Skip to content

streamystats

v2.18.0 Security

This release includes 4 security fixes for security teams reviewing exposed deployments.

Published 2mo Media Servers
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 4 known CVEs

Topics

jellyfin nextjs phoenix statistics

Summary

AI summary

Migrated Docker images to GHCR, automated migrations on startup, added playback state tracking and wrapped stats design, improved search, OpenRouter AI, watchlist API, timezone support, and Jellyfin library enforcement.

Breaking Changes

  • Docker registry moved to GHCR with new image names
  • migrate service removed in favor of automatic migrations
  • migration now automatic on job-server startup

Security Fixes

  • Enforce Jellyfin library access restrictions
  • Add security middleware and input validation
  • Add auth to previously unprotected API routes
  • Fix basePath handling for reverse proxies
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track streamystats

Get notified when new releases ship.

Sign up free

About streamystats

Streamystats is a statistics service for Jellyfin, providing analytics and data visualization.

All releases →

Related context

Beta — feedback welcome: [email protected]