Twonky Server 8.1.

2
Release Notes
2015.07.14
JM Driver LLC

Copyright © 2015 by JM Driver LLC.

This document and the information contained herein is the confidential information of JM Driver LLC and is for the sole use
of the intended recipient(s). If you are not the intended recipient, please contact JM Driver LLC at the address listed below
and destroy all copies of this document. To the extent a nondisclosure agreement or other commercial agreement
(Governing Agreement) is signed and in effect between JM Driver LLC (or an authorized JM Driver LLC licensee) and the
intended recipient(s) of this document, the terms of such Governing Agreement will govern. If no Governing agreement is in
effect, then this document may not be used, reproduced or distributed without the prior written consent of JM Driver LLC,
10620 Treena St, Suite 230, San Diego, CA 92131.
Table of Contents
1 Overview ......................................................................................................................................... 3
2 Bug fixes .......................................................................................................................................... 4
3 Changes ........................................................................................................................................... 5
4 Known issues ................................................................................................................................... 6
5 QA Information ............................................................................................................................... 7

@ 2015 JM Driver Proprietary and Confidential

Twonky Server 8.1.2 Release Notes 2015.06.30

1 Overview
Version 8.1.2 is a security update only.

Some security issues have been identified in the REST APIs of the control point that is embedded in Twonky
Server since 7.0

This security flaw allowed an attacker to overwrite a file that is accessible by the Twonky Server with other
content utilizing the “nmc/rpc/upload” or “nmc/rpc/download” APIs.

In addition, the “rpc/backup_metadata” call could have been used to overwrite any file that is accessible by the
Twonky Server with the Twonky Server database. This API is discontinued from 8.1.2 on, as a backup of the
Twonky Server database can be done directly by a script without the need for this API.

3
@ 2015 JM Driver Proprietary and Confidential
Twonky Server 8.1.2 Release Notes 2015.06.30

2 Bug fixes
• fixed a security issue in NMC rpc API "/nmc/rpc/upload"
• fixed a security issue in NMC rpc API "/nmc/rpc/download"

4
@ 2015 JM Driver Proprietary and Confidential
Twonky Server 8.1.2 Release Notes 2015.06.30

3 Changes
• discontinued rpc call “rpc/backup_metadata” that had a security flaw

5
@ 2015 JM Driver Proprietary and Confidential
Twonky Server 8.1.2 Release Notes 2015.06.30

4 Known issues
• LG TV Series 6 does not displays video subtitle of a video when advancing automatically to the video
in a queue
• audiobooks cannot be aggregated
• duration calculation of MPEG2TS files is not accurate if timeseek generation is disabled
• media item can be duplicated following a change in its metadata
• mp4 thumbnail generation is broken
• UPnP inspector gets confused when Twonky Server provides multiple artist tags with different roles
• error in Mac OS logs for filedb-delete is actually only a warning; operation is not impacted
• occasionally, Twonky license key input results in "invalid key" on Linux systems
• workaround: remove the appdata folder and try again
• thumbnails of some rotated images do not show up correctly in webUI
• sometimes webUI with Opera does not show any thumbnails

6
@ 2015 JM Driver Proprietary and Confidential
Twonky Server 8.1.2 Release Notes 2015.06.30

5 QA Information
CTT 2.0.3.9
MCVT 3.0.3.8
UCTT 2.0.63
LPTT 2.0.29

7
@ 2015 JM Driver Proprietary and Confidential