Everyone might want to freeze your Jellyfin versions until this gets sorted. As far as we know, nothing has been hijacked, but safer sit on your local copies for now.
“Note: This is not a code vulnerability, but a vulnerability in the GitHub Actions workflows. No new version is required for this GHSA and end users do not need to take any actions.”
I think its our local copies that might have issues if anything. If there is a threat at all, it would affect releases prior to the cve release not since then. Or yeah, if a possible attacker had gained access they may still have it, but its unlikely that would not have been caught.
Everyone might want to freeze your Jellyfin versions until this gets sorted. As far as we know, nothing has been hijacked, but safer sit on your local copies for now.
Hasn’t it already been patched? https://github.com/jellyfin/jellyfin-ios/security/advisories/GHSA-7qhm-2m45-7fmh
Furthermore, OPs post seems to link to the patch: https://github.com/jellyfin/jellyfin-ios/commit/109217e75f38394b2f6e46e25dfe5a721203d3c8
This doesn’t affect the code or jellyfin. Its a problem with how github does CI that needs to be fixed.
I know. My comment stands. Though apparently it was already patched.
@renegadespork @le_throosh
“Note: This is not a code vulnerability, but a vulnerability in the GitHub Actions workflows. No new version is required for this GHSA and end users do not need to take any actions.”
I know. My comment stands. Though apparently it was already patched.
I think its our local copies that might have issues if anything. If there is a threat at all, it would affect releases prior to the cve release not since then. Or yeah, if a possible attacker had gained access they may still have it, but its unlikely that would not have been caught.