Skip to content

Release 10.3.5
Compare
Choose a tag to compare
@joshuaboniface joshuaboniface released this 10 Jun 01:51
· 34 commits to release-10.3.z since this release
v10.3.5
d5fe823

10.3.5 hotfix release.

Release Notes

Fixes two bugs with the (pulled) 10.3.4 release, including a major security bug.

NOTE: This release fixes #1445 in a way that no workarounds are required. If an external auth provider fails or is removed, users who were entirely dependent on that auth provider now fail-closed (preventing login and logging an error) rather than fail-open. The password of the default auth provider for that user can still be reset in this case allowing access to the accounts in the failed state, if needed, by going through the usual password reset process and setting a password for the default auth provider. Also note that when in the failed state, saving a user config will reenable the default auth provider for the user, since this is selected by default; if doing this, ensure you set a password for the user immediately, otherwise do not attempt to modify users in this state via the admin dashboard before correcting the underlying issue; future releases may improve how this is handled visually on the user configuration page, but in this release it is implicit.

Major Features

N/A

Changelog

jellyfin

#1443 Update arm* Dockerfiles for latest multiarch
#1447 Implement InvalidAuthProvider

jellyfin-web

N/A

Assets 21