I just saw on reddit that apparently huntarr is highly insecure and exploitable (including api keys and credentials for any attached *arr instances, and even more and worse things that I dont fully understand) in several different ways by anyone on the network, and potentially the internet if you expose your server. I try to ignore stupid iNtErNeT dRaMa, especially when hot off the presses like this, but the maintainer
- Banned the guy who brought up the security concerns (and did the pen testing after being banned)
- Banned and deleted posts of others who brought it up or called him out
- Made r/huntarr private
- Scrubbed and deleted his reddit account
- Deleted/privated the huntarr github
which is extremely sus, or at the very least highly undesirable behavior if genuinely not an admission of guilt from him. Ill be removing my instance out of an abundance of caution, but of course this is one guy on the internet making these claims and everyone knows people tell the truth, the whole truth and nothing but the truth on the internet at all times without fail, so its up to you to make your own decisions. Here is the thread for anyone interested which includes the entire security writeup: