Unity Hub 3.1 Release Overview

Today Unity Hub 3.1 was released. This latest release includes a new project management feature, as well as many bug fixes and improvements. We’ve unpacked these below.

Favorite project

To make organizing your projects easier, we’ve added a favorites feature, so you can easily filter through the projects that matter most to you. You’ll see a star icon to the left of each of your projects under the ‘Projects’ tab. To favorite a project, simply select the star icon. Now you can quickly filter through your favorite projects and access them with ease.

Bug fixes and improvements

  • We’ve fixed multiple licensing-related bugs that users have reported, including:

  • Serial number activation errors - the Hub will now provide more details about activation failure

  • License files were removed after updating the Hub - the cause has been fixed.

  • When starting the Hub application, some users reported seeing a blank screen. We have fixed several causes for this issue.

  • Additionally, some users reported that the Hub crashed while updating to a new version. This issue has been fixed.

  • Users on Windows were experiencing problems downloading custom editors and modules. This issue has been resolved.

  • There was an issue that prevented Visual Studio status from updating while in the Install modal. We’ve addressed this issue.

  • We’ve improved the start-up time for users opening the Hub on Intel Mac devices.

  • We’ve added keyboard support for creating a new project.

  • Based on beta user feedback, we removed the “rename” project feature from this release and will continue to iterate.

Stay tuned for what’s next

You can keep up with all of the Hub’s new features by visiting our release notes. Find out what we are working on and share your ideas with us by viewing the Unity Hub roadmap, or leave us your feedback here.

2 Likes

I updated to Hub 3.1.0 on macOS. macOS has a feature that by default prompts the user for program-specific file access permissions. Hub asked for permissions to access the Desktop (allowed) and the OneDrive folder (rejected). It ended up creating an empty text file on the Desktop.

From a quick search, it looks like an updated Node module in this release did something.

edit: Unity Hub.app/Contents/Resources/app.asar definitely has the script that does this.

4 Likes

Why does it also include a text file called WITH-LOVE-FROM-AMERICA.txt on your desktop after you update?

maybe because it was made with love :)))

1 Like

Turns out Unity need to blacklist using node-ipc - the author has been up to some really dodgy stuff, this being the least of it - not long ago he had code in that would wipe data from Russian systems and when caught out tried backtracking massively and making light of it. !!! Please do something to warn USERS besides publishing new versions · Issue #7054 · vuejs/vue-cli (github.com)

2 Likes

Hi all,

I wanted to let you know that we’re rolling out the 3.1.1 hotfix right now to Windows, Mac, and Linux. We apologize for the inconvenience. This HotFix eliminates an issue where a 3rd party library was able to create an empty text file on the desktop of people using this release version. While it was a nuisance, the issue did not include malicious functionality. Any user that had this file appear on their desktop after updating the Unity Hub can delete this file.

Additionally, we’re working on auditing node-ipc and any other dependency so we can prevent this in the future.

6 Likes

Ah yes, the only time I update Unity Hub, it runs malicious third party code in my work computer. Never again :slight_smile:

2 Likes

There’s no way to prevent unity hub to auto update?

I mean, Its being a real pain since it updated from 2.4 to 3! I had login bugs, black window, can’t create a new project with Unity 2019.1, and now I almost wiped out my entire PC because a suspicious file appeared in the Desktop that was just a joke from some random hacktivist!

C’mon! Make the updates optional!

4 Likes

Add the choice of LIGHT theme!

#39

1 Like

Oh my god get off Electron already. The JS ecosystem is toxic, and any auditing that finds anything okay with it is broken to begin with. Nothing malicious happened this time, but somebody being able to just put a file on users desktops because you pulled in some dependency shows that you have zero control over anything, and next time it’ll be a keylogger or a bitcoin miner or whatever.

Fire all the project managers that thought this was a good idea, burn the codebase to the ground, and build a Hub from scratch in a decent environment. You have c++ engineers, you have a game engine turning into a general purpose platform. Both of those are better choices than your current garbage fire.

And it’s not like you’d lose much - you’ve been unable to deliver features of fixes for the Hub at anything else than a glacial speed since it shipped, with what seems to be several different teams and attempts at reboots. It’s just not working - not for us, not for you, not for anyone.

Hell, it’s taken you longer to make a three page app that lists folders, runs other programs, and manages a login than it takes to make a big multiplayer game.

44 Likes

How can we be sure, that this did not install the code mentioned in the link from sssembler or any other malicious functions!?

3 Likes

Today was my shipping day and thanks to this incident, it has been pushed to next Tuesday. So no you can’t be sure until you make it sure.

We are wiping the system and reverting back to a backup.

This sucks.

2 Likes

Today it created a folder with the name “WITH-LOVE-FROM-”

but tomorrow, with the squealing “Save Ukrаinе” - it will remove or encrypt something important on ALL machines with Russian-locale around the World, not only in the Russian Federation!
-and what will you do after that?

I just built and set up a new, expensive machine. Now I’m wondering if I should wipe it clean. And maybe get rid of the Hub too if it’s possible to use Unity without it.

1 Like

I’m in a similar situation, and the last thing I i have time for now is to reinstall a machine completely. :frowning: But maybe I should??

1 Like

So far it seems like it only creates the .txt file, but honestly I am also considering restoring from a backup. Would be nice if we get a more detailed statement from the unity hub devs.

1 Like

I am not going to take the chance. Can’t say for you but no one can guarantee anything. It will be a nightmare trying to fix a Steam release with a malware on it. I mean, how would I even begin…

BTW, Unity should really stop trying to hide this and post a blog announcement, send emails etc. Before something sad happens. This needs to be put on a bright neon light up in the air so that people notice it rightaway. Posting a forum reply is not enough. It took me a while to even find that post. Also, I noticed the .txt file just before I uploaded my files…so I was just lucky. Can’t say that it would be the case for many others.

I always have Kaspersky on so I am not super worried, but we did have a breach and now measures have to be taken. I have to be responsible for publicly released files. Especially if my clients are paying.

5 Likes

Right. So you use Kaspersky to shield you from (other) malware? :face_with_spiral_eyes:

that’s epic

I have the whole server/network firewalled with it so technically it should…although if signed software like Unity Hub has it…don’t know if it is still effective. Its like your security guard letting a trusted guest in but secretly he was a terrorist…

1 Like