An issue was recently identified in the Windows version of Plex Media Server (versions 1.20.5 through 1.21.1.3830), which could result in user tokens being incorrectly included in the server log files. To be clear, this only occurred in the log files when certain server events occurred and only on Windows platforms under the specific server versions.
Who Is Affected?
The only users who might have been affected by this are those who (all of the below):
-
run Plex Media Server on a Windows machine and
-
were running an affected version of the server (versions 1.20.5 through 1.21.1.3830) and
-
shared a server log file with someone else (such as attaching a log file to a forum post)
In such cases, the log file that was shared might have incorrectly included user token information. The vast majority of users will not have publicly shared such a log file and so will not be affected.
How Was it Fixed?
Starting with version 1.21.1.3876 of Plex Media Server, the issue has been resolved and user tokens are no longer unexpectedly exposed in log files when certain events occur.
To help protect users who may have shared affected log files in our forums, we’ve worked with our forum provider (Discourse) to delete all .zip and .log file attachments which were uploaded during the period when the affected versions of Plex Media Server were available.
What Should You Do?
The main thing to do is to simply update your Plex Media Server install to version 1.21.1.3876 or newer. You can always find the latest release from our Downloads page. That’s all most users will need to do.
If you want to make absolutely sure that any previous tokens you had are invalidated, you can:
-
Go to your Account page
-
Choose to change your password
-
When changing the password, enable the
Sign out connected devices after password changeoption
Doing so will sign all of your devices (both player apps and Plex Media Servers) out of your Plex account and invalidate the existing tokens. After restarting the player app or Plex Media Server, you’ll need to sign in to your Plex account fresh. See our “Sign in to Your Plex Account” article for more information.
