diff --git a/content/blog/23-filebrowser-auth.md b/content/blog/23-filebrowser-auth.md
index 4e74b6a..62ac11c 100644
--- a/content/blog/23-filebrowser-auth.md
+++ b/content/blog/23-filebrowser-auth.md
@@ -1,5 +1,5 @@
 ---
-date: 2025-02-04
+date: 2025-03-16
 title: filebrowser auth
 description: look ma no keycloak
 tags:
@@ -84,3 +84,7 @@ References:
 - <https://stackoverflow.com/questions/724599/setting-up-an-apache-proxy-with-authentication>
 - <https://serverfault.com/questions/45278/authenticate-in-apache-via-system-account>
 - <https://serverfault.com/questions/207301/get-the-authenticated-user-under-apache>
+
+Update 2025-03-17: Don't do this until this issue is resolved: <https://github.com/filebrowser/filebrowser/issues/2658>
+
+Basically: filebrowser does all operations as root, including file creation. So even if you restrict a user to their home directory, all the files they create will belong to root. Less than ideal. I'm looking into [ifm](https://github.com/misterunknown/ifm) as an alternative.