Leaderboard

I want to praise you, I love what you did with Emby. It is to believe that you read in my spirit because you carried out a splendid tool. I've been an XBMC fan since the first XBox, then I switched to Kodi, never joined Plex and then you came with Emby! Being a young developer I wanted to try myself with FFmpeg to create thumbnails of the sound wave as we can see on Soundcloud or Mixcloud. You have to generate the image then insert it into the interface. I will already try to generate them (for the moment I fail even with the Wiki of FFmpeg but I will insist ). In short, I took the lifetime license directly, take my money! I wish a long life to this magnificent project that is Emby and I congratulate all the developers who have contributed to the realization of this magnificent project. I love you.

Yes, definitely.

NETWORK_SERVICE has a lot less permissions than a regular user. Write permissions are only required for everything under "programdata" (=> "Program Data") but not for "system" (=> "Program Files"). That service would run as "LocalSystem" The UpdateService would be running continuously and be installed by the setup to run under the LocalSystem account. It would also handle shutdown and restarting of the Emby service. It would check for and download updates (we can't let the Emby server download the update, because then we can't be sure whether it's genuine). If an update is available and ready for installation, the update service would notify the Emby service. The Emby service can then tell the update service to perform the update (same for restart or stop). What makes this architecture secure is the the minimal "vocabulary" of interaction between the two services. It would be flawed when the Emby service would be able to send an arbitrary command to the Update service for execution, but this way, 'update', 'restart', 'shutdown' is all it can tell the UpdateService to do.

Samsung Smart TV. Don’t have the exact model but it’s a 65” from 2019. App store install. Emby app for samsung version 1.2.6

I've already raised github issue for same. https://github.com/EmbySupport/Emby.Docs/issues/2

It's a pretty much standard Android TV Home launcher on TCL unit. I just dodged the bullet and uninstalled Emby, purged everything, installed it again and it works now. Maybe it's because i didn't update home launcher to the latest (don't want to see the ads, Google pushing now)

ok, thanks. i didnt think i was getting them still, but i do get them.. thanks.. sorry..

Ok, I just mapped the drive to Y: and added it using Y:\dietpi\sab2\plex and that seems to be scanning.

Actually after reinstalling kodi from scratch and checking twice android permissions never had an hang on stop or resume point issue. I left embyforkody default settings for most. I did't disabled http2. I disabled path replacement, but don't think it was the culprit since I enabled it only few times and didn't seems to change anything... Let you now... By now perfect!

@adrianwiThanks for some very good questions. I think the initial assessment of risk and severity was incorrect and further on, the lack of any kind of exploitation might have reinforced that classification. What probably played a role as well, is that there weren't any precedent incidents of similar impact and severity in the history of Emby. The incident has shown that security related issues need to be treated with highest priority, and some lessons were surely learned. The vulnerability was not specific to the plugin system, it was about gaining (emby-)administrative access - which would have also allowed to do other things than installing a plugin. But there are considerations about adding extra guards for changes to "high-risk" configuration settings - both in Emby Server as well as in plugins - which applies to those kinds of settings where code or script execution is controlled. A fundamental change in response to this incident is that we are dropping the conceptual distinction between "local network" and "non-local network", while the more challenging part is to provide a similar level of convenience like before but in a secure way. There are more security-related changes in the works and in planning. These will arrive in subsequent beta releases and will be explained alongside. Best regards, softworkz