How to fix vulnerable apache log4j in androidplayer SDK folder?

I recently started getting a notification from my company IT security team that I have a vulnerable Apache log4j in the following location “c:\program files\unity\hub\editor\6000.0.32f1\editor\data\playbackengines\androidplayer\sdk\cmdline-tools\6.0\lib\external\lint-psi\intellij-core\intellij-core-mvn.jar”

I updated everything related to Unity to the latest stable version but the issue persists.

How can I solve this? Thanks.

Unity 6000.1.0a7+ comes with newer cmdline-tools version 16.0.

Try to see if updating to that Unity version fixes the issue and let us know!

I installed the latest pre-release version and can see the 16.0 for the cmdline-tools.

I’ll confirm with our IT team but that should fix it.

Thank you very much!

1 Like