Log4j vulnerability


Unity is vulnerable to the log4j library zero day bug (see CVE for details). Unity 3.7.1 version will contain a fixed log4j library, however until it is installed the following workaround is necessary.

In the file conf/startup.properties add the following line towards the end of the file:

OPTS=$OPTS" -Dlog4j2.formatMsgNoLookups=true"

Server restart is required after this change.