Skip to content

v1.9.1 - Security Update for jellyfin-web

Compare
Choose a tag to compare
@iwalton3 iwalton3 released this 24 Apr 04:40
· 121 commits to master since this release

This release is primarily to get the updated jellyfin-web to correct the stored XSS vulnerability GHSA-89hp-h43h-r5pq. While JMP is not vulnerable to most XSS vulnerabilities due to being an isolated application, this one could affect it.

Changes:

  • Update web client to 10.8.10 to patch stored XSS issue.
  • Skip searching for SSL bundles on Linux. (#301)
  • Disallow flac from video transcoding. (#423)
  • Allow disabling dovi transcode rule.
  • Fix missing port in translation. (#288)
  • Censor token from new stored creds block.