Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla…
Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla…
I think I understand now. Thank you! I will be changing my paths then. It’s kind of a moot point since I’ll change my paths anyway, but for the sake of my own curiosity, i have a follow up question. Feel free to disregard it if you don’t feel like taking the time to answer.
Hypothetically, my docker setup only allows jellyfin to see /mnt/user as /storage. So jellyfin would report the path to Morbius as being:
/storage/hdd1/media/movies/Morbius_all_morbed_up.mkv
when in all actuality it would be:
/mnt/user/hdd1/media/movies/Morbius_all_morbed_up.mkv
My intuition tells me that the file path that jellyfin “sees” would be the security risk. So “/storage/hdd1/…” Is that correct?
Your intuition is correct. JF will generate the MD5 hash based on the path that it’s accessing with. So if it’s normally a unique path then you mount it into the docker container as
/movies/or/mnt/moviesor what have you… Then you lost the uniqueness, all that’s seen is the internal docker path. This is why I also lumped “using docker” into the party side by side with “using *arr stack”. Most people will find a compose file and just modify the left side of the volume declaration to point at their media. And most dockers are going to have simple internal mounts in their example compose files.Both Arr and Docker will end up pushing people to standardize the path, then the filename. Using both together compounds the issue and they tend to standardize different parts of the path.