Page Comparison

Overview

Version 8.1.2 is a security update only. 

Some security issues have been identified in the REST APIs of the control point that is embedded in Twonky Server since 7.0This security flaw allowed an attacker to overwrite a file that is accesible by the Twonky Server with other content utilizing the “nmc/rpc/upload” or “nmc/rpc/download” APIs. 

In addition, the “rpc/backup_metadata” call could have been used to overwrite any file that is  accesible by the Twonky Server  with the Twonky Server database. This API is discontinued from 8.1.2 on, as a backup of the Twonky Server database can be done directly by a script without the need for this API.

Security Fixes

• fixed a security issue in NMC rpc API "/nmc/rpc/upload"
• fixed a security issue in NMC rpc API "/nmc/rpc/download"

Changes

• discontinued rpc call “rpc/backup_metadata” that had a security flawissues outlined in CVE-2015-6505.

Known Issues

• LG TV Series 6 does not displays video subtitle of a video when advancing automatically to the video in a queue
• Roku does not support seek for music
• SDK allows to beam media items with unsupported DLNA profiles as it only matches mime types
• Twonky Server interferes AirTunes playback with Denon AVR-4311, as workaround disabling AppleTV support with disable_dmr_plugins=1 solves this
• beaming media from Mediatomb to Samsung TV D series does not work
• multi-user content cannot be beamed to remote Twonky renderer
• changes in twonky-startup.txt does not have any effect if application is upgraded in place on iOS
• cannot beam multiple items to Xbox One