Hi,
MikeG.6.5 wrote:It is interesting to note, that Plex has never been one of the identified apps that this malicious attack could leverage. It seems of all of the major player and streaming apps, it was the only one safe.
True ... but technical & politics reasons explain this
Plex is based on client / server mode ... so client don't manage anything locally ...
Plex server don't include addons to automatize (or what else) the inclusion of movies ... so the admin of the server for subtitles (ex. here) get the real file .srt, etc. NOT a zip file unzipped transparently then apply ...
Kodi is not (except for DNLA) a server and it's a client open (too open write some people ... ) ... so it's possible to integrate lot of things and to get addons not only from Kodi team but from anybody ... this "open approach" ... add potential security problem ... even kodi team (when it's the in the core product) have a short and good response time
So the problem is :
yes kodi is open and a security problem can exist (in this case on a specific usage (automation of the load and run zip file for subtitles),
BUT yes this problem is solved quickly by Kodi team ...
BUT again YES the problem is that lot of brand, integrator, re-seller integrate kodi in their box ... but are NOT reactive when this problem occurs (like for any kernel or CVS security break)
F.Y.I. on standard dLinux distribution ... the update will be present and apply in 24H00 after solved ...
Plex is the
only official source for server delivery ... nobody can build it's own version for integration on specific platform like a NAS (so a better control on it)
So you are a little more prisoner with Plex for any change ... when in kodi you can open to your need anythings ... (ex. I have create (for the fun) a NAS ad-dons to launch NAS (Asportal or HD_Station) application directly from Kodi interface ... this is not possible with Plex)
You reopen the debate between "closed proprietary (even free) server" and "totally open tools able to be rebuild by yourself" ... sure this debate is not near to be closed
Philippe.
NB As you know I am a Plex user and a Plex integrator for client ... so not a "fan only" of kodi ...