As per the latest release notes: "CRITICAL SECURITY ADVISORY: GHSA-9p5f-5x8v-x65m and GHSA-89hp-h43h-r5pq can be combined to allow remote code execution for any authenticated Jellyfin user including non-admin users. While the particular execution mechanism of the former dates to the 10.8.0 release, the latter was present for all Jellyfin releases before this point. It is thus absolutely critical for all Jellyfin administrators, regardless of version, to upgrade to this version if they allow any untrusted users and/or expose their instance to the Internet."
Solution
This commit upgrades Jellyfin to the latest version (10.8.10) to patch the security issues from upstream.
PR Status
[X] Code finished and ready to be reviewed/tested
[X] The fix/enhancement were manually tested (if applicable)
Automatic tests
Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/after creating the PR, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)
Problem
Solution
PR Status
Automatic tests
Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ after creating the PR, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)