

I believe they are talking about this.
If you have it at all exposed to the internet, you should probally terminate it
As a summery: Multiple endpoints on the software don’t check for authentication and an unauthenticated person can retrieve your complete settings configuration including your API keys and your password and also change your current configuration, Just by sending a simple POST request.
That’s wild to me that that was something that was able to be done.







Honestly, swap background play out for queuing, and I would up dove on that so fast.
Makes no sense to give background play without music capability. and I have to admit the mobile queuing system is a godsend to the mobile YouTube experience.