Plex is starting to enforce its new rules, which prevent users from remotely accessing a personal media server without a subscription fee.
If anyone needs it: https://jellyfin.org/
Plex is starting to enforce its new rules, which prevent users from remotely accessing a personal media server without a subscription fee.
If anyone needs it: https://jellyfin.org/
Why would anyone use Plex over jellyfin anyway? The writing was on the wall years ago.
I set up Plex on my mum’s TV and she can just push play. The UI is intuitive (read: familiar) to her.
Jellyfin has a reputation for giving users more control and customizability, but the other side of that coin is that it’s more “fiddly”.
My users don’t want to fiddle.
That’s the opposite of my experience. Jellyfin just works and immediately exposes the content we’re looking for, plex tries overloading you with bullshit and burying your actual content
For remote streaming to, say, your mum’s house? (Or a friend, etc)?
Yes, after I set up the server properly (reverse proxy). With this change the same setup on the server side is necessary for remote streaming with free Plex.
My mum puts in the domain, username and password and starts streaming.
Guess what I didn’t have to setup with Plex or Emby.
That’s because you had somone elses servers doing that part for you.
Good.
That’ll be one hundred and fifty dollars, please.
Using jellyfin on Chromecast. For the past 3 weeks I’m stuck not being able to use it because some update broke subtitles support for external players. App became useless, I can’t downgrade it, and the bug is still not fixed.
Not going to use Plex, just my 2 cents.
I haven’t had any problems with subtitles. You mind linking the issue report you’re referring to?
Plex still has the most fully-featured music streaming app (Plexamp)
Also Audiobook apps don’t really exist for Jellyfin.
Yes. There’s AudioBookShelf for audio books.
Or Plex, plenty of apps for audiobookshelf
Because I don’t have to learn about things like proxies to try and open the service up outside my network in a secure manner or try to explain to family they need to run tailscale at the same time and then inevitably have to provide tech support for another aspect of “why is this not working?”
I just check allow remote access and it just works and I can go about my day doing things I enjoy more because fucking about with Linux and providing tech support are pretty low on that list for me :)
Should I begin telling you about the wonderful man in the middle attack that I reported to Plex over 3 years ago and how it’s still not fixed? Anyone can setup a plex instance and use that very instance to request an ssl certificate on behalf of any other plex instance, and then setup shop and gain complete access to your machine.
Do you have a CVE for this?
You’re going to need to back up your claim otherwise you might as well be lying as there’s no CVE like this I can find nor any public disclosure.
Plex have a bug bounty program and a responsive security team too.
Post your security report.
Sounds like a skill issue.
Typical condescending reply that I expect, yes it is a “skill issue” and I don’t really give a fuck. We don’t all have the same skills or the same levels of interest in acquiring those skills, some of us just want a solution that works easily for their skill level.
It is your kind of attitude as well that puts more people off learning these things because without a real interest in learning these things those kinds of hostilities just put people off of wanting to participate in those circles.
Quick question, do you know how to wipe your own ass?
Do you know how to rebuild your car’s engine?
Do you know how to remediate black mold spreading on the walls of a houseboat?
Do you know how to compile Linux to run on some custom arm hardware?
Do you know how to repair or rebuild a crumbling stone retaining wall?
There’s a good chance you may not know how to accomplish all of those tasks. There’s also a very good chance you may not care about knowing how to accomplish all of those tasks, as some of them may not be relevant to you. This is ok.
Finally, I know you’re posting on the Internet, but you don’t have to be an asshole, that’s a choice.
Jellyfin is notoriously full of security holes. It’s recommended to not expose it to the Internet. It’s also easy easier on Plex, at least until this bullshit, to have a random non-techie family member sign in to your Plex server from anywhere. I never liked Plex and never got into it, but I see why people used to prefer it.
I think Emby is a good middle ground for people looking to jump ship from Plex. But I switched to jellyfin from my lifetime Emby sub because the plug-in community there feels dead and Emby development felt dead in the water.
Please do explain or link sources to what you think are “security holes”.
It has several unsecured endpoints.
https://github.com/jellyfin/jellyfin/issues/5415
If you read the comments the devs know it’s a serious issue but don’t want to break backwards compatibility fixing them. Their solution for now is to warn people of the risks of exposing their instance to the Web. Which I don’t think they’re doing a great job of.
Aside from most of those being “potential issues”, which weren’t proven, the rest are GETs of things that do not need to be secret, things like album art and list of installed plugins. Besides the one plugin issue, which was an actual security issue, which was fixed over a year and a half ago. https://github.com/jellyfin/jellyfin/pull/11436
Contrast that with Plex which has numerous high severity CVEs that include things like remote code execution, directory traversal, and more.
Yeah, as you said, that’s a pretty serious security issue. That’s a data leak that explicitly lays out the shape of your attack surface. It tells the attacker exactly what additional software your server is running and if any of it includes known vulnerabilities, the attacker now knows how to gain access.
That only works if the plugins are somehow accessible through an api controller, which as far as I’m aware, is not how jellyfin plugins work. So no, it wouldn’t increase your attack surface at all.
You’re aware those CVEs are only relevant for ancient versions of Plex and were fixed long ago?
They are not marked as resolved.
And you think if Jellyfin were a comparable size, there wouldn’t be just as many or more?
No… because more people would be working on it.
Skip intro on Apple TV not working on Jellyfin is probably the #1 reason I do not use it.
When tvOS 26.2 comes out I will tentatively test Jellyfin + Infuse, but until then, Jellyfin is a non-starter for me.
But I use Emby over Plex so still not using Plex.