Some security issues have been identified in the REST APIs of the control point that is embedded in Twonky Server since 7.0
This security flaw allowed an attacker to overwrite a file that is accesible by the Twonky Server with other content utilizing the “nmc/rpc/upload” or “nmc/rpc/download” APIs.
In addition, the “rpc/backup_metadata” call could have been used to overwrite any file that is accesible by the Twonky Server with the Twonky Server database. This API is discontinued from 8.1.2 on, as a backup of the Twonky Server database can be done directly by a script without the need for this API.
Bug Fixes
fixed a security issue in NMC rpc API "/nmc/rpc/upload"
fixed a security issue in NMC rpc API "/nmc/rpc/download"
Changes
discontinued rpc call “rpc/backup_metadata” that had a security flaw
Known Issues
LG TV Series 6 does not displays video subtitle of a video when advancing automatically to the video in a queue
Roku does not support seek for music
SDK allows to beam media items with unsupported DLNA profiles as it only matches mime types
Twonky Server interferes AirTunes playback with Denon AVR-4311, as workaround disabling AppleTV support with disable_dmr_plugins=1 solves this
beaming media from Mediatomb to Samsung TV D series does not work
multi-user content cannot be beamed to remote Twonky renderer
changes in twonky-startup.txt does not have any effect if application is upgraded in place on iOS