🔒 Security
This release fixes a critical security vulnerability present in versions >= 10.7.0.0 && <= 11.1.0.0 (Details of this will be revealed later)
If you are on any of these versions of Jellyfin Enhanced, YOU SHOULD upgrade immediately!
A patch for the same has been released of 10.10.7 installs in version 10.11.1.0!
In addition, I have added a comprehensive security infrastructure to keep the project safer going forward:
- CodeQL static analysis for C# and JavaScript on every push and PR
- Dependabot for automated dependency update PRs
- Dependency Review workflow to flag vulnerable packages introduced in PRs
- Security Scan workflow running TruffleHog (secrets scanning) and .NET audit on every build
- OpenSSF Scorecard for continuous security posture assessment
- Security Policy --- formal vulnerability reporting policy
- Security Guidelines for contributors
Huge thanks to @4eh5xitv6787h645ebv for flagging and fixing this vulnerability and most of the CodeQL security fixes!
✨ New Features
-
Seerr
- Add Block listed and deleted statuses, instead of just rejected statuses #420
- Major improvements with discovery and Seerr search timings! Thanks to @4eh5xitv6787h645ebv ! #427
- JE Search: ~17ms → ~2-3ms
- Genre Discovery: ~15ms → ~2-3ms
- Network Discovery: ~15ms → ~2-3ms
- UI search perceived delay: ~1.3-6s → ~300-350ms
-
Skip TMDB features when TMDB API key is unset even when those features are enabled. For #406
🐞 Bug Fixes
- arr Links - When using Jellyfin with non-english metadata language, sonarr series links might point to the wrong url. This PR fixes #423 the issue #408 thanks to @4eh5xitv6787h645ebv !
- Fixes an issue where plugin pages isnt installed or available or has permission issues, the plugin goes into malfunctioned state #424 Thanks to @4eh5xitv6787h645ebv !
--
P.S. Enjoying the plugin?
Fuel development (and my storage addiction) with a coffee!