rules. plenty of FOSS projects are safe to expose through a simple reverse proxy
If only they would fix the htaccess bug
You’ve piqued my interest. Where can I read about it?
I did a quick search on their github and came up empty. Maybe no one mentioned “htaccess” in the issue.
Search for “basic auth”
Its the only software project I know of that you can’t put behind http basic auth. They mark this bug as “wontfix” every time someone points it out to them
Basic auth? The insecure authentication method?
Ok, I’ll look it up anyway. Under the jellyfin repository, there were eight results, none of which seemed to describe what you meant, and under the jellyfin-web repository, there were none. Using a web crawler search, I was able to find Issue #123 for jellyfin-android
Is that it?
Basic auth is very secure.
Unlike custom implemented logins. So it’s common to use basic auth in front of custom auth implementations. So even when the app has a login vuln, you’re safe.
Yes that ticket is one of many.
Try searching the repo. Make sure to backspace out the prefix that ignores closed tickets.
That’s exactly how I searched. If you want security, it’s probably best to follow the Unix philosophy of do one thing and do it well. In other words, don’t trust someone building a media server to handle auth and instead use the OIDC or LDAP plugins.
Kinda defeats the purpose of a media server built to be used by multiple people
deleted by creator
I’d rather just not use it at that point
you are better just closing up shop then, because it’s not like the other services you are hosting are much better. vulnerabilities being discovered don’t mean they don’t exist, it just means the software is not popular enough or too complex for someone to look into it
lol the whole internet better shut down right? Too vulnerable
much of the internet is run on simpler software or by full time employees tasked to deal with all this. but sure, ignorance is bliss, what you don’t see does not exist, etc etc, keep running your Jellyfin exposed to the internet. you wouldnt even get to know when your system is compromised. but you know what? you could even remove your password for extra convenience. who would want to log in to a random jellyfin account anyway! surely no one! just don’t recommend these practices to anyone, because you are putting them at risk.
I mean I do this stuff for a living but okay go off king
That changelog just screams AI lol. All the emojis
