Old Plex Media Server versions are vulnerable. Update your install!
What's the problem?
Communication which uses SSL v3.0 is vulnerable to the POODLE attack. While our plex.tv servers prefer TLS for secure connections, until now, we have also allowed SSL v3.0 connections. We did that to minimize disruptions for our users who were running old versions of Plex Media Server.
What is Plex doing?
On March 16, 2016, we will be disabling SSL v3.0 support on our plex.tv servers. Once that happens, secure connections will require use of TLS communication instead and anyone trying to connect to our servers using SSL v3.0 will fail. That includes very old versions of Plex Media Server.
Am I affected?
Versions of Plex Media Server prior to 0.9.11.1 are vulnerable because they use SSL v3.0 instead of the newer, more secure TLS communication. So, if you're running 0.9.11.0 or older, then you're affected. If you continue to run an older version of Plex Media Server, then your server will no longer be able to communicate with plex.tv or our services when we make the change. No one wants that!
Oh no, I'm affected! What do I need to do?!?
Don't panic! All you need to do is update to a current version of Plex Media Server.
- Download the current release from https://plex.tv/downloads
- Install it
Wait, that's it?
Yup, that's it. Just update your server and then bask in the knowledge that not only are you no longer vulnerable, but you now get all kinds of fixes and new features that come with the updated server! Secure communication between your Plex apps and server, improved music features, parental controls (requires Plex Pass), and much more await you!