Some security issues have been identified in the REST APIs of the control point that is embedded in Twonky Server since 7.0
This security flaw allowed an attacker to overwrite a file that is accesible by the Twonky Server with other content utilizing the “nmc/rpc/upload” or “nmc/rpc/download” APIs.
In addition, the “rpc/backup_metadata” call could have been used to overwrite any file that is accesible by the Twonky Server with the Twonky Server database. This API is discontinued from 8.1.2 on, as a backup of the Twonky Server database can be done directly by a script without the need for this API.
Bug Fixes
fixed a security issue in NMC rpc API "/nmc/rpc/upload"
fixed a security issue in NMC rpc API "/nmc/rpc/download"
Changes
discontinued rpc call “rpc/backup_metadata” that had a security flaw
Known issues
LG TV Series 6 does not displays video subtitle of a video when advancing automatically to the video in a queue
audiobooks cannot be aggregated
duration calculation of MPEG2TS files is not accurate if timeseek generation is disabled
media item can be duplicated following a change in its metadata
mp4 thumbnail generation is broken
UPnP inspector gets confused when Twonky Server provides multiple artist tags with different roles
error in Mac OS logs for filedb-delete is actually only a warning; operation is not impacted
occasionally, Twonky license key input results in "invalid key" on Linux systems
workaround: remove the appdata folder and try again
thumbnails of some rotated images do not show up correctly in webUI
sometimes webUI with Opera does not show any thumbnails