thanks; for anyone looking, the issues have been split out at the bottom, none of them are addressed as of this writing. I don’t know that I feel like they are that serious (most of them allow you to play things if you know an ID), but they are the kind of thing you’d see in a project where there are bigger security issues.
What security gaps in particular? I did have to reverse proxy to get it to https, are there additional security issues?
Exposed endpoints that have no authentication and various other things like that.
It’s application level security issues.
If there is an older collation here https://github.com/jellyfin/jellyfin/issues/5415
thanks; for anyone looking, the issues have been split out at the bottom, none of them are addressed as of this writing. I don’t know that I feel like they are that serious (most of them allow you to play things if you know an ID), but they are the kind of thing you’d see in a project where there are bigger security issues.