- cross-posted to:
- jellyfin@lemmy.ml
- cross-posted to:
- jellyfin@lemmy.ml
cross-posted from: https://aussie.zone/post/19146681
Important Notes
Configurations behind a reverse proxy that did not explicitly configure trusted proxies will not work after this release. This was never a supported configuration, so please ensure you correct your configuration before upgrading. See the updated docs here for more information.
Security
- Fix validation of API parameters to FFmpeg [GHSA-2c3c-r7gp-q32m], by @Shadowghost
- Fix trusting forward headers if none are configured [GHSA-qcmf-gmhm-rfv9], by @JPVenson
Note: GHSAs will be published seven (7) days after this release.
General Changes
- Fix regression where “Search for missing metadata” not handling cast having multiple roles [PR #13720], by @Lampan-git
- Clone fallback audio tags instead of use ATL.Track.set [PR #13694], by @gnattu
- Backport 10.11 API enum changes [PR #13835], by @nielsvanvelzen
- Support more rating formats [PR #13639], by @IDisposable
- Fix stackoverflow in MediaSourceCount [PR #12907], by @JPVenson
- Upgrade LrcParser to 2025.228.1 [PR #13659], by @congerh
- Include Role and SortOrder in MergePeople to fix “Search for missing metadata” [PR #13618], by @Lampan-git
- Delete children from cache on parent delete [PR #13601], by @Bond-009
- Fix overwrite of PremierDate with a year-only value [PR #13598], by @IDisposable
- Wait for ffmpeg to exit on Windows before we try deleting the concat file [PR #13593], by @Bond-009
- Fix 4K filtering when grouping movies into collections [PR #13594], by @theguymadmax
- Remove empty ParentIndexNumber workaround [PR #13611], by @Shadowghost
- Update dependency z440.atl.core to 6.20.0 [PR #13845], by @Shadowghost
General Changes
- Fix parsing minor version of Tizen [PR #6661], by @dmitrylyzo
- Fix re-focusing on pause button when displaying OSD [PR #6510], by @dmitrylyzo
- Fix skip button not displaying correctly with OSD [PR #6583], by @rlauuzo
- Fix catalog plugin page not setting page title [PR #6570], by @nielsvanvelzen
You must log in or register to comment.
updated on mint this weekend; admittedly it’s not a big library (mostly just for me and my family) but it was pretty painless. i put in my trusted proxies ahead of time and backed up /etc/jellyfin and /var/lib/jellyfin ahead of time. no problems at all.
My friend who’s been praising Plex for years and making fun of me for using Jellyfin instead just told me the other day he’s thinking about switching. It’s their new subscription fee that finally did it. xD
It’s what made me switch this weekend. I didn’t know I missed the “Episode ends on (time)” functionality until I got it with Jellyfin, Holy shit that’s so nice ❤️
I wish everything had that
Really looking forward to 10.11 when the EFCore functionality is in place so I can run it with PostgreSQL and actually backup the DB properly and also have proper replication for a hot standby.
As far as I can understand, even with EFCore in 10.11, there still will only sqlite be available as a database backend. There are plans for postgresql and other types but it’s a much more distant prospect. Reference
Ah, seems I had a misunderstanding and appreciate the info!
If you have the time, I’d love to learn how to set up a hot standby, not just for jellyfin but in general.
I was imagining setting up an old laptop as a backup to my main server with PostgreSQL replication for the Jellyfin DB and some sort of file synchronization for media and metadata. I have yet to manually setup PostgreSQL replication outside of a cloud provider where the process is automated, so I was planning it as an interesting learning experience. However, from the post above, it seems I was misinformed about the timeframe of PostgreSQL support in Jellyfin.
Thanks! I’m running jellyfin inside of docker, so perhaps there’s a way to keep the images synchronized. Media sync would happen separate, as you suggest.
Oh that would be nice. I would use that to just go into the database and fix all my broken music metadata which I can’t see to fix any other way.
I stand corrected about PostgreSQL support dropping in 10.11. Seems we may still have quite a wait ahead of us.
Configurations behind a reverse proxy that did not explicitly configure trusted proxies will not work after this release. This was never a supported configuration, so please ensure you correct your configuration before upgrading. See the updated docs here for more information.
Well I’m glad I read that before upgrading!
Thanks for pointing this out! I probably would have missed this, since I didn’t expect such a change for a patch release.
Their documentation mentions:
For jellyfin to know which reverse proxy is trusted, the IP, Hostname or Subnet has to be set in the Known Proxies (under Admin Dashboard -> Networking) setting.
