Skip to content

10.8.10

Latest
Compare
Choose a tag to compare
@joshuaboniface joshuaboniface released this 23 Apr 15:40

Jellyfin 10.8.10

Stable hotfix release for 10.8.z release branch.

New Features and Major Improvements

  • CRITICAL SECURITY ADVISORY: GHSA-9p5f-5x8v-x65m and GHSA-89hp-h43h-r5pq can be combined to allow remote code execution for any authenticated Jellyfin user including non-admin users. While the particular execution mechanism of the former dates to the 10.8.0 release, the latter was present for all Jellyfin releases before this point. It is thus absolutely critical for all Jellyfin administrators, regardless of version, to upgrade to this version if they allow any untrusted users and/or expose their instance to the Internet.

Release Notes

N/A

Changelog

GitHub Project: https://github.com/orgs/jellyfin/projects/29

jellyfin [12]

Note: Dependabot automatic PRs are excluded from this list.

jellyfin-web [11]

Note: Dependabot automatic PRs are excluded from this list.