streamystats

v2.18.0 Security

This release includes 4 security fixes for security teams reviewing exposed deployments.

Published 2mo Media Servers

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 4 known CVEs

Topics

jellyfin nextjs phoenix statistics

Summary

AI summary

Migrated Docker images to GHCR, automated migrations on startup, added playback state tracking and wrapped stats design, improved search, OpenRouter AI, watchlist API, timezone support, and Jellyfin library enforcement.

Breaking Changes

Docker registry moved to GHCR with new image names
migrate service removed in favor of automatic migrations
migration now automatic on job-server startup

Security Fixes

Enforce Jellyfin library access restrictions
Add security middleware and input validation
Add auth to previously unprotected API routes
Fix basePath handling for reverse proxies

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track streamystats

Get notified when new releases ship.

About streamystats

Streamystats is a statistics service for Jellyfin, providing analytics and data visualization.

All releases →

Related context

Related tools

Beta — feedback welcome: [email protected]