Unity is vulnerable to the log4j library zero day bug (see CVE for details). Unity 3.7.1 version will contain a fixed log4j library, however until it is installed the following workaround is necessary.
In the file
conf/startup.properties add the following line towards the end of the file:
Server restart is required after this change.