It is a large codebase with a mix of new and legacy (Emby) modules. Errors or intermittent issues seem common, and nobody really seems to understand what's happening.
Many of the dependencies, especially for the legacy modules, are old or deprecated with numerous CVEs. Some functionality involves dispatching commands to external binaries.
Overall it seems like a product that works, but isn't necessarily well designed. A critical vulnerability was discovered earlier this year, and I feel that a security audit would more than likely result in a few more.
Many of the dependencies, especially for the legacy modules, are old or deprecated with numerous CVEs. Some functionality involves dispatching commands to external binaries.
Overall it seems like a product that works, but isn't necessarily well designed. A critical vulnerability was discovered earlier this year, and I feel that a security audit would more than likely result in a few more.
https://github.com/jellyfin/jellyfin/security/advisories/GHS...