Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

Version 8.1.2 is a security update only. 

Some security issues have been identified in the REST APIs of the control point that is embedded in Twonky Server since 7.0This security flaw allowed an attacker to overwrite a file that is accesible by the Twonky Server with other content utilizing the “nmc/rpc/upload” or “nmc/rpc/download” APIs. 

In addition, the “rpc/backup_metadata” call could have been used to overwrite any file that is  accesible by the Twonky Server  with the Twonky Server database. This API is discontinued from 8.1.2 on, as a backup of the Twonky Server database can be done directly by a script without the need for this API.

Bug

Security Fixes

  • fixed a security issue in NMC rpc API "/nmc/rpc/upload"
  • fixed a security issue in NMC rpc API "/nmc/rpc/download"

Changes

  • discontinued rpc call “rpc/backup_metadata” that had a security flaw

Known issues

  • LG TV Series 6 does not displays video subtitle of a video when advancing automatically to the video in a queue
  • audiobooks cannot be aggregated
  • duration calculation of MPEG2TS files is not accurate if timeseek generation is disabled
  • media item can be duplicated following a change in its metadata
  • mp4 thumbnail generation is broken
  • UPnP inspector gets confused when Twonky Server provides multiple artist tags with different roles
  • error in Mac OS logs for filedb-delete is actually only a warning; operation is not impacted
  • occasionally, Twonky license key input results in "invalid key" on Linux systems
    • workaround: remove the appdata folder and try again
  • thumbnails of some rotated images do not show up correctly in webUI
  • sometimes webUI with Opera does not show any thumbnails

QA information

CTT 2.0.3.9

MCVT 3.0.3.8

UCTT 2.0.63

LPTT 2.0.29