Skip to content

jellyfin

v10.11.10 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 10d Media Servers
βœ“ No known CVEs patched
Read the diff β†’ Tool health β†’ What is this tool? β†’
This release patches 3 known CVEs

Topics

c# .net jellyfin

ReleasePort's take

Moderate signal
editorial:auto 10d

Jellyfin Server v10.11.10 patches three security vulnerabilities (GHSA-f47c-m7gr-q92j, GHSA-jg92-mrxq-vv75, GHSA-wwwm-px48-fpvq) and resolves cache and collation bugs.

Why it matters: Addresses CVE‑level security issues affecting Jellyfin Server; update to v10.11.10 immediately for all deployments using the server component.

Summary

AI summary

Updates πŸ”’ Security, πŸ“ˆ General Changes, and https://forum.jellyfin.org/t-new-jellyfin-server-web-release-10-11-10 across a mixed release.

Changes in this release

Security Medium

Fixes GHSA-f47c-m7gr-q92j vulnerability

Fixes GHSA-f47c-m7gr-q92j vulnerability

Source: llm_adapter@2026-05-25

Confidence: low

 β€”
Security Medium

Fixes GHSA-jg92-mrxq-vv75 vulnerability

Fixes GHSA-jg92-mrxq-vv75 vulnerability

Source: llm_adapter@2026-05-25

Confidence: low

 β€”
Security Medium

Fixes GHSA-wwwm-px48-fpvq vulnerability

Fixes GHSA-wwwm-px48-fpvq vulnerability

Source: llm_adapter@2026-05-25

Confidence: low

 β€”
Bugfix Medium

Fixes stale UserData cache issue

Fixes stale UserData cache issue

Source: llm_adapter@2026-05-25

Confidence: high

 β€”
Bugfix Medium

Fixes user manager collation problem

Fixes user manager collation problem

Source: llm_adapter@2026-05-25

Confidence: high

 β€”
Full changelog

:rocket: Jellyfin Server 10.11.10

We are pleased to announce the latest stable release of Jellyfin, version 10.11.10! This minor release brings several bugfixes to improve your Jellyfin experience. As always, please ensure you take a full backup before upgrading!

You can find more details about and discuss this release on our forums.

Changelog (2)

πŸ”’ Security

  • Fix GHSA-f47c-m7gr-q92j, by @Shadowghost
  • Fix GHSA-jg92-mrxq-vv75, by @Shadowghost
  • Fix GHSA-wwwm-px48-fpvq, by @Shadowghost

πŸ“ˆ General Changes

  • Fix stale UserData cache [PR #15048], by @theguymadmax
  • Fix/user manager collation [PR #16906], by @JPVenson

Security Fixes

  • GHSA-f47c-m7gr-q92j
  • GHSA-jg92-mrxq-vv75
  • GHSA-wwwm-px48-fpvq
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track jellyfin

Get notified when new releases ship.

Sign up free

About jellyfin

The Free Software Media System - Server Backend & API

All releases β†’

Related context

Beta — feedback welcome: [email protected]