[wallmountedtv]

I also want to bring into light that Jellyfin is not very secure either [1], its sadly not in a great place to replace Plex still.

1: https://github.com/jellyfin/jellyfin/issues/5415

[nijave]

To be fair to the Jellyfin team, it seems they inherited a lot of tech debt from Emby which they've spent the last 2 years chipping away at.

It might not be in a great place now, but I'm not sure that's necessarily a reflection of the product

[nicoco]

Most of these issues require a malicious user, right? I think none of them really are a problem for a friends-and-family instance (as long as they don't get their creds stolen obv). For a single-user usage, none of these really are issues, are they?

[deadbunny]

As long as you're not opening JF up to the internet none of these are a real issue, so you're fine with a single person/house/network with trusted users.

[cipherboy]

The middle of the list had a media disclosure without any auth via the image API.

That would mean running a publicly accessible instance would be ill advised if you can about the privacy of what you host. Plex on the other hand somewhat encourages publicly accessible instances, so you can listen/watch while not at home.

(The caveat being, certain plugins disclose media to Plex but arguably that's a first or second party not some rando on the internet scraping stuff)

[unixhero]

Driveby scans happen all the time. Mass scan take 15 minutes to scan the entire internet, for instance.