Does this really mean, that the only way to configure this is through the web UI? This is kind of a problem when deploying it, since without the reverse proxy I can’t reach the Jellyfin server. Is there no way of doing this outside the web UI, via a config file or something?
Edit: Apparently the configuration for the proxies is stored in Jellyfin’s
network.xmlconfig file. So it should be possible to do this without manually configuring it via the web UI.Another edit: It works. Adding
<KnownProxies>[proxy ip or hostname]</KnownProxies>in place of the empty<KnownProxies/>key to that config file does the trick.If I run traefik and jellyfin in docker, do I add the docker IP of traefik as the trusted proxy?
I think you can use the container name if both containers are in the same docker network
I don’t know your exact setup, but you should add the IP that Jellyfin sees when the reverse proxy makes a request. That probably comes from the IP of your Traefik docker container.
Yeah the lack of info in the docs on how to configure jellyfin in the CLI is pathetic
It’s odd to throw that into a patch release. I guess we’ll find out if I did it correctly.
I mean, it’s patching a security issue caused by trusting headers it shouldn’t, so I don’t think they should wait for a big number release.
Why wait? Just release it as a big number release. The version number doesn’t define the size or cadence of a release, it just says whether there’s a breaking change.
At least in my org we use semantic versioning ( Major.Minor.patch) where patch must either be a new feature, a fix, or something that is backwards compatible
Minor can be breaking
Major is basically something you’re proud of lol
That’s not semantic versioning…
I mean, where else should they show that warning? It’s also posted in the forum. They also edited the documentation page.
Maybe you’re more into mailing list or the like? I’m genuine curious on what/ how/ where you expected getting this kind of information.
I expect in a patch release that nothing has changed and I can blindly update getting minor bug fixes and security fixes. In a minor release I expect to review the changes for configuration changes or any minor UI changes. For a major release I expect to read docs on how to upgrade and prepare backups and downtime.
Ohhh thanks for the clarification ! As you guessed I’m not into dev/programming so I wasn’t aware of this kind of detail !
Thank you :)
Edit: Now semver makes sense !
Yeah, it’s really nice when done properly. I have my images pinned to minor releases (they can sometimes break backwards compatibility on accident), so I expect upgrades to newer patch versions to mostly be safe. Mistakes happen, but if 95% of my patch upgrades work w/o intervention, I’ll probably enable automatic updates.
As a refresher for others, a semantic version looks like this: X.Y.Z:
- X - bump when breaking backwards compatibility
- Y - bump for new features
- Z - bump for bug fixes
You can always bump a “higher” version whenever you like (e.g. 2.0 may not break compatibility w/ 1.0), but never bump a lower version (i.e. bumping Z should never break backwards compatibility). A version bump generally indicates how much I should pay attention to the release notes.
Exactly. It has nothing to do with where they post it, but what their version numbers communicate. I should be able to blindly apply patch releases, and this breaks that.
I’m even okay with a minor release here. It was never advertised to work that way so removing it technically isn’t a breaking change, but there is a known breakage here. I’m much more likely to read minor release notes than patch release notes, so I would likely see this warning if it was a minor release.
deleted by creator
Do you not normally read patch notes before patching?
Fuck no, ain’t nobody got time for that! My self hosted stack has 40+ services. I lock them to minor releases (where semvers are used), deploy blind with automation, and fire alerts when breakages occur, which is thankfully rarely.
What you’re suggesting works for small, very carefully curated environments. I grew past that years ago and doubly so when I had kids.
40? Kinda curious what you are running now.
The general list:
- Immich
- Jellyfin
- Plex (deprecated but kept around for my plexpass using friends)
- Internet Radio (custom container)
- PBS kids downloader (custom container)
- Lidarr
- Sonarr
- Mylar
- Radar
- Prowlarr
- Open-Webui
- QBittorrent
- Sabnzbd
- Navidrome
- Synapse
- Element
- Forgejo
- Tdarr
- Calibre
- Calibre Web
- Tautulli
- Bazarr
- Syncthing
- LazyLibrarian
- Linkwarden
- Mealie
- GlueTun
- Kopia
- Home Assistant
- Music Assistant
- Blocky
- FoundryVTT
- Wireguard
- ArchiveTeam Warrior
- Traefik
- Docspell
- Birdcage (though I’m slowly replacing this with my own bird sound server)
- Frigate
- FreshRSS
- Ntfy
- Samba
- SearxNG
- CouchDB for Obsidian Self-Hosted LiveSync
With all the supporting services:
Server: Containers: 76 Running: 74 Paused: 0 Stopped: 2 Images: 92Could you please explain your use case for Music Assistant if you already have Jellyfin/Plex and Navidrome?
Certainly!
Jellyfin I use for video content. I find its music functions lackluster.
Navidrome I use (and my family uses) for personal listening.
Music around the house, like on one or more of my casting capable speakers / tvs I use Music Assistant. Also let’s me do automations easily, and doesn’t tie up an android phones media’s output. Struggled with earbuds while casting taking over audio for too long before deploying Music Assistant!
If you’re looking for more tinkering on the music around the house front, Lyrion music server + squeezelite players can be a very fun endeavor. I think it gets a little sketchy if you’re favoring automation and casting, but as a network of players that will utilize a wide swath of hardware, it shines. I had a bunch of pi4s laying around and eventually repurposed them all into a multiroom audio gang.
Thanks! I thought most people don’t use navidrome if they have multiple users because they can’t create user-specific playlists. Is this not the case? What music features do you find limiting on Jellyfin? Also, how did you get your family to switch off music streaming for your navidrome server?
What’s your hardware solution for that? I’ve reached the limit of my configuration and may need to look into more robust hardware (or moving things like jellyfin off to a dedicated machine)
It’s old but fairly beefy. Most of the RAM is reserved for ZFS reads, but in reality theres tons of headroom.
CPU: 2x E5-2630L v2
Motherboard: Intel S2600CP
RAM: 16x8GB DDR3 1333 ECC
Disk:
- 1x 500GB SSD OS
- 1x 500GB SSD ZFS cache (L2ARC)
- 45TB ZFS Mirror+Stripe pool (various sizes, 8 disks)
I’ll probably be moving this to a cluster of mini computers whenever prices look right, just for power efficiency.
Minus the storage the box cost me about $600, mostly in RAM. The CPUs were like $20 each, the mobo was about $150, etc
I will add, what helped me the most with Plex/Jellyfin load was using Tdarr to normalize my library’s formats into something easy to direct stream to any device without transcoding.
I’ll check out tdarr. If it’s something I can configure to run overnight it probably would be worth the effort. Thanks!
I ran tdarr for a while, eventually I found for most things that it was faster (and better quality) to re-download in better formats than to re-encode.
Tell me more about this PBS Kids downloaded (like where I might find it) 😁
It’s a crappy python script I packaged in a docker container lol. Turns out PBS kids uses an open unauthenticated CDN for serving videos to the website and apps.
I can share if you want, but it’ll take me until tomorrow to make it public
Please also grace me with this python goodness.
I’m also interested 🫡
I’ve got some PBS kids I’d want to download so, sure
Not related to the server, but I was very happily surprised with the latest Roku Jellyfin channel. A complete refresh of everything and it’s great to see it.
For real. JF roku team is killing it. Latest release is so nice.
🤘 Thanks
You’ll want to get off Roku soon, they’re already testing preroll ads for the home screen.
I can see them doing that, I use a DNS ad-block (Adguardhome) with plenty of filters and last night, I spotted that they were able to inject two ads (standard one to the right of the channels and one at the bottom below the menu for the new Minecraft movie when they changed my background. So, they are finding ways around this stuff. I simply disabled the Sponsored themes. We are on the fence about replacing the TV later this year but not 100% sure just yet. It’s been quite buggy randomly rebooting when switching sources and other things.
)
You dropped this. 😀
Back on topic, anyone have a rec for an alternative? I basically just need Netflix and Jellyfin, and hopefully I won’t need Netflix soon (my SO keeps finding NF originals they must watch). I to use a regular remote, but AFAIK nothing provides a nice UX for Netflix w/ remote outside the official app.
I absolutely prefer something FOSS.
Minus Netflix? Kodi.
With Netflix? You’re not finding anything 100% FOSS.
I’m fine running DRM, I just want control over the OS and have a remote work.
If you want control over the OS, DRM is going to be tough to get working on a device with a remote control.
I can run Netflix on Firefox on Linux, and I can set up a remote to work with Linux. I just can’t get the controller to work on Netflix in Firefox with reasonable ergonomics.
The best I’ve gotten was Kodi running on a Raspberry Pi with a plugin pulled from Android to play media. It worked, but it did break periodically, and the UX sucked. This was a few years ago, so maybe things improved.
Why aren’t you just using Kodi?
FWIW AndroidTV is getting worse all the time also 😭 The only assurance we have is that the TV isn’t connected and AndroidTV is in a separate box.
In what way is it getting worse? I was hoping to move and use some patched apps and foss apps, is that being restricted?
Mostly the ads on the homeacreen for now. I assume it’ll grow beyond that soon. It’s made by the makers of YT after all.
🤘 Enjoy
