Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Bug Security

Plex Users Urged To Update Media Server After Security Flaw Exposed (nerds.xyz) 18

BrianFagioli shares a report from NERDS.xyz: If you run Plex Media Server, it's time to drop everything and update. The company has quietly patched a security issue that affects recent versions of its software, and users are being told to upgrade as soon as possible. According to an email Plex sent to affected customers, versions 1.41.7.x through 1.42.0.x are vulnerable. The newly released build, 1.42.1.10060 or later, contains the fix. Plex says the flaw was found through its bug bounty program, but sadly, it has not publicly shared details about how severe the issue is or whether it could be exploited remotely.

Plex Users Urged To Update Media Server After Security Flaw Exposed

Comments Filter:
  • by SeaFox ( 739806 ) on Thursday August 14, 2025 @10:18PM (#65591008)

    There have been multiple bugs that have cropped up in the 1.41.7.x betas through 1.41.9, and I'm not positive they have all been fixed now. I think I'll continue with 1.41.6.9685 for now, since that would pre-date the venerable versions.

    • I've noticed across many apps that obvious bugs are making it to production. I think we're witnessing the impact of "AI" coding. Catastrophic software bugs at AI scale! Yay!
      • Is it that or is it that update-addicted developers now use the general public as beta testers? Look at the version number, it looks like a kernel release nomenclature. Where they release patches to fix their previous patch bugs. Unsure of untested code? Push it out anyway, it can be fixed with yet another update.
      • by PDXNerd ( 654900 )
        How is this any different than in the past, prior to AI? There's always been 'obvious bugs that make it to production', which is why there is always an increasing emphasis on testing and Q/A as the code base grows.

        In fact I would posit that LESS obvious bugs are making it to production with AI, but we're trading them for unnecessary complexity and other crap code issues.
      • by tlhIngan ( 30335 )

        I've noticed across many apps that obvious bugs are making it to production. I think we're witnessing the impact of "AI" coding. Catastrophic software bugs at AI scale! Yay!

        I think its a symptom of the Elon Musk development model of "Move quickly and break things". The market simply has no patience - you didn't update your app today? Outdated! You didn't update in a week? Obsolete! If you're not pushing 10 updates daily what are your developers doing?

        So basically everyone is forced to update frequently and

  • How was it quietly patched, when everyone running an outdated server, received an email?
    That is the opposite of quiet.

  • Patched, life moves on, next?

    • Exactly.

      And if you are running the linuxserver.io container, all you have to do is stop / start the container and it updates itself.

      Gee that took me all of 30 seconds. Oh no!

  • No, thanks (Score:4, Insightful)

    by RUs1729 ( 10049396 ) on Friday August 15, 2025 @08:57AM (#65591738)
    I ditched Plex for Jellyfin and couldn't be happier. The Plex Pass is not worth anything to me, and when the Plex executive^H^H^H^H^Hmorons decided that I would have to pay for streaming outside my LAN they crossed the final red line and pushed me to look for alternatives.
    • by CRC'99 ( 96526 )

      Good for you - but make sure you don't have ports forwarded to Jellyfin. There are well known exploits for user enumeration, unauthenticated playback etc etc that have been open for years.

      Only use Jellyfin from remote via a VPN.

    • by wwphx ( 225607 )
      I was looking into Plex, and the more I learned the more I started looking into and liking Jellyfin. Now I just need to commit to some form of SAN and start ripping.
  • by gabrieltss ( 64078 ) on Friday August 15, 2025 @10:03AM (#65591908)
    I have stayed on version 1.40.x on my NAS for a while now. When I upgraded Plex to 1.41.x it no longer saw all my imported media and wouldn't play them. I was not about to go back and re-do everything I had and re-create all my media in Plex.Thanks but I'll stay were I'm at.

    I still don't like that Plex forces you to login to THEIR system before you can access YOUR local server. Total crock of crap!

    Anyone know a work around for this that -works-?

Consider the postage stamp: its usefulness consists in the ability to stick to one thing till it gets there. -- Josh Billings

Working